osgirl / gulp-build-fozzie Goto Github PK

View Code? Open in Web Editor NEW

This project forked from justeat/gulp-build-fozzie

0.0 0.0 0.0 785 KB

Gulp build tasks for use across Fozzie modules

License: Other

JavaScript 100.00%

gulp-build-fozzie's Introduction

gulp-build-fozzie 🐻

Gulp build tasks for use across Fozzie modules.

Setup
- Optional setup
- Config and pathBuilder
  - Config object
  - pathBuilder object
The Gulp Tasks
- Development-only tasks
Config
- Other config
Path Builder
Running the unit tests

Setup

First, add gulp and gulp-build-fozzie as dependencies

yarn add gulp @justeat/gulp-build-fozzie

Next, inside your gulpfile.js, require the build function from @justeat/gulp-build-fozzie, then pass gulp as the first argument.

const gulp = require('gulp');
const { build } = require('@justeat/gulp-build-fozzie');

build(gulp, /*options*/);

You can optionally pass in options which will override the default config values.

That's it! You can now run any of the Gulp tasks.

Optional setup

Transpile es2015 code

To ensure that the scripts:bundle task can transpile es2015 code, add a .babelrc file, with the @babel/preset-env preset, to the root of your project:

{
    "presets": ["@babel/preset-env"]
}

If you do not add a .babelrc file (you may be writing es5 code for example) then the code will be bundled up as is.

JavaScript Linting

Add an .eslintrc file to the root of your project with the following content to use the JS linting rules we recommend when running the scripts:lint task:

{
    "extends": "@justeat/eslint-config-fozzie"
}

If you wish to extend or override these rules you can simply add them after the extends line in the .eslintrc file.

For more information on how you can configure eslint check out the documentation.

N.b. You may also find that you get an error when adding eslint which reads Parsing error: Cannot read property 'ecmaFeatures' of undefined. If you see this message, then add this to your package.json followed by running yarn install:

"resolutions": {
  "espree": "3.5.4"
}

This is a temporary fix dependent on the progress of this issue open on ESLint.

CSS Linting

To use our recommended fozzie stylelint linting rules add the following into your package.json file:

"stylelint": {
    "extends": "@justeat/stylelint-config-fozzie"
}

If you wish to extend or override these rules you can simply add them after the extends line in the package.json file.

For more information on how you can configure stylelint check out the documentation.

Config and pathBuilder

You can also access the config and pathBuilder objects which are used inside of gulp-build-fozzie by requiring them:

const { config, pathBuilder } = require('@justeat/gulp-build-fozzie');

These are exposed for convenience, and means that you do not need to manually build paths and maintain a separate config object for any custom tasks in your project. It also reduces duplication and prevents bugs which can arise from specifying incorrect paths.

`config` object

This is the config object which is used inside of gulp-build-fozzie, if you have passed any options via the build method they will be available here.

See the Options section below for the details of this object.

`pathBuilder` object

The pathBuilder object is used inside of gulp-build-fozzie in order to build the paths used in the gulp tasks.

See the Path Builder section below for details on which paths are available.

The Gulp Tasks

`css`

Runs the following tasks

scss:lint

Lint all SCSS files in the source directory — this runs before the css:bundle task.

This task will also automatically fix any errors that it can (through stylelint's autofix setting).
css:lint

Lint all CSS files in the dist directory — this runs after the css:bundle task.
clean:css

Removes any CSS already in the dist directory.
css:bundle

Performs a variety of tasks including;
- Makes environment variables available to Sass
- Pull in Eyeglass modules
- Run postcss plugins
- Minify the CSS
- Add hashed version to file name
- Output bundle to the dist directory

`scripts`

Runs the following tasks

scripts:lint

Lint all JavaScript in the source directory. This task will also attempt to automatically fix any rules via the ESLint --fix flag.
scripts:test

Runs any unit tests found in the JavaScript source directory using Jest.
scripts:test:coverage

Runs the JS unit tests and display a coverage report once complete.
clean:scripts

Removes any JavaScript already in the dist directory.
scripts:bundle

Performs a variety of tasks including;
- ES2015 transpilation using Babel
- Bundle all code into a single file
- Generate sourcemap files
- Minify the JavaScript
- Add hashed version to file name
- Output bundle to the dist directory

`logger:createFile`

Adds the server-side file required for the errorLogger to be inserted into the filesystem.

`images`

Runs the following tasks

clean:images

Removes any images already in the dist directory.
images:optimise

Optimises all images found in the source directory then copies them to the dist directory.
images:svg-sprite

Generate an SVG sprite and copy into the dist directory

It also runs the copy:img and copy:assets tasks.

`service-worker`

Runs the following tasks

service-worker:locate

Discovers scripts in the service worker directory.

service-worker:copy

Copies the worker's internal scripts to the dist directory.

service-worker:write

Generates a service worker to pre-cache the assets defined in the config.

`copy:js`, `copy:css`, `copy:img`, `copy:fonts` & `copy:docs`

Each of these tasks copies the specified set of assets from the src to the dist asset folders.

See the config section for details on how to configure these tasks.

`watch`

Runs the default task then the following watch tasks.

watch:css

Runs the css task when a CSS file is changed.

watch:scripts

Runs the scripts task when a JavaScript file is changed.

watch:scripts:test

Runs the scripts:lint and scripts:test tasks when a JavaScript unit test file is changed.

watch:images

Runs the images task when an image file is changed.

`watch:docs`

Runs the same tasks as watch as well as the following watch tasks.

watch:docs:templates

Runs the assemble task when documentation files are changed.

Development-only tasks

docs

Builds a fresh copy of any documentation found in the config.docs.rootDir directory using Assemble, then watches for any file changes and reloads the web page when changes are detected in the config.docs.distDir directory.

docs:deploy

Builds the documentation and then pushes the dist directory to the gh-pages branch.

docs:release

Pushes the documentation dist directory to the gh-pages branch.

clean:docs

Removes document files already in the docs dist directory.

copy:img:docs

Copies all of the images in the assets dist folder over to the docs dist folder.

browser-sync

Watches for changes to files and reloads a local website instance.

browser-sync:docs

Generates the documentation files then opens the docs in a local server.

assemble

Generates the documentation files.

Config

Here is the outline of the configuration options, descriptions of each are below.

{
    webRootDir,
    assetSrcDir,
    assetDistDir,
    applyRevision,
    packageVersion,
    css: {
        scssDir,
        cssDir,
        lintPaths,
        sourcemaps,
        usePackageVersion
    },
    js: {
        files: {
            main: {
                srcPath,
                distFile
            },
            …
        ],
        jsDir,
        lintPaths,
        usePackageVersion,
        stripDebug
    },
    logger: {
        dir,
        file
    },
    img: {
        imgDir,
        svgSpriteFilename
    },
    importedAssets: {
        importedAssetsSrcGlob,
        verbose
    },
    sw: {
        isEnabled,
        swDir,
        outputFile,
        staticFileGlobs,
        dynamicFileRegex,
        dynamicFileStrategy,
        importScripts,
        cacheId
    },
    copy: {
        js,
        css,
        img,
        fonts,
        docs
    },
    docs: {
        rootDir,
        srcDir,
        distDir,
        assetDir,
        templDir,
        dataDir,
        outputAssets,
        remoteBase,
        helpers,
        excludeTemplateDirs
    },
    fonts: {
      fontsDir
    },
    browserSync: {
        files,
        proxy,
        reloadDebounce
    },
    misc: {
        showFileSize,
        showFiles
    },
    gulp: {
        changeEvent,
        onError
    },
    isProduction,
    isDev
}

`webRootDir`

Type: string

Default: '.'

The root directory of your website.

`assetSrcDir`

Type: string

Default: 'src'

Root source directory for your assets.

`assetDistDir`

Type: string

Default: 'dist'

Root dist directory for your assets.

`applyRevision`

Type: boolean

Default: true

Will add a content hash to the JS and CSS filenames, generating a new filename if any of the file's contents have changed. This can be utilised to force the clients to get the latest version of an updated asset.

`packageVersion`

Type: String

Returns the current package version.

`css`

scssDir

Type: string

Default: 'scss'

The directory where your SCSS files reside.
cssDir

Type: string

Default: 'css'

The bundled CSS file will be output to this directory.
lintPaths

Type: array

Default: ['']

Allows additional paths to be included or excluded from the linting task.

By default, the task will lint all .scss files within the scssDir directory.
sourcemaps

Type: boolean

Default: isDev

Turns sourcemaps on or off.
usePackageVersion

Type: boolean

Default: false

When set to true this will bundle a versioned css file e.g 'filename-[version].css'.

`js`

files

Type: Object

Default:
```
{
    main: {
        srcPath: 'index.js',
        distFile: 'script.js'
    }
}
```
An Object, that takes one or more child objects each describing a JavaScript bundle entry point and destination. Each of these objects can have the following properties:
- srcPath
  
  Type: string
  
  Default: 'index.js'
  
  The file path to a bundle entry point in your JavaScript.
- distFile
  
  Type: string
  
  Default: 'script.js'
  
  The filename for the JavaScript bundle once compiled.
jsDir

Type: string

Default: 'js'

Name of the directory where all of your JavaScript files are kept.

Compiled JavaScript files will be placed inside a directory with the same name.
lintPaths

Type: array

Default: ['']

Allows additional paths to be included or excluded from the JS linting task.

By default, the task will lint all files within the jsDir directory.
usePackageVersion

Type: boolean

Default: false

When set to true this will bundle a versioned JS file e.g 'filename-[version].js'.
stripDebug

Type: boolean

Default: true

This can also be controlled using the --noStripDebug flag. When this flag is added, console.log() statements will not be removed for production builds.

Examples:

gulp scripts:bundle --prod --noStripDebug

This would generate the JS files as part of a production build, but would still include console.log() statements. Intended for QA releases.

gulp scripts:bundle --prod

This is a normal production build and would not include console.log() statements.

gulp scripts:bundle --noStripDebug

For non-production builds, the flag has no effect: you will still get debug statements even if include the flag.

`logger`

dir

Type: string

Default: 'js/shared'

Name of the directory where your js error logger file will live.
file

Type: string

Default: 'js-error.js'

Name of the error logger file.

`img`

imgDir

Type: string

Default: 'img'

Name of the directory where your image files are kept.

Processed image files will be placed inside a directory with the same name.
svgSpriteFilename

Type: string

Default: 'sprite.svg'

Filename of the SVG sprite which is generated from any SVG assets found in the image directory.

`importedAssets`

importedAssetsSrcGlob

Type: string

Default: 'node_modules/@justeat/*/'

Glob of packages containing assets to be copied to assetDistDir.
verbose

Type: boolean

Default: 'true'

Whether to log the names of all assets being copied. Passed on to f-copy-assets.

`sw`

isEnabled

Type: boolean

Default: false

Determines whether the service worker is generated or not.
swDir

Type: string

Default: 'sw'

Name of the directory where your service worker's custom internal scripts are kept in.

Scripts here will be placed inside a directory with the same name.
outputFile

Type: string

Default: 'service-worker.js'

The name of the generated service worker file, to be placed in the root of your application.
staticFileGlobs

Type: array

Default: []

The static files in your application to be cached by the service worker.
dynamicFileRegex

Type: array

Default: []

An array of regex to match the dynamic content or API calls to cache e.g. [/^https:\/\/example\.com\/api/, /^https:\/\/fonts.googleapis.com\/css/].
dynamicFileStrategy

Type: string

Default: cacheFirst

The cache strategy to be used for content matched by dynamicFileRegex - these correspond to the sw-toolbox handlers.
importScripts

Type: array

Default: []

Any additional internal scripts to include, aside from those in swDir.
cacheId

Type: string

Default: ''

An optional string used to differentiate caches on the same origin during local development.

`copy`

js, css img, fonts & docs

Type: Object

Default: {}

copy.js, copy.css, copy.img, copy.fonts and copy.docs each take an object list of assets in the format:
```
  copy:
    js: {
      prism: {
          path: '/libs/**/*',
          dest: '/libs',
          revision: false
      }
    }
  }
```
In which:
- path is a string specifying the path within the relevant asset src folder of the asset to be copied.
- dest is a string specifying that destination folder for the asset to be copied to, within the relevant asset dist folder.
- revision is a boolean such that if it is true, the asset will be revision hashed when copied to its destination.
path and dest must always be defined for each asset you wish to copy (except for copy:docs which uses the root docsDist path for the dest).

The object key (which in the above example is prism) of each asset is simply for your own use to identify each asset in your config.
copy:assets

Copies assets from packages to the dist directory.

`docs`

rootDir

Type: string

Default: './docs'

Root directory where your documentation files reside.

By default your source files will be searched for in docs/src, and the generated content will be output to docs/dist.
srcDir

Type: string

Default: 'src'

The source directory for your documentation template files.

By default the documentation task will use the path docs/src – with the src part of this path controlled by this config variable.
distDir

Type: string

Default: 'dist'

The directory your documentation will be compiled to.

By default the documentation task will use docs/dist – with the dist part of this path controlled by this config variable.
assetDir

Type: string

Default: 'assets/'

The directory your generated assets will be placed inside the documentation directory.

By default the documentation task will use docs/dist/assets/ – with the assets/ part of this path controlled by this config variable.
templDir

Type: string

Default: 'templates'

The name of the directory where your documentation template files are kept.
dataDir

Type: string

Default: 'data'

The name of the directory where your documentation data files are kept.
outputAssets

Type: boolean

Default: false

Indicates whether or not the JavaScript, CSS and image files should be placed into the docs/dist/assets/ directory.
remoteBase

Type: string

Default: ''

Applies a base path to asset URLs when publishing documentation to Github pages. By default this is set to be an empty string.
helpers

Type: object

Default: {}

Can pass in an object set of functions, which will be exposed in handlebars as helper functions in the documentation tasks when called using their object key.

For example:
```
{
  'toLowercase': (input) => { return input.toLowerCase(); }
}
```
Will expose the helper toLowercase so that using {{toLowercase name}} within a handlebars template will convert the handlebars string name to lowercase.
excludeTemplateDirs

Type: array

Default: ['resources']

Directory names which should be ignored when adding any shared templates to the documentation. By default the array contains known directory names which should be ignored.

`fonts`

fontsDir

Type: string

Default: 'fonts'

Name of the directory where your font files are kept.

`browserSync`

files

Type: array

Default: []

List of paths to watch for changes. Accepts globs.
proxy

Type: string

Default: ''

URL of local website instance.
reloadDebounce

Type: number

Default: 1000

Wait for a specified window of event-silence (in milliseconds) before sending any reload events.

`misc`

showFileSize

Type: boolean

Default: true

Should file sizes be displayed when a task is run?
showFiles

Type: boolean

Default: true

Should file names be displayed when a task is run?

`gulp`

changeEvent

Type: function

Event which fires when a file is modified.
onError

Type: function

Event which fires when an error occurs.

Other config

The following options are also present in the config but cannot be overridden.

isProduction

Type: boolean

Set to true when the --prod flag is passed.
isDev

Type: boolean

Set to the opposite value of isProduction.
lintModules

Type: boolean

When set to true, by setting the --lintModules flag when running the build, the build will also lint SCSS files within sub-dependencies. This is intended to help with local development when using dependency linking.

Path Builder

You can access the pathBuilder paths like this.

const { pathBuilder } = require('@justeat/gulp-build-fozzie');

gulp.task('scss', () => gulp.src(`${pathBuilder.scssSrcDir}/**`)

…

These are the paths which the pathBuilder object provides.

CSS

scssSrcDir

Default: 'src/scss'
cssDistDir

Default: 'dist/css'
jsSrcDir

Default: 'src/js'
jsDistDir

Default: 'dist/js'
imgSrcDir

Default: 'src/img'
imgDistDir

Default: 'dist/img'
importedAssetsDistDir

Default: 'dist/imported-assets'
swOutputPath

Default: '.'
swSrcDir

Default: 'src/sw'
swDistDir

Default: 'dist/sw'
docsSrcDir

Default: './docs/src'
docsDistDir

Default: './docs/dist'
docsTemplateDir

Default: './docs/src/templates'
docsDataDir

Default: './docs/src/data'
docsAssetsDistDir

Default: './docs/dist/assets/'
docsCssDistDir

Default: './docs/dist/assets/css'
docsJsDistDir

Default: './docs/dist/assets/js'
docsImgDistDir

Default: './docs/dist/assets/img'
fontsSrcDir

Default: 'src/fonts'
fontsDistDir

Default: 'dist/fonts'

Running the unit tests

To run the unit tests for the project run the yarn test script. To see the test coverage run the test:cover script.

gulp-build-fozzie's People

Contributors

gulp-build-fozzie's Issues

CVE-2018-19838 Medium Severity Vulnerability detected by WhiteSource

CVE-2018-19838 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/base.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operation.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.hpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/paths.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_unification.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/json.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/checked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass2scss.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/factory.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/value.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/callback_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/functions.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_function_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/bind.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/backtrace.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debugger.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cencode.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/number.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/c99func.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/values.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/null.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/context.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/script/test-leaks.pl
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/b64/encode.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.hpp
/gulp-build-fozzie/node_modules/node-sass/src/binding.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().

Publish Date: 2018-12-04

URL: CVE-2018-19838

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19838

Fix Resolution: 3.5.5

Step up your Open Source Security Game with WhiteSource here

CVE-2016-10540 High Severity Vulnerability detected by WhiteSource

CVE-2016-10540 - High Severity Vulnerability

Vulnerable Libraries - minimatch-2.0.10.tgz, minimatch-0.2.14.tgz

minimatch-2.0.10.tgz

a glob matcher in javascript

path: /tmp/git/gulp-build-fozzie/node_modules/gulp-filenames/node_modules/gulp/node_modules/vinyl-fs/node_modules/glob-stream/node_modules/minimatch/package.json

Library home page: http://registry.npmjs.org/minimatch/-/minimatch-2.0.10.tgz

Dependency Hierarchy:

gulp-3.9.1.tgz (Root Library)
- vinyl-fs-0.3.14.tgz
  - glob-stream-3.1.18.tgz
    - ❌ minimatch-2.0.10.tgz (Vulnerable Library)

minimatch-0.2.14.tgz

a glob matcher in javascript

path: /tmp/git/gulp-build-fozzie/node_modules/gulp-filenames/node_modules/mocha/node_modules/glob/node_modules/minimatch/package.json

Library home page: http://registry.npmjs.org/minimatch/-/minimatch-0.2.14.tgz

Dependency Hierarchy:

gulp-3.9.1.tgz (Root Library)
- vinyl-fs-0.3.14.tgz
  - glob-watcher-0.0.6.tgz
    - gaze-0.5.2.tgz
      - globule-0.1.0.tgz
        
        ❌ minimatch-0.2.14.tgz (Vulnerable Library)

Vulnerability Details

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatch(path, pattern) in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter.

Publish Date: 2018-05-31

URL: CVE-2016-10540

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/118

Release Date: 2016-06-20

Fix Resolution: Update to version 3.0.2 or later.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19797 Medium Severity Vulnerability detected by WhiteSource

CVE-2018-19797 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/base.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operation.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.hpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/paths.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_unification.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/json.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/checked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass2scss.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/factory.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/value.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/callback_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/functions.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_function_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/bind.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/backtrace.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debugger.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cencode.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/number.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/c99func.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/values.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/null.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/context.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/script/test-leaks.pl
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/b64/encode.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.hpp
/gulp-build-fozzie/node_modules/node-sass/src/binding.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-03

URL: CVE-2018-19797

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11499 High Severity Vulnerability detected by WhiteSource

CVE-2018-11499 - High Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/base.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operation.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.hpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/paths.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_unification.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/json.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/checked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass2scss.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/factory.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/value.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/callback_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/functions.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_function_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/bind.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/backtrace.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debugger.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cencode.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/number.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/c99func.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/values.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/null.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/context.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/script/test-leaks.pl
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/b64/encode.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.hpp
/gulp-build-fozzie/node_modules/node-sass/src/binding.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.

Publish Date: 2018-05-26

URL: CVE-2018-11499

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6284 Medium Severity Vulnerability detected by WhiteSource

CVE-2019-6284 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/base.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operation.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.hpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/paths.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_unification.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/json.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/checked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass2scss.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/factory.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/value.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/callback_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/functions.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_function_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/bind.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/backtrace.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debugger.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cencode.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/number.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/c99func.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/values.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/null.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/context.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/script/test-leaks.pl
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/b64/encode.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.hpp
/gulp-build-fozzie/node_modules/node-sass/src/binding.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6284

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11697 High Severity Vulnerability detected by WhiteSource

CVE-2018-11697 - High Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/base.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operation.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.hpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/paths.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_unification.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/json.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/checked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass2scss.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/factory.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/value.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/callback_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/functions.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_function_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/bind.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/backtrace.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debugger.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cencode.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/number.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/c99func.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/values.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/null.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/context.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/script/test-leaks.pl
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/b64/encode.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.hpp
/gulp-build-fozzie/node_modules/node-sass/src/binding.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11697

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20190 Medium Severity Vulnerability detected by WhiteSource

CVE-2018-20190 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/base.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operation.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.hpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/paths.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_unification.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/json.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/checked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass2scss.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/factory.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/value.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/callback_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/functions.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_function_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/bind.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/backtrace.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debugger.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cencode.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/number.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/c99func.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/values.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/null.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/context.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/script/test-leaks.pl
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/b64/encode.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.hpp
/gulp-build-fozzie/node_modules/node-sass/src/binding.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-17

URL: CVE-2018-20190

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11695 High Severity Vulnerability detected by WhiteSource

CVE-2018-11695 - High Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/base.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operation.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.hpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/paths.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_unification.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/json.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/checked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass2scss.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/factory.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/value.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/callback_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/functions.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_function_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/bind.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/backtrace.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debugger.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cencode.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/number.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/c99func.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/values.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/null.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/context.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/script/test-leaks.pl
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/b64/encode.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.hpp
/gulp-build-fozzie/node_modules/node-sass/src/binding.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11695

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2017-1000048 High Severity Vulnerability detected by WhiteSource

CVE-2017-1000048 - High Severity Vulnerability

Vulnerable Library - qs-6.2.3.tgz

A querystring parser that supports nesting and arrays, with a depth limit

path: /tmp/git/gulp-build-fozzie/node_modules/qs/package.json

Library home page: https://registry.npmjs.org/qs/-/qs-6.2.3.tgz

Dependency Hierarchy:

browser-sync-2.26.3.tgz (Root Library)
- ❌ qs-6.2.3.tgz (Vulnerable Library)

Vulnerability Details

the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash.

Publish Date: 2017-07-17

URL: CVE-2017-1000048

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: ljharb/qs@c709f6e

Release Date: 2017-03-06

Fix Resolution: Replace or update the following files: parse.js, parse.js, utils.js

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11694 High Severity Vulnerability detected by WhiteSource

CVE-2018-11694 - High Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/base.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operation.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.hpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/paths.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_unification.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/json.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/checked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass2scss.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/factory.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/value.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/callback_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/functions.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_function_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/bind.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/backtrace.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debugger.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cencode.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/number.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/c99func.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/values.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/null.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/context.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/script/test-leaks.pl
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/b64/encode.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.hpp
/gulp-build-fozzie/node_modules/node-sass/src/binding.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11694

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

WS-2019-0019 Medium Severity Vulnerability detected by WhiteSource

WS-2019-0019 - Medium Severity Vulnerability

Vulnerable Library - braces-1.8.5.tgz

Fastest brace expansion for node.js, with the most complete support for the Bash 4.3 braces specification.

path: /tmp/git/gulp-build-fozzie/node_modules/base-runtimes/node_modules/braces/package.json

Library home page: https://registry.npmjs.org/braces/-/braces-1.8.5.tgz

Dependency Hierarchy:

browser-sync-2.26.3.tgz (Root Library)
- micromatch-2.3.11.tgz
  - ❌ braces-1.8.5.tgz (Vulnerable Library)

Vulnerability Details

Version of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.

Publish Date: 2019-02-21

URL: WS-2019-0019

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/786

Release Date: 2019-02-21

Fix Resolution: 2.3.1

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19826 Medium Severity Vulnerability detected by WhiteSource

CVE-2018-19826 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/base.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operation.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.hpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/paths.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_unification.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/json.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/checked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass2scss.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/factory.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/value.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/callback_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/functions.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_function_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/bind.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/backtrace.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debugger.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cencode.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/number.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/c99func.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/values.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/null.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/context.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/script/test-leaks.pl
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/b64/encode.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.hpp
/gulp-build-fozzie/node_modules/node-sass/src/binding.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters.

Publish Date: 2018-12-03

URL: CVE-2018-19826

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6286 Medium Severity Vulnerability detected by WhiteSource

CVE-2019-6286 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/base.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operation.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.hpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/paths.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_unification.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/json.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/checked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass2scss.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/factory.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/value.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/callback_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/functions.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_function_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/bind.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/backtrace.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debugger.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cencode.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/number.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/c99func.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/values.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/null.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/context.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/script/test-leaks.pl
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/b64/encode.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.hpp
/gulp-build-fozzie/node_modules/node-sass/src/binding.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.

Publish Date: 2019-01-14

URL: CVE-2019-6286

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11693 High Severity Vulnerability detected by WhiteSource

CVE-2018-11693 - High Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/base.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operation.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.hpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/paths.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_unification.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/json.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/checked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass2scss.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/factory.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/value.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/callback_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/functions.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_function_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/bind.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/backtrace.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debugger.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cencode.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/number.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/c99func.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/values.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/null.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/context.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/script/test-leaks.pl
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/b64/encode.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.hpp
/gulp-build-fozzie/node_modules/node-sass/src/binding.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11693

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19827 High Severity Vulnerability detected by WhiteSource

CVE-2018-19827 - High Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/base.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operation.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.hpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/paths.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_unification.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/json.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/checked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass2scss.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/factory.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/value.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/callback_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/functions.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_function_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/bind.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/backtrace.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debugger.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cencode.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/number.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/c99func.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/values.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/null.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/context.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/script/test-leaks.pl
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/b64/encode.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.hpp
/gulp-build-fozzie/node_modules/node-sass/src/binding.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-12-03

URL: CVE-2018-19827

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

WS-2018-0210 Low Severity Vulnerability detected by WhiteSource

WS-2018-0210 - Low Severity Vulnerability

Vulnerable Library - lodash-1.0.2.tgz

A utility library delivering consistency, customization, performance, and extras.

path: /tmp/git/gulp-build-fozzie/node_modules/gulp-filenames/node_modules/gulp/node_modules/vinyl-fs/node_modules/glob-watcher/node_modules/gaze/node_modules/globule/node_modules/lodash/package.json

Library home page: http://registry.npmjs.org/lodash/-/lodash-1.0.2.tgz

Dependency Hierarchy:

gulp-3.9.1.tgz (Root Library)
- vinyl-fs-0.3.14.tgz
  - glob-watcher-0.0.6.tgz
    - gaze-0.5.2.tgz
      - globule-0.1.0.tgz
        
        ❌ lodash-1.0.2.tgz (Vulnerable Library)

Vulnerability Details

In the node_module "lodash" before version 4.17.11 the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects.

Publish Date: 2018-11-25

URL: WS-2018-0210

CVSS 2 Score Details (3.5)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: lodash/lodash@90e6199

Release Date: 2018-08-31

Fix Resolution: Replace or update the following files: lodash.js, test.js

Step up your Open Source Security Game with WhiteSource here

CVE-2018-16486 High Severity Vulnerability detected by WhiteSource

CVE-2018-16486 - High Severity Vulnerability

Vulnerable Library - defaults-deep-0.2.4.tgz

Like `extend` but recursively copies only the missing properties/values to the target object.

path: /tmp/git/gulp-build-fozzie/node_modules/defaults-deep/package.json

Library home page: https://registry.npmjs.org/defaults-deep/-/defaults-deep-0.2.4.tgz

Dependency Hierarchy:

assemble-0.24.3.tgz (Root Library)
- base-cli-process-0.1.19.tgz
  - base-pkg-0.2.5.tgz
    - expand-pkg-0.1.9.tgz
      - ❌ defaults-deep-0.2.4.tgz (Vulnerable Library)

Vulnerability Details

A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.

Publish Date: 2019-02-01

URL: CVE-2018-16486

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19839 Medium Severity Vulnerability detected by WhiteSource

CVE-2018-19839 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/base.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operation.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.hpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/paths.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_unification.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/json.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/checked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass2scss.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/factory.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/value.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/callback_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/functions.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_function_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/bind.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/backtrace.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debugger.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cencode.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/number.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/c99func.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/values.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/null.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/context.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/script/test-leaks.pl
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/b64/encode.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.hpp
/gulp-build-fozzie/node_modules/node-sass/src/binding.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.

Publish Date: 2018-12-04

URL: CVE-2018-19839

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19839

Fix Resolution: 3.5.5

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6283 Medium Severity Vulnerability detected by WhiteSource

CVE-2019-6283 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/base.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operation.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.hpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/paths.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_unification.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/json.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/checked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass2scss.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/factory.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/value.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/callback_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/functions.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_function_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/bind.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/backtrace.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debugger.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cencode.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/number.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/c99func.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/values.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/null.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/context.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/script/test-leaks.pl
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/b64/encode.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.hpp
/gulp-build-fozzie/node_modules/node-sass/src/binding.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6283

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-3721 Medium Severity Vulnerability detected by WhiteSource

CVE-2018-3721 - Medium Severity Vulnerability

Vulnerable Library - lodash-1.0.2.tgz

A utility library delivering consistency, customization, performance, and extras.

path: /tmp/git/gulp-build-fozzie/node_modules/gulp-filenames/node_modules/gulp/node_modules/vinyl-fs/node_modules/glob-watcher/node_modules/gaze/node_modules/globule/node_modules/lodash/package.json

Library home page: http://registry.npmjs.org/lodash/-/lodash-1.0.2.tgz

Dependency Hierarchy:

gulp-3.9.1.tgz (Root Library)
- vinyl-fs-0.3.14.tgz
  - glob-watcher-0.0.6.tgz
    - gaze-0.5.2.tgz
      - globule-0.1.0.tgz
        
        ❌ lodash-1.0.2.tgz (Vulnerable Library)

Vulnerability Details

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.

Publish Date: 2018-06-07

URL: CVE-2018-3721

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-3721

Release Date: 2018-06-07

Fix Resolution: 4.17.5

Step up your Open Source Security Game with WhiteSource here

CVE-2018-16487 High Severity Vulnerability detected by WhiteSource

CVE-2018-16487 - High Severity Vulnerability

Vulnerable Library - lodash-1.0.2.tgz

A utility library delivering consistency, customization, performance, and extras.

path: /tmp/git/gulp-build-fozzie/node_modules/gulp-filenames/node_modules/gulp/node_modules/vinyl-fs/node_modules/glob-watcher/node_modules/gaze/node_modules/globule/node_modules/lodash/package.json

Library home page: http://registry.npmjs.org/lodash/-/lodash-1.0.2.tgz

Dependency Hierarchy:

gulp-3.9.1.tgz (Root Library)
- vinyl-fs-0.3.14.tgz
  - glob-watcher-0.0.6.tgz
    - gaze-0.5.2.tgz
      - globule-0.1.0.tgz
        
        ❌ lodash-1.0.2.tgz (Vulnerable Library)

Vulnerability Details

A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.

Publish Date: 2019-02-01

URL: CVE-2018-16487

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16487

Release Date: 2019-02-01

Fix Resolution: 4.17.11

Step up your Open Source Security Game with WhiteSource here

WS-2018-0076 Medium Severity Vulnerability detected by WhiteSource

WS-2018-0076 - Medium Severity Vulnerability

Vulnerable Library - tunnel-agent-0.4.3.tgz

HTTP proxy tunneling agent. Formerly part of mikeal/request, now a standalone module.

path: /tmp/git/gulp-build-fozzie/node_modules/caw/node_modules/tunnel-agent/package.json

Library home page: https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.4.3.tgz

Dependency Hierarchy:

gulp-imagemin-4.1.0.tgz (Root Library)
- imagemin-gifsicle-5.2.0.tgz
  - gifsicle-3.0.4.tgz
    - bin-build-2.2.0.tgz
      - download-4.4.3.tgz
        
        caw-1.2.0.tgz
        
        ❌ tunnel-agent-0.4.3.tgz (Vulnerable Library)

Vulnerability Details

Versions of tunnel-agent before 0.6.0 are vulnerable to memory exposure.

This is exploitable if user supplied input is provided to the auth value and is a number.

Publish Date: 2018-04-25

URL: WS-2018-0076

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/598

Release Date: 2018-01-27

Fix Resolution: 0.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11698 High Severity Vulnerability detected by WhiteSource

CVE-2018-11698 - High Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/base.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operation.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.hpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/error_handling.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/emitter.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/output.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/paths.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_unification.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/json.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/units.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8/checked.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/listize.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/prelexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass2scss.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/eval.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/expand.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/factory.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/boolean.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/source_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/value.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/gulp-build-fozzie/node_modules/node-sass/src/callback_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/node.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/operators.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/parser.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/constants.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/list.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cssize.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/functions.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/util.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_function_bridge.cpp
/gulp-build-fozzie/node_modules/node-sass/src/custom_importer_bridge.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/bind.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/inspect.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/backtrace.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/extend.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debugger.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/cencode.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/number.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/color.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/c99func.c
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/position.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_values.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/values.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/null.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/ast.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/include/sass/context.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/color_maps.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_context_wrapper.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/script/test-leaks.pl
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/lexer.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_c.hpp
/gulp-build-fozzie/node_modules/node-sass/src/sass_types/map.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/to_value.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/b64/encode.h
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/file.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/environment.hpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/plugins.hpp
/gulp-build-fozzie/node_modules/node-sass/src/binding.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/sass_context.cpp
/gulp-build-fozzie/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11698

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

osgirl / gulp-build-fozzie Goto Github PK

gulp-build-fozzie's Introduction

gulp-build-fozzie 🐻

Contents

Setup

Optional setup

Transpile es2015 code

JavaScript Linting

CSS Linting

Config and pathBuilder

config object

pathBuilder object

The Gulp Tasks

css

scss:lint

css:lint

clean:css

css:bundle

scripts

scripts:lint

scripts:test

scripts:test:coverage

clean:scripts

scripts:bundle

logger:createFile

images

clean:images

images:optimise

images:svg-sprite

service-worker

service-worker:locate

service-worker:copy

service-worker:write

copy:js, copy:css, copy:img, copy:fonts & copy:docs

watch

watch:css

watch:scripts

watch:scripts:test

watch:images

watch:docs

watch:docs:templates

Development-only tasks

docs

docs:deploy

docs:release

clean:docs

copy:img:docs

browser-sync

browser-sync:docs

assemble

Config

webRootDir

assetSrcDir

assetDistDir

applyRevision

packageVersion

css

scssDir

cssDir

lintPaths

sourcemaps

usePackageVersion

js

files

srcPath

distFile

jsDir

lintPaths

usePackageVersion

stripDebug

Examples:

logger

dir

file

img

imgDir

svgSpriteFilename

importedAssets

importedAssetsSrcGlob

verbose

`config` object

`pathBuilder` object

`css`

`scss:lint`

`css:lint`

`clean:css`

`css:bundle`

`scripts`

`scripts:lint`

`scripts:test`

`scripts:test:coverage`

`clean:scripts`

`scripts:bundle`

`logger:createFile`

`images`

`clean:images`

`images:optimise`

`images:svg-sprite`

`service-worker`

`service-worker:locate`

`service-worker:copy`

`service-worker:write`

`copy:js`, `copy:css`, `copy:img`, `copy:fonts` & `copy:docs`

`watch`

`watch:css`

`watch:scripts`

`watch:scripts:test`

`watch:images`

`watch:docs`

`watch:docs:templates`

`docs`

`docs:deploy`

`docs:release`

`clean:docs`

`copy:img:docs`

`browser-sync`

`browser-sync:docs`

`assemble`

`webRootDir`

`assetSrcDir`

`assetDistDir`

`applyRevision`

`packageVersion`

`css`

`scssDir`

`cssDir`

`lintPaths`

`sourcemaps`

`usePackageVersion`

`js`

`files`

`srcPath`

`distFile`

`jsDir`

`lintPaths`

`usePackageVersion`

`stripDebug`

`logger`

`dir`

`file`

`img`

`imgDir`

`svgSpriteFilename`

`importedAssets`

`importedAssetsSrcGlob`

`verbose`

`sw`

`isEnabled`

`swDir`

`outputFile`

`staticFileGlobs`

`dynamicFileRegex`

`dynamicFileStrategy`

`importScripts`

`cacheId`

`copy`

`js`, `css` `img`, `fonts` & `docs`

`copy:assets`

`docs`

`rootDir`