Giter Club home page Giter Club logo

next-tour-2018's Introduction

Nutanix .Next on Tour App site (2018 Edition)

A simple website in node js to demonstrate Calm blueprint.

Setup

npm i
npm run build
npm start

# development mode (watches for source changes)
npm run watch

next-tour-2018's People

Contributors

tuxtof avatar bengourley avatar acosteseque avatar sthiramany avatar

Watchers

avatar James Cloos avatar avatar avatar

Forkers

jpraveleau2 pmdiallo jlnmoulin thegrelot

next-tour-2018's Issues

WS-2018-0068 High Severity Vulnerability detected by WhiteSource

WS-2018-0068 - High Severity Vulnerability

Vulnerable Library - constantinople-3.0.2.tgz

Determine whether a JavaScript expression evaluates to a constant (using UglifyJS)

path: /next-tour-2018/node_modules/constantinople/package.json

Library home page: http://registry.npmjs.org/constantinople/-/constantinople-3.0.2.tgz

Dependency Hierarchy:

  • constantinople-3.0.2.tgz (Vulnerable Library)

Vulnerability Details

Versions of constantinople prior to 3.1.1 are vulnerable to a sandbox bypass which can lead to arbitrary code execution.

Publish Date: 2018-04-21

URL: WS-2018-0068

CVSS 2 Score Details (10.0)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

WS-2015-0024 High Severity Vulnerability detected by WhiteSource

WS-2015-0024 - High Severity Vulnerability

Vulnerable Library - uglify-js-2.2.5.tgz

JavaScript parser, mangler/compressor and beautifier toolkit

path: /next-tour-2018/node_modules/transformers/node_modules/uglify-js/package.json

Library home page: http://registry.npmjs.org/uglify-js/-/uglify-js-2.2.5.tgz

Dependency Hierarchy:

  • uglify-js-2.2.5.tgz (Vulnerable Library)

Vulnerability Details

UglifyJS versions 2.4.23 and earlier are affected by a vulnerability which allows a specially crafted Javascript file to have altered functionality after minification.

Publish Date: 2015-08-24

URL: WS-2015-0024

CVSS 2 Score Details (8.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/39

Release Date: 2015-08-24

Fix Resolution: Upgrade UglifyJS to version >= 2.4.24.

Step up your Open Source Security Game with WhiteSource here

WS-2015-0017 Medium Severity Vulnerability detected by WhiteSource

WS-2015-0017 - Medium Severity Vulnerability

Vulnerable Library - uglify-js-2.2.5.tgz

JavaScript parser, mangler/compressor and beautifier toolkit

path: /next-tour-2018/node_modules/transformers/node_modules/uglify-js/package.json

Library home page: http://registry.npmjs.org/uglify-js/-/uglify-js-2.2.5.tgz

Dependency Hierarchy:

  • uglify-js-2.2.5.tgz (Vulnerable Library)

Vulnerability Details

Uglify-js is vulnerable to regular expression denial of service (ReDoS) when certain types of input is passed into .parse().

Publish Date: 2015-10-24

URL: WS-2015-0017

CVSS 2 Score Details (5.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/48

Release Date: 2015-10-24

Fix Resolution: Update to version 2.6.0 or later

Step up your Open Source Security Game with WhiteSource here

CVE-2016-10540 High Severity Vulnerability detected by WhiteSource

CVE-2016-10540 - High Severity Vulnerability

Vulnerable Library - minimatch-0.3.0.tgz

a glob matcher in javascript

path: /next-tour-2018/node_modules/glob/node_modules/minimatch/package.json

Library home page: http://registry.npmjs.org/minimatch/-/minimatch-0.3.0.tgz

Dependency Hierarchy:

  • minimatch-0.3.0.tgz (Vulnerable Library)

Vulnerability Details

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatch(path, pattern) in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter.

Publish Date: 2018-05-31

URL: CVE-2016-10540

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/118

Release Date: 2016-06-20

Fix Resolution: Update to version 3.0.2 or later.

Step up your Open Source Security Game with WhiteSource here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.