cloudnetservice / website Goto Github PK
View Code? Open in Web Editor NEWHome Page: https://cloudnetservice.eu
License: Apache License 2.0
Home Page: https://cloudnetservice.eu
License: Apache License 2.0
Lightweight, robust, elegant syntax highlighting. A spin-off project from Dabblet.
Library home page: https://registry.npmjs.org/prismjs/-/prismjs-1.24.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/prismjs/package.json
Dependency Hierarchy:
Found in base branch: development
prism is vulnerable to Inefficient Regular Expression Complexity
Publish Date: 2021-09-15
URL: CVE-2021-3801
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-3801
Release Date: 2021-09-15
Fix Resolution (prismjs): 1.25.0
Direct dependency fix Resolution (@docusaurus/preset-classic): 2.0.0-beta.10
Step up your Open Source Security Game with Mend here
Vulnerabilities
DepShield reports that this application's usage of debug:2.6.9 results in the following vulnerability(s):
Occurrences
debug:2.6.9 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/core:2.0.0-alpha.74
└─ detect-port:1.3.0
└─ debug:2.6.9
└─ express:4.17.1
└─ body-parser:1.19.0
└─ debug:2.6.9
└─ debug:2.6.9
└─ finalhandler:1.1.2
└─ debug:2.6.9
└─ send:0.17.1
└─ debug:2.6.9
└─ react-dev-utils:11.0.4
└─ detect-port-alt:1.1.6
└─ debug:2.6.9
└─ webpack:4.46.0
└─ micromatch:3.1.10
└─ extglob:2.0.4
└─ expand-brackets:2.1.4
└─ debug:2.6.9
└─ snapdragon:0.8.2
└─ debug:2.6.9
└─ webpack-dev-server:3.11.2
└─ compression:1.7.4
└─ debug:2.6.9
└─ serve-index:1.9.1
└─ debug:2.6.9
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of kind-of:5.1.0 results in the following vulnerability(s):
Occurrences
kind-of:5.1.0 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/core:2.0.0-alpha.74
└─ webpack:4.46.0
└─ micromatch:3.1.10
└─ snapdragon:0.8.2
└─ define-property:0.2.5
└─ is-descriptor:0.1.6
└─ kind-of:5.1.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Extract the non-magic parent path from a glob string.
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/glob-parent/package.json
Dependency Hierarchy:
Found in base branch: development
The package glob-parent before 6.0.1 are vulnerable to Regular Expression Denial of Service (ReDoS)
Publish Date: 2021-06-22
URL: CVE-2021-35065
Base Score Metrics:
Step up your Open Source Security Game with Mend here
JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.
Library home page: https://registry.npmjs.org/node-forge/-/node-forge-0.10.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/node-forge/package.json
Dependency Hierarchy:
Found in base branch: development
forge is vulnerable to URL Redirection to Untrusted Site
Publish Date: 2022-01-06
URL: CVE-2022-0122
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-gf8q-jrpm-jvxq
Release Date: 2022-01-06
Fix Resolution: node-forge - 1.0.0
Step up your Open Source Security Game with Mend here
Normalize a URL
Library home page: https://registry.npmjs.org/normalize-url/-/normalize-url-4.5.0.tgz
Path to dependency file: website/package.json
Path to vulnerable library: website/node_modules/normalize-url
Dependency Hierarchy:
Found in HEAD commit: 3311ea7d24513020d38449a1169a68ad84daa95e
Found in base branch: development
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.
Publish Date: 2021-05-24
URL: CVE-2021-33502
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33502
Release Date: 2021-05-24
Fix Resolution: normalize-url - 4.5.1, 5.3.1, 6.0.1
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of lodash.flow:3.5.0 results in the following vulnerability(s):
Occurrences
lodash.flow:3.5.0 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/preset-classic:2.0.0-alpha.74
└─ @docusaurus/plugin-debug:2.0.0-alpha.74
└─ react-json-view:1.21.3
└─ react-base16-styling:0.6.0
└─ lodash.flow:3.5.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of lodash.pick:4.4.0 results in the following vulnerability(s):
Occurrences
lodash.pick:4.4.0 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/core:2.0.0-alpha.74
└─ @endiliey/static-site-generator-webpack-plugin:4.0.0
└─ cheerio:0.22.0
└─ lodash.pick:4.4.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of ini:1.3.8 results in the following vulnerability(s):
Occurrences
ini:1.3.8 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/core:2.0.0-alpha.74
└─ react-dev-utils:11.0.4
└─ global-modules:2.0.0
└─ global-prefix:3.0.0
└─ ini:1.3.8
└─ update-notifier:5.1.0
└─ latest-version:5.1.0
└─ package-json:6.5.0
└─ registry-auth-token:4.2.1
└─ rc:1.2.8
└─ ini:1.3.8
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
a CSS selector parser
Library home page: https://registry.npmjs.org/css-what/-/css-what-3.4.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/css-what/package.json
Dependency Hierarchy:
Found in HEAD commit: 3311ea7d24513020d38449a1169a68ad84daa95e
Found in base branch: development
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
Publish Date: 2021-05-28
URL: CVE-2021-33587
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33587
Release Date: 2021-05-28
Fix Resolution: css-what - 5.0.1
Step up your Open Source Security Game with Mend here
Vulnerabilities
DepShield reports that this application's usage of lodash.bind:4.2.1 results in the following vulnerability(s):
Occurrences
lodash.bind:4.2.1 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/core:2.0.0-alpha.74
└─ @endiliey/static-site-generator-webpack-plugin:4.0.0
└─ cheerio:0.22.0
└─ lodash.bind:4.2.1
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Strips glob magic from a string to provide the parent directory path
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz
Path to dependency file: website/package.json
Path to vulnerable library: website/node_modules/glob-parent/package.json
Dependency Hierarchy:
Found in HEAD commit: 3311ea7d24513020d38449a1169a68ad84daa95e
Found in base branch: development
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
Publish Date: 2021-06-03
URL: CVE-2020-28469
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28469
Release Date: 2021-06-03
Fix Resolution: glob-parent - 5.1.2
Step up your Open Source Security Game with WhiteSource here
Trim string whitespace
Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/trim/package.json
Dependency Hierarchy:
Found in HEAD commit: 3311ea7d24513020d38449a1169a68ad84daa95e
Found in base branch: development
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Publish Date: 2020-10-27
URL: CVE-2020-7753
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-10-27
Fix Resolution (trim): 0.0.3
Direct dependency fix Resolution (eslint-plugin-mdx): 2.0.0-next.0
Step up your Open Source Security Game with Mend here
JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.
Library home page: https://registry.npmjs.org/node-forge/-/node-forge-0.10.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/node-forge/package.json
Dependency Hierarchy:
Found in base branch: development
The forge.debug API had a potential prototype pollution issue if called with untrusted input. The API was only used for internal debug purposes in a safe way and never documented or advertised. It is suspected that uses of this API, if any exist, would likely not have used untrusted inputs in a vulnerable way.
Publish Date: 2022-01-08
URL: WS-2022-0008
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-5rrq-pxf6-6jx5
Release Date: 2022-01-08
Fix Resolution: node-forge - 1.0.0
Step up your Open Source Security Game with Mend here
An abstract-encoding compliant module for encoding / decoding DNS packets
Library home page: https://registry.npmjs.org/dns-packet/-/dns-packet-1.3.1.tgz
Path to dependency file: website/package.json
Path to vulnerable library: website/node_modules/dns-packet
Dependency Hierarchy:
Found in HEAD commit: 3311ea7d24513020d38449a1169a68ad84daa95e
Found in base branch: development
This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.
Publish Date: 2021-05-20
URL: CVE-2021-23386
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23386
Release Date: 2021-05-20
Fix Resolution: dns-packet - 5.2.2
Step up your Open Source Security Game with WhiteSource here
Small footprint URL parser that works seamlessly across Node.js and browser environments
Library home page: https://registry.npmjs.org/url-parse/-/url-parse-1.5.1.tgz
Path to dependency file: website/package.json
Path to vulnerable library: website/node_modules/url-parse/package.json
Dependency Hierarchy:
Found in HEAD commit: 2b2b277f6943a3d596606e9558b19fe6aaef3f58
Found in base branch: development
url-parse is vulnerable to URL Redirection to Untrusted Site
Publish Date: 2021-07-26
URL: CVE-2021-3664
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3664
Release Date: 2021-07-26
Fix Resolution: url-parse - 1.5.2
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of lodash.debounce:4.0.8 results in the following vulnerability(s):
Occurrences
lodash.debounce:4.0.8 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/core:2.0.0-alpha.74
└─ @babel/plugin-transform-runtime:7.13.15
└─ babel-plugin-polyfill-corejs2:0.2.0
└─ @babel/helper-define-polyfill-provider:0.2.0
└─ lodash.debounce:4.0.8
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of q:1.5.1 results in the following vulnerability(s):
Occurrences
q:1.5.1 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/core:2.0.0-alpha.74
└─ @svgr/webpack:5.5.0
└─ @svgr/plugin-svgo:5.5.0
└─ svgo:1.3.2
└─ coa:2.0.2
└─ q:1.5.1
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Promise based HTTP client for the browser and node.js
Library home page: https://registry.npmjs.org/axios/-/axios-0.21.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/axios/package.json
Dependency Hierarchy:
Found in base branch: development
axios is vulnerable to Inefficient Regular Expression Complexity
Publish Date: 2021-08-31
URL: CVE-2021-3749
Base Score Metrics:
Type: Upgrade version
Origin: https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31/
Release Date: 2021-08-31
Fix Resolution: axios - 0.21.2
Step up your Open Source Security Game with Mend here
Vulnerabilities
DepShield reports that this application's usage of lodash.toarray:4.4.0 results in the following vulnerability(s):
Occurrences
lodash.toarray:4.4.0 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/preset-classic:2.0.0-alpha.74
└─ @docusaurus/plugin-content-blog:2.0.0-alpha.74
└─ @docusaurus/mdx-loader:2.0.0-alpha.74
└─ remark-emoji:2.2.0
└─ node-emoji:1.10.0
└─ lodash.toarray:4.4.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of kind-of:3.2.2 results in the following vulnerability(s):
Occurrences
kind-of:3.2.2 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/core:2.0.0-alpha.74
└─ react-dev-utils:11.0.4
└─ fork-ts-checker-webpack-plugin:4.1.6
└─ micromatch:3.1.10
└─ braces:2.3.2
└─ fill-range:4.0.0
└─ is-number:3.0.0
└─ kind-of:3.2.2
└─ webpack:4.46.0
└─ watchpack:1.7.5
└─ watchpack-chokidar2:2.0.1
└─ chokidar:2.1.8
└─ braces:2.3.2
└─ fill-range:4.0.0
└─ is-number:3.0.0
└─ kind-of:3.2.2
└─ micromatch:3.1.10
└─ snapdragon:0.8.2
└─ base:0.11.2
└─ cache-base:1.0.1
└─ has-value:1.0.0
└─ has-values:1.0.0
└─ is-number:3.0.0
└─ kind-of:3.2.2
└─ to-object-path:0.3.0
└─ kind-of:3.2.2
└─ class-utils:0.3.6
└─ static-extend:0.1.2
└─ object-copy:0.1.0
└─ kind-of:3.2.2
└─ define-property:0.2.5
└─ is-descriptor:0.1.6
└─ is-accessor-descriptor:0.1.6
└─ kind-of:3.2.2
└─ is-data-descriptor:0.1.4
└─ kind-of:3.2.2
└─ braces:2.3.2
└─ snapdragon-node:2.1.1
└─ snapdragon-util:3.0.1
└─ kind-of:3.2.2
└─ fill-range:4.0.0
└─ is-number:3.0.0
└─ kind-of:3.2.2
└─ webpack-dev-server:3.11.2
└─ http-proxy-middleware:0.19.1
└─ micromatch:3.1.10
└─ braces:2.3.2
└─ fill-range:4.0.0
└─ is-number:3.0.0
└─ kind-of:3.2.2
└─ chokidar:2.1.8
└─ braces:2.3.2
└─ fill-range:4.0.0
└─ is-number:3.0.0
└─ kind-of:3.2.2
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js
Library home page: https://registry.npmjs.org/ws/-/ws-7.4.5.tgz
Path to dependency file: website/package.json
Path to vulnerable library: website/node_modules/ws
Dependency Hierarchy:
Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js
Library home page: https://registry.npmjs.org/ws/-/ws-6.2.1.tgz
Path to dependency file: website/package.json
Path to vulnerable library: website/node_modules/ws
Dependency Hierarchy:
Found in HEAD commit: 3311ea7d24513020d38449a1169a68ad84daa95e
Found in base branch: development
ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol
header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected] (websockets/ws@00c425e). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the --max-http-header-size=size
and/or the maxHeaderSize
options.
Publish Date: 2021-05-25
URL: CVE-2021-32640
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-6fc8-4gx4-v693
Release Date: 2021-05-25
Fix Resolution: ws - 7.4.6
Step up your Open Source Security Game with WhiteSource here
Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset
Library home page: https://registry.npmjs.org/browserslist/-/browserslist-4.14.2.tgz
Path to dependency file: website/package.json
Path to vulnerable library: website/node_modules/browserslist/package.json
Dependency Hierarchy:
Found in HEAD commit: 3311ea7d24513020d38449a1169a68ad84daa95e
Found in base branch: development
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
Publish Date: 2021-04-28
URL: CVE-2021-23364
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23364
Release Date: 2021-04-28
Fix Resolution: browserslist - 4.16.5
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of lodash.some:4.6.0 results in the following vulnerability(s):
Occurrences
lodash.some:4.6.0 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/core:2.0.0-alpha.74
└─ @endiliey/static-site-generator-webpack-plugin:4.0.0
└─ cheerio:0.22.0
└─ lodash.some:4.6.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Lightweight, robust, elegant syntax highlighting. A spin-off project from Dabblet.
Library home page: https://registry.npmjs.org/prismjs/-/prismjs-1.23.0.tgz
Path to dependency file: website/package.json
Path to vulnerable library: website/node_modules/prismjs
Dependency Hierarchy:
Found in base branch: development
Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight. This problem has been fixed in Prism v1.24. As a workaround, do not use ASCIIDoc or ERB to highlight untrusted text. Other languages are not affected and can be used to highlight untrusted text.
Publish Date: 2021-06-28
URL: CVE-2021-32723
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-gj77-59wh-66hg
Release Date: 2021-06-28
Fix Resolution: prismjs - 1.24.0
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of lodash.foreach:4.5.0 results in the following vulnerability(s):
Occurrences
lodash.foreach:4.5.0 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/core:2.0.0-alpha.74
└─ @endiliey/static-site-generator-webpack-plugin:4.0.0
└─ cheerio:0.22.0
└─ lodash.foreach:4.5.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Strips glob magic from a string to provide the parent directory path
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz
Path to dependency file: website/package.json
Path to vulnerable library: website/node_modules/glob-parent
Dependency Hierarchy:
Found in base branch: development
Regular Expression Denial of Service (ReDoS) vulnerability was found in glob-parent before 5.1.2.
Publish Date: 2021-01-27
URL: WS-2021-0154
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2
Release Date: 2021-01-27
Fix Resolution: glob-parent - 5.1.2
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of lodash.map:4.6.0 results in the following vulnerability(s):
Occurrences
lodash.map:4.6.0 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/core:2.0.0-alpha.74
└─ @endiliey/static-site-generator-webpack-plugin:4.0.0
└─ cheerio:0.22.0
└─ lodash.map:4.6.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of lodash.filter:4.6.0 results in the following vulnerability(s):
Occurrences
lodash.filter:4.6.0 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/core:2.0.0-alpha.74
└─ @endiliey/static-site-generator-webpack-plugin:4.0.0
└─ cheerio:0.22.0
└─ lodash.filter:4.6.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Create your next immutable state by mutating the current one
Library home page: https://registry.npmjs.org/immer/-/immer-8.0.1.tgz
Path to dependency file: website/package.json
Path to vulnerable library: website/node_modules/immer/package.json
Dependency Hierarchy:
Found in base branch: development
This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition (p === "proto" || p === "constructor") in applyPatches_ returns false if p is ['proto'] (or ['constructor']). The === operator (strict equality operator) returns false if the operands have different type.
Publish Date: 2021-09-01
URL: CVE-2021-23436
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23436
Release Date: 2021-09-01
Fix Resolution: immer - 9.0.6
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of lodash.reduce:4.6.0 results in the following vulnerability(s):
Occurrences
lodash.reduce:4.6.0 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/core:2.0.0-alpha.74
└─ @endiliey/static-site-generator-webpack-plugin:4.0.0
└─ cheerio:0.22.0
└─ lodash.reduce:4.6.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
The project could not be analyzed because of build errors. Please review the error messages here. Another build will be scheduled when a change to a manifest file* occurs. If the build is successful this issue will be closed, otherwise the error message will be updated.
This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.
* Supported manifest files are: pom.xml, package.json, package-lock.json, npm-shrinkwrap.json, Cargo.lock, Cargo.toml, main.rs, lib.rs, build.gradle, build.gradle.kts, settings.gradle, settings.gradle.kts, gradle.properties, gradle-wrapper.properties, go.mod, go.sum
Node.js path.parse() ponyfill
Library home page: https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz
Path to dependency file: website/package.json
Path to vulnerable library: website/node_modules/path-parse
Dependency Hierarchy:
Found in HEAD commit: 3311ea7d24513020d38449a1169a68ad84daa95e
Found in base branch: development
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
Publish Date: 2021-05-04
URL: CVE-2021-23343
Base Score Metrics:
Type: Upgrade version
Origin: jbgutierrez/path-parse#8
Release Date: 2021-05-04
Fix Resolution: path-parse - 1.0.7
Step up your Open Source Security Game with WhiteSource here
HTTP and HTTPS modules that follow redirects.
Library home page: https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/follow-redirects/package.json
Dependency Hierarchy:
Found in base branch: development
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
Publish Date: 2022-01-10
URL: CVE-2022-0155
Base Score Metrics:
Type: Upgrade version
Origin: https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406/
Release Date: 2022-01-10
Fix Resolution: follow-redirects - v1.14.7
Step up your Open Source Security Game with Mend here
Vulnerabilities
DepShield reports that this application's usage of lodash.flatten:4.4.0 results in the following vulnerability(s):
Occurrences
lodash.flatten:4.4.0 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/core:2.0.0-alpha.74
└─ @endiliey/static-site-generator-webpack-plugin:4.0.0
└─ cheerio:0.22.0
└─ lodash.flatten:4.4.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
We want to finally implement translations of our English pages in German.
Therefore, the following steps are needed before we are able to use the CrowdIn integration:
I hope I did not forget anything, I might edit this Issue in the future. It is mainly intended to keep a record how far we are, I will create the Branch to begin with the work as soon as possible.
Vulnerabilities
DepShield reports that this application's usage of lodash.assignin:4.2.0 results in the following vulnerability(s):
Occurrences
lodash.assignin:4.2.0 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/core:2.0.0-alpha.74
└─ @endiliey/static-site-generator-webpack-plugin:4.0.0
└─ cheerio:0.22.0
└─ lodash.assignin:4.2.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Create your next immutable state by mutating the current one
Library home page: https://registry.npmjs.org/immer/-/immer-8.0.1.tgz
Path to dependency file: website/package.json
Path to vulnerable library: website/node_modules/immer/package.json
Dependency Hierarchy:
Found in base branch: development
immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Publish Date: 2021-09-02
URL: CVE-2021-3757
Base Score Metrics:
Type: Upgrade version
Origin: https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa/
Release Date: 2021-09-02
Fix Resolution: immer - 9.0.6
Step up your Open Source Security Game with WhiteSource here
An elegant lib that converts the chalked (ANSI) text to HTML.
Library home page: https://registry.npmjs.org/ansi-html/-/ansi-html-0.0.7.tgz
Path to dependency file: website/package.json
Path to vulnerable library: website/node_modules/ansi-html/package.json
Dependency Hierarchy:
Found in base branch: development
This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.
Publish Date: 2021-08-18
URL: CVE-2021-23424
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of express:4.17.1 results in the following vulnerability(s):
Occurrences
express:4.17.1 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/core:2.0.0-alpha.74
└─ express:4.17.1
└─ webpack-dev-server:3.11.2
└─ express:4.17.1
• @docusaurus/plugin-client-redirects:2.0.0-alpha.75
└─ @docusaurus/core:2.0.0-alpha.75
└─ express:4.17.1
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of lodash.uniq:4.5.0 results in the following vulnerability(s):
Occurrences
lodash.uniq:4.5.0 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/core:2.0.0-alpha.74
└─ @docusaurus/cssnano-preset:2.0.0-alpha.74
└─ cssnano-preset-advanced:4.0.8
└─ cssnano-preset-default:4.0.8
└─ postcss-merge-rules:4.0.3
└─ caniuse-api:3.0.0
└─ lodash.uniq:4.5.0
• @docusaurus/preset-classic:2.0.0-alpha.74
└─ @docusaurus/theme-classic:2.0.0-alpha.74
└─ @mdx-js/mdx:1.6.22
└─ lodash.uniq:4.5.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of kind-of:4.0.0 results in the following vulnerability(s):
Occurrences
kind-of:4.0.0 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/core:2.0.0-alpha.74
└─ webpack:4.46.0
└─ micromatch:3.1.10
└─ snapdragon:0.8.2
└─ base:0.11.2
└─ cache-base:1.0.1
└─ has-value:1.0.0
└─ has-values:1.0.0
└─ kind-of:4.0.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
performant nth-check parser & compiler
Library home page: https://registry.npmjs.org/nth-check/-/nth-check-1.0.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/nth-check/package.json
Dependency Hierarchy:
Parses and compiles CSS nth-checks to highly optimized functions.
Library home page: https://registry.npmjs.org/nth-check/-/nth-check-2.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/nth-check/package.json
Dependency Hierarchy:
Found in base branch: development
nth-check is vulnerable to Inefficient Regular Expression Complexity
Publish Date: 2021-09-17
URL: CVE-2021-3803
Base Score Metrics:
Step up your Open Source Security Game with Mend here
Vulnerabilities
DepShield reports that this application's usage of lodash.reject:4.6.0 results in the following vulnerability(s):
Occurrences
lodash.reject:4.6.0 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/core:2.0.0-alpha.74
└─ @endiliey/static-site-generator-webpack-plugin:4.0.0
└─ cheerio:0.22.0
└─ lodash.reject:4.6.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of lodash.curry:4.1.1 results in the following vulnerability(s):
Occurrences
lodash.curry:4.1.1 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/preset-classic:2.0.0-alpha.74
└─ @docusaurus/plugin-debug:2.0.0-alpha.74
└─ react-json-view:1.21.3
└─ react-base16-styling:0.6.0
└─ lodash.curry:4.1.1
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of http-proxy:1.18.1 results in the following vulnerability(s):
Occurrences
http-proxy:1.18.1 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/core:2.0.0-alpha.74
└─ webpack-dev-server:3.11.2
└─ http-proxy-middleware:0.19.1
└─ http-proxy:1.18.1
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Regular expression for matching ANSI escape codes
Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/ansi-regex/package.json
Dependency Hierarchy:
Regular expression for matching ANSI escape codes
Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/ansi-regex/package.json
Dependency Hierarchy:
Found in base branch: development
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
Publish Date: 2021-09-17
URL: CVE-2021-3807
Base Score Metrics:
Type: Upgrade version
Origin: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994/
Release Date: 2021-09-17
Fix Resolution: ansi-regex - 5.0.1,6.0.1
Step up your Open Source Security Game with Mend here
JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.
Library home page: https://registry.npmjs.org/node-forge/-/node-forge-0.10.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/node-forge/package.json
Dependency Hierarchy:
Found in base branch: development
In node-forge before 1.0.0 he regex used for the forge.util.parseUrl API would not properly parse certain inputs resulting in a parsed data structure that could lead to undesired behavior.
Publish Date: 2022-01-08
URL: WS-2022-0007
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-gf8q-jrpm-jvxq
Release Date: 2022-01-08
Fix Resolution: node-forge - 1.0.0
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of lodash.defaults:4.2.0 results in the following vulnerability(s):
Occurrences
lodash.defaults:4.2.0 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/core:2.0.0-alpha.74
└─ @endiliey/static-site-generator-webpack-plugin:4.0.0
└─ cheerio:0.22.0
└─ lodash.defaults:4.2.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of lodash.memoize:4.1.2 results in the following vulnerability(s):
Occurrences
lodash.memoize:4.1.2 is a transitive dependency introduced by the following direct dependency(s):
• @docusaurus/core:2.0.0-alpha.74
└─ @docusaurus/cssnano-preset:2.0.0-alpha.74
└─ cssnano-preset-advanced:4.0.8
└─ cssnano-preset-default:4.0.8
└─ postcss-merge-rules:4.0.3
└─ caniuse-api:3.0.0
└─ lodash.memoize:4.1.2
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.