Giter Club home page Giter Club logo

signin-signup's Introduction

Hey there

Yash's LinkdeIN Yash's Email Yash Handa | Twitter Yash's Telegram


Hi, I'm Yash Handa, a Full Stack Developer ๐Ÿš€ from India, currently, I'm looking for NEW OPPORTUNITIES and have previously worked as a Golang Developer ๐Ÿ™๐Ÿฝโ€โ™‚๏ธ @wednesday-solutions, Core collaborator ๐Ÿ‘จ๐Ÿฝโ€๐Ÿ’ผ@Node.js, One of the maintainer of DOM @WHATWG, and a member of @GDG Cloud New Delhi. Beside's programming, I enjoy traveling and reading.

GIF

Talking about Personal Stuffs:

  • ๐Ÿ‘จ๐Ÿฝโ€๐Ÿ’ป Iโ€™m currently working on something cool ๐Ÿ˜‰;
  • ๐ŸŒฑ Iโ€™m currently practicing Golang and Micro Services;
  • ๐Ÿ’ฌ Ask me about anything, I am happy to help;
  • ๐Ÿ“ซ How to reach me: @yashHanda98;
  • ๐Ÿ“Resume

Languages and Tools:

Languages: Go JavaScript C++

Stats

Web Front End: React CSS3 Webpack Gatsby

Back End: Node.js Redis Kafka RabbitMQ Go-Gin Apollo

Databases: PostgreSQL MySQL MongoDB

APIs: GraphQL gRPC Rest

Dev-Ops (in progress): Docker Kubernetes Git Linux Bash

signin-signup's People

Contributors

codacy-badger avatar dependabot-support avatar imgbotapp avatar yash-handa avatar

Watchers

avatar

signin-signup's Issues

WS-2019-0032 (Medium) detected in js-yaml-3.12.2.tgz

WS-2019-0032 - Medium Severity Vulnerability

Vulnerable Library - js-yaml-3.12.2.tgz

YAML 1.2 parser and serializer

Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.12.2.tgz

Path to dependency file: /SignIn-SignUp/package.json

Path to vulnerable library: /tmp/git/SignIn-SignUp/node_modules/js-yaml/package.json

Dependency Hierarchy:

  • eslint-5.15.1.tgz (Root Library)
    • โŒ js-yaml-3.12.2.tgz (Vulnerable Library)

Found in HEAD commit: 8bae3bfcf29c1107482dfc83725d06fdcb065f5d

Vulnerability Details

Versions js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

Publish Date: 2019-03-26

URL: WS-2019-0032

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/788/versions

Release Date: 2019-03-26

Fix Resolution: 3.13.0

Step up your Open Source Security Game with WhiteSource here

WS-2019-0064 (High) detected in handlebars-4.0.5.tgz

WS-2019-0064 - High Severity Vulnerability

Vulnerable Library - handlebars-4.0.5.tgz

Handlebars provides the power necessary to let you build semantic templates effectively with no frustration

Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.0.5.tgz

Path to dependency file: /SignIn-SignUp/package.json

Path to vulnerable library: /tmp/git/SignIn-SignUp/node_modules/handlebars/package.json

Dependency Hierarchy:

  • hbs-4.0.1.tgz (Root Library)
    • โŒ handlebars-4.0.5.tgz (Vulnerable Library)

Found in HEAD commit: 8bae3bfcf29c1107482dfc83725d06fdcb065f5d

Vulnerability Details

Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.

Publish Date: 2019-04-30

URL: WS-2019-0064

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/755/versions

Release Date: 2019-04-30

Fix Resolution: 1.0.6-2,4.0.14,4.1.2

Step up your Open Source Security Game with WhiteSource here

WS-2019-0063 (High) detected in js-yaml-3.12.2.tgz

WS-2019-0063 - High Severity Vulnerability

Vulnerable Library - js-yaml-3.12.2.tgz

YAML 1.2 parser and serializer

Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.12.2.tgz

Path to dependency file: /SignIn-SignUp/package.json

Path to vulnerable library: /tmp/git/SignIn-SignUp/node_modules/js-yaml/package.json

Dependency Hierarchy:

  • eslint-5.15.1.tgz (Root Library)
    • โŒ js-yaml-3.12.2.tgz (Vulnerable Library)

Found in HEAD commit: 8bae3bfcf29c1107482dfc83725d06fdcb065f5d

Vulnerability Details

Js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file.

Publish Date: 2019-04-30

URL: WS-2019-0063

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/813

Release Date: 2019-04-30

Fix Resolution: 3.13.1

Step up your Open Source Security Game with WhiteSource here

WS-2019-0047 (Medium) detected in tar-4.4.1.tgz

WS-2019-0047 - Medium Severity Vulnerability

Vulnerable Library - tar-4.4.1.tgz

tar for node

Library home page: https://registry.npmjs.org/tar/-/tar-4.4.1.tgz

Dependency Hierarchy:

  • eslint-watch-4.0.2.tgz (Root Library)
    • chokidar-2.0.4.tgz
      • fsevents-1.2.4.tgz
        • node-pre-gyp-0.10.0.tgz
          • โŒ tar-4.4.1.tgz (Vulnerable Library)

Found in HEAD commit: 8bae3bfcf29c1107482dfc83725d06fdcb065f5d

Vulnerability Details

Versions of node-tar prior to 4.4.2 are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file.

Publish Date: 2019-04-05

URL: WS-2019-0047

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/803

Release Date: 2019-04-05

Fix Resolution: 4.4.2

Step up your Open Source Security Game with WhiteSource here

CVE-2019-10742 (Medium) detected in axios-0.17.1.tgz

CVE-2019-10742 - Medium Severity Vulnerability

Vulnerable Library - axios-0.17.1.tgz

Promise based HTTP client for the browser and node.js

Library home page: https://registry.npmjs.org/axios/-/axios-0.17.1.tgz

Path to dependency file: /SignIn-SignUp/package.json

Path to vulnerable library: /tmp/git/SignIn-SignUp/node_modules/axios/package.json

Dependency Hierarchy:

  • localtunnel-1.9.1.tgz (Root Library)
    • โŒ axios-0.17.1.tgz (Vulnerable Library)

Found in HEAD commit: ded17e97eeafc2240b02cf0231efb5073700786d

Vulnerability Details

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.

Publish Date: 2019-05-07

URL: CVE-2019-10742

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.