This project forked from blackboard/blackboard.github.io
This repository is the home for Blackboard developer documentation.
Home Page: https://community.blackboard.com/developers
License: MIT License
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![mend-for-github-com[bot] avatar](https://avatars.githubusercontent.com/in/30796?v=4 "mend-for-github-com[bot]")
Vulnerable Library - ejs-2.6.2.tgzEmbedded JavaScript templates
Library home page: https://registry.npmjs.org/ejs/-/ejs-2.6.2.tgz
Path to dependency file: /learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/package.json
Path to vulnerable library: /learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/ejs/package.json,/_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/ejs/package.json
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
Publish Date: 2022-04-25
URL: CVE-2022-29078
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29078~
Release Date: 2022-04-25
Fix Resolution: 3.1.7
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - commonmarker-0.17.13.gemA fast, safe, extensible parser for CommonMark. This wraps the official libcmark library.
Library home page: https://rubygems.org/gems/commonmarker-0.17.13.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /Gemfile.lock
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of > or - characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources.
Publish Date: 2023-03-31
URL: CVE-2023-24824
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-48wp-p9qv-4j64
Release Date: 2023-03-31
Fix Resolution: commonmarker - 0.23.9
Vulnerable Library - tzinfo-1.2.8.gemTZInfo provides daylight savings aware transformations between times in different time zones.
Library home page: https://rubygems.org/gems/tzinfo-1.2.8.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /ms/2.5.0/cache/tzinfo-1.2.8.gem
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with require on demand. In the affected versions, TZInfo::Timezone.get fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, TZInfo::Timezone.get can be made to load unintended files with require, executing them within the Ruby process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a prefix of tzinfo/definition within a directory in the load path. Applications should ensure that untrusted files are not placed in a directory on the load path. As a workaround, the time zone identifier can be validated before passing to TZInfo::Timezone.get by ensuring it matches the regular expression \A[A-Za-z0-9+\-_]+(?:\/[A-Za-z0-9+\-_]+)*\z.
Publish Date: 2022-07-22
URL: CVE-2022-31163
CVSS 3 Score Details (8.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-5cm2-9h8c-rvfx
Release Date: 2022-07-22
Fix Resolution: tzinfo - 0.3.61,1.2.10
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - lodash-4.17.15.tgzLodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Path to dependency file: /learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/package.json
Path to vulnerable library: /learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/lodash/package.json,/_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Mend Note: After conducting further research, Mend has determined that CVE-2020-28500 only affects environments with versions 4.0.0 to 4.17.20 of Lodash.
Publish Date: 2021-02-15
URL: CVE-2020-28500
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500
Release Date: 2021-02-15
Fix Resolution (lodash): 4.17.21
Direct dependency fix Resolution (@babel/core): 7.6.0
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - addressable-2.7.0.gemAddressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. It is flexible, offers heuristic parsing, and additionally provides extensive support for IRIs and URI templates.
Library home page: https://rubygems.org/gems/addressable-2.7.0.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /var/lib/gems/2.5.0/cache/addressable-2.7.0.gem
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking.
Publish Date: 2021-07-06
URL: CVE-2021-32740
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-jxhc-q857-3j6g
Release Date: 2021-07-06
Fix Resolution: addressable - 2.8.0
Vulnerable Library - node-fetch-2.6.0.tgzA light-weight module that brings window.fetch to node.js
Library home page: https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.0.tgz
Path to dependency file: /_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/package.json
Path to vulnerable library: /_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/node-fetch/package.json,/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/node-fetch/package.json
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after fetch() has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing.
Publish Date: 2020-09-10
URL: CVE-2020-15168
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-w7rc-rwvf-8q5r
Release Date: 2020-09-17
Fix Resolution: 2.6.1
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - ejs-2.6.2.tgzEmbedded JavaScript templates
Library home page: https://registry.npmjs.org/ejs/-/ejs-2.6.2.tgz
Path to dependency file: /learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/package.json
Path to vulnerable library: /learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/ejs/package.json,/_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/ejs/package.json
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter.
Publish Date: 2023-05-04
URL: CVE-2023-29827
CVSS 3 Score Details (5.5)
Base Score Metrics:
Vulnerable Library - ejs-2.6.2.tgzEmbedded JavaScript templates
Library home page: https://registry.npmjs.org/ejs/-/ejs-2.6.2.tgz
Path to dependency file: /learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/package.json
Path to vulnerable library: /learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/ejs/package.json,/_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/ejs/package.json
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.
Publish Date: 2024-04-28
URL: CVE-2024-33883
CVSS 3 Score Details (8.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-33883
Release Date: 2024-04-28
Fix Resolution: ejs - 3.1.10
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - path-parse-1.0.6.tgzNode.js path.parse() ponyfill
Library home page: https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz
Path to dependency file: /learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/package.json
Path to vulnerable library: /learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/path-parse/package.json,/_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/path-parse/package.json
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
Publish Date: 2021-05-04
URL: CVE-2021-23343
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2021-05-04
Fix Resolution (path-parse): 1.0.7
Direct dependency fix Resolution (@babel/core): 7.6.0
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - commonmarker-0.17.13.gemA fast, safe, extensible parser for CommonMark. This wraps the official libcmark library.
Library home page: https://rubygems.org/gems/commonmarker-0.17.13.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /Gemfile.lock
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service
Publish Date: 2023-04-12
URL: WS-2023-0095
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-48wp-p9qv-4j64
Release Date: 2023-04-12
Fix Resolution: commonmarker - 0.23.9
Vulnerable Library - nokogiri-1.10.10.gemNokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.10.10.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /Gemfile.lock
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser, Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri v1.12.5 or later to receive a patch for this issue. There are no workarounds available for v1.12.4 or earlier. CRuby users are not affected.
Publish Date: 2021-09-27
URL: CVE-2021-41098
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41098
Release Date: 2021-09-27
Fix Resolution: nokogiri - 1.12.5
Vulnerable Library - nokogiri-1.10.10.gemNokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.10.10.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /Gemfile.lock
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all input as untrusted by default whenever possible. This is fixed in Nokogiri version 1.11.0.rc4.
Publish Date: 2020-12-30
URL: CVE-2020-26247
CVSS 3 Score Details (4.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2020-12-30
Fix Resolution: 1.11.0.rc4
Vulnerable Library - nokogiri-1.10.10.gemNokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.10.10.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /Gemfile.lock
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a String by calling #to_s or equivalent.
Publish Date: 2022-05-20
URL: CVE-2022-29181
CVSS 3 Score Details (8.2)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29181
Release Date: 2022-05-20
Fix Resolution: nokogiri - 1.13.6
Vulnerable Library - ejs-2.6.2.tgzEmbedded JavaScript templates
Library home page: https://registry.npmjs.org/ejs/-/ejs-2.6.2.tgz
Path to dependency file: /learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/package.json
Path to vulnerable library: /learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/ejs/package.json,/_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/ejs/package.json
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
Arbitrary Code Injection vulnerability was found in ejs before 3.1.6. Caused by filename which isn't sanitized for display.
Publish Date: 2021-01-22
URL: WS-2021-0153
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2021-01-22
Fix Resolution: 3.1.6
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - node-fetch-2.6.0.tgzA light-weight module that brings window.fetch to node.js
Library home page: https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.0.tgz
Path to dependency file: /_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/package.json
Path to vulnerable library: /_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/node-fetch/package.json,/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/node-fetch/package.json
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Publish Date: 2022-01-16
URL: CVE-2022-0235
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-r683-j2x4-v87g
Release Date: 2022-01-16
Fix Resolution: 2.6.7
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - commonmarker-0.17.13.gemA fast, safe, extensible parser for CommonMark. This wraps the official libcmark library.
Library home page: https://rubygems.org/gems/commonmarker-0.17.13.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /Gemfile.lock
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service
Publish Date: 2022-09-21
URL: WS-2022-0320
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-4qw4-jpp4-8gvp
Release Date: 2022-09-21
Fix Resolution: commonmarker - 0.23.6
Vulnerable Library - rexml-3.2.4.gemAn XML toolkit for Ruby
Library home page: https://rubygems.org/gems/rexml-3.2.4.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /Gemfile.lock
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many <s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this vulnerability. As a workaround, don't parse untrusted XMLs.
Publish Date: 2024-05-16
URL: CVE-2024-35176
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-vg3r-rm7w-2xgh
Release Date: 2024-05-16
Fix Resolution: rexml - 3.2.7
Vulnerable Library - nokogiri-1.10.10.gemNokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.10.10.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /Gemfile.lock
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri < v1.13.4 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri >= 1.13.4. There are no known workarounds for this issue.
Publish Date: 2022-04-11
URL: CVE-2022-24836
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-crjr-9rc5-ghw8
Release Date: 2022-04-11
Fix Resolution: nokogiri - 1.13.4
Vulnerable Library - json5-2.1.0.tgzJSON for humans.
Library home page: https://registry.npmjs.org/json5/-/json5-2.1.0.tgz
Path to dependency file: /_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/package.json
Path to vulnerable library: /_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/json5/package.json,/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/json5/package.json
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The parse method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named __proto__, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by JSON5.parse and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. JSON5.parse should restrict parsing of __proto__ keys when parsing JSON strings to objects. As a point of reference, the JSON.parse method included in JavaScript ignores __proto__ keys. Simply changing JSON5.parse to JSON.parse in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2, 2.2.2, and later.
Publish Date: 2022-12-24
URL: CVE-2022-46175
CVSS 3 Score Details (8.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2022-46175
Release Date: 2022-12-24
Fix Resolution (json5): 2.2.2
Direct dependency fix Resolution (@babel/core): 7.6.0
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - rexml-3.2.4.gemAn XML toolkit for Ruby
Library home page: https://rubygems.org/gems/rexml-3.2.4.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /Gemfile.lock
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.
Publish Date: 2021-04-21
URL: CVE-2021-28965
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-8cr8-4vfw-mr7h
Release Date: 2021-04-21
Fix Resolution: rexml - 3.1.9.1, 3.2.5
Vulnerable Library - debug-4.1.1.tgzsmall debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-4.1.1.tgz
Path to dependency file: /_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/package.json
Path to vulnerable library: /_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/@babel/core/node_modules/debug/package.json,/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/@babel/core/node_modules/debug/package.json
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.
Publish Date: 2018-06-07
URL: CVE-2017-16137
CVSS 3 Score Details (3.7)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-gxpj-cx7g-858c
Release Date: 2018-04-26
Fix Resolution (debug): 4.3.1
Direct dependency fix Resolution (@babel/core): 7.6.0
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - nokogiri-1.10.10.gemNokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.10.10.gem
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
nokogiri up to and including 1.13.8 is affected by several vulnerabilities (CVE-2022-40303, CVE-2022-40304 and CVE-2022-2309) in the dependency bundled libxml2 library. Version 1.13.9 of nokogiri contains a patch where the dependency is upgraded with the patches as well.
Publish Date: 2022-10-18
URL: WS-2022-0334
CVSS 3 Score Details (5.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-2qc6-mcvw-92cw
Release Date: 2022-10-18
Fix Resolution: nokogiri - 1.13.9
Vulnerable Library - browserslist-4.6.6.tgzShare target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset
Library home page: https://registry.npmjs.org/browserslist/-/browserslist-4.6.6.tgz
Path to dependency file: /_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/package.json
Path to vulnerable library: /_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/browserslist/package.json,/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/browserslist/package.json
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
Publish Date: 2021-04-28
URL: CVE-2021-23364
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23364
Release Date: 2021-04-28
Fix Resolution (browserslist): 4.16.5
Direct dependency fix Resolution (@babel/preset-env): 7.6.0
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - activesupport-6.0.3.4.gemA toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing.
Library home page: https://rubygems.org/gems/activesupport-6.0.3.4.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /Gemfile.lock
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability.
Publish Date: 2023-02-09
URL: CVE-2023-22796
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-j6gc-792m-qgm2
Release Date: 2023-02-09
Fix Resolution: activesupport - 6.1.7.1,7.0.4.1
Vulnerable Library - kramdown-2.3.0.gemkramdown is yet-another-markdown-parser but fast, pure Ruby, using a strict syntax definition and supporting several common extensions.
Library home page: https://rubygems.org/gems/kramdown-2.3.0.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /Gemfile.lock
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
Publish Date: 2021-03-19
URL: CVE-2021-28834
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2021-03-19
Fix Resolution: 2.3.1
Vulnerable Library - lodash-4.17.15.tgzLodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Path to dependency file: /learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/package.json
Path to vulnerable library: /learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/lodash/package.json,/_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Publish Date: 2021-02-15
URL: CVE-2021-23337
CVSS 3 Score Details (7.2)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-35jh-r3h4-6jhm
Release Date: 2021-02-15
Fix Resolution (lodash): 4.17.21
Direct dependency fix Resolution (@babel/core): 7.6.0
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - commonmarker-0.17.13.gemA fast, safe, extensible parser for CommonMark. This wraps the official libcmark library.
Library home page: https://rubygems.org/gems/commonmarker-0.17.13.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /Gemfile.lock
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of _ characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources. ### Impact A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. ### Proof of concept $ ~/cmark-gfm$ python3 -c 'pad = "_" * 100000; print(pad + "." + pad, end="")' | time ./build/src/cmark-gfm --to plaintext Increasing the number 10000 in the above commands causes the running time to increase quadratically. ### Patches This vulnerability have been patched in 0.29.0.gfm.10. ### Note on cmark and cmark-gfm XXX: TBD cmark-gfm is a fork of cmark that adds the GitHub Flavored Markdown extensions. The two codebases have diverged over time, but share a common core. These bugs affect both cmark and cmark-gfm. ### Credit We would like to thank @gravypod for reporting this vulnerability. ### References https://en.wikipedia.org/wiki/Time_complexity ### For more information If you have any questions or comments about this advisory: * Open an issue in github/cmark-gfm
Publish Date: 2023-03-31
URL: CVE-2023-26485
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-48wp-p9qv-4j64
Release Date: 2023-03-31
Fix Resolution: commonmarker - 0.23.9
Vulnerable Library - activesupport-6.0.3.4.gemA toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing.
Library home page: https://rubygems.org/gems/activesupport-6.0.3.4.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /Gemfile.lock
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
Active Support Possibly Discloses Locally Encrypted Files
Publish Date: 2023-07-12
URL: CVE-2023-38037
CVSS 3 Score Details (4.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-cr5q-6q9f-rq6q
Release Date: 2023-07-12
Fix Resolution: activesupport - 6.1.7.5,7.0.7.1
Vulnerable Library - traverse-7.5.5.tgzThe Babel Traverse module maintains the overall tree state, and is responsible for replacing, removing, and adding nodes
Library home page: https://registry.npmjs.org/@babel/traverse/-/traverse-7.5.5.tgz
Path to dependency file: /_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/package.json
Path to vulnerable library: /_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/@babel/traverse/package.json,/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/@babel/traverse/package.json
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the path.evaluate()or path.evaluateTruthy() internal Babel methods. Known affected plugins are @babel/plugin-transform-runtime; @babel/preset-env when using its useBuiltIns option; and any "polyfill provider" plugin that depends on @babel/helper-define-polyfill-provider, such as babel-plugin-polyfill-corejs3, babel-plugin-polyfill-corejs2, babel-plugin-polyfill-es-shims, babel-plugin-polyfill-regenerator. No other plugins under the @babel/ namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in @babel/[email protected] and @babel/[email protected]. Those who cannot upgrade @babel/traverse and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected @babel/traverse versions: @babel/plugin-transform-runtime v7.23.2, @babel/preset-env v7.23.2, @babel/helper-define-polyfill-provider v0.4.3, babel-plugin-polyfill-corejs2 v0.4.6, babel-plugin-polyfill-corejs3 v0.8.5, babel-plugin-polyfill-es-shims v0.10.0, babel-plugin-polyfill-regenerator v0.5.3.
Publish Date: 2023-10-12
URL: CVE-2023-45133
CVSS 3 Score Details (8.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-67hx-6x53-jw92
Release Date: 2023-10-12
Fix Resolution (@babel/traverse): 7.23.2
Direct dependency fix Resolution (@babel/core): 7.6.0
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Libraries - minimist-1.2.0.tgz, minimist-0.0.8.tgz
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz
Path to dependency file: /_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/package.json
Path to vulnerable library: /_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/minimist/package.json,/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/minimist/package.json
Dependency Hierarchy:
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz
Path to dependency file: /learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/package.json
Path to vulnerable library: /learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/mkdirp/node_modules/minimist/package.json,/_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/mkdirp/node_modules/minimist/package.json
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Publish Date: 2022-03-17
URL: CVE-2021-44906
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-xvch-5gv4-984h
Release Date: 2022-03-17
Fix Resolution (minimist): 1.2.6
Direct dependency fix Resolution (@babel/core): 7.6.0
Fix Resolution (minimist): 1.2.6
Direct dependency fix Resolution (@babel/register): 7.6.0
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - commonmarker-0.17.13.gemA fast, safe, extensible parser for CommonMark. This wraps the official libcmark library.
Library home page: https://rubygems.org/gems/commonmarker-0.17.13.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /Gemfile.lock
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
commonmarker versions prior to 0.23.4 are vulnerable to heap memory corruption when parsing tables whose marker rows contain more than UINT16_MAX columns.
The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution.
Publish Date: 2022-02-03
URL: WS-2022-0093
CVSS 3 Score Details (8.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-fmx4-26r3-wxpf
Release Date: 2022-02-03
Fix Resolution: commonmarker - 0.23.4
Vulnerable Library - lodash-4.17.15.tgzLodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Path to dependency file: /learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/package.json
Path to vulnerable library: /learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/lodash/package.json,/_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
Publish Date: 2020-07-15
URL: CVE-2020-8203
CVSS 3 Score Details (7.4)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1523
Release Date: 2020-07-15
Fix Resolution (lodash): 4.17.19
Direct dependency fix Resolution (@babel/core): 7.6.0
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - semver-6.3.0.tgzThe semantic version parser used by npm.
Library home page: https://registry.npmjs.org/semver/-/semver-6.3.0.tgz
Path to dependency file: /_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/package.json
Path to vulnerable library: /_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/core-js-compat/node_modules/semver/package.json,/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/core-js-compat/node_modules/semver/package.json
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Publish Date: 2023-06-21
URL: CVE-2022-25883
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-c2qf-rxjj-qqgw
Release Date: 2023-06-21
Fix Resolution (semver): 6.3.1
Direct dependency fix Resolution (@babel/preset-env): 7.6.0
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - qs-6.7.0.tgzA querystring parser that supports nesting and arrays, with a depth limit
Library home page: https://registry.npmjs.org/qs/-/qs-6.7.0.tgz
Path to dependency file: /_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/package.json
Path to vulnerable library: /_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/qs/package.json,/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/qs/package.json
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[proto]=b&a[proto]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: [email protected]" in its release description, is not vulnerable).
Publish Date: 2022-11-26
URL: CVE-2022-24999
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2022-24999
Release Date: 2022-11-26
Fix Resolution (qs): 6.7.3
Direct dependency fix Resolution (express): 4.17.2
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Libraries - minimist-1.2.0.tgz, minimist-0.0.8.tgz
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz
Path to dependency file: /_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/package.json
Path to vulnerable library: /_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/minimist/package.json,/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/minimist/package.json
Dependency Hierarchy:
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz
Path to dependency file: /learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/package.json
Path to vulnerable library: /learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/mkdirp/node_modules/minimist/package.json,/_site/learn/uef/UEFDocs/src/downloads/demo-integration/demo-integration/node_modules/mkdirp/node_modules/minimist/package.json
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
Publish Date: 2020-03-11
URL: CVE-2020-7598
CVSS 3 Score Details (5.6)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2020-03-11
Fix Resolution (minimist): 1.2.3
Direct dependency fix Resolution (@babel/core): 7.6.0
Fix Resolution (minimist): 1.2.3
Direct dependency fix Resolution (@babel/register): 7.6.0
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - nokogiri-1.10.10.gemNokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.
Library home page: https://rubygems.org/gems/nokogiri-1.10.10.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /Gemfile.lock
Dependency Hierarchy:
Found in HEAD commit: 4239d5b343e9c9f84e826c95a4bc828028295101
Found in base branch: master
Vulnerability Details
Nokogiri before version 1.13.2 is vulnerable.
Publish Date: 2022-03-01
URL: WS-2022-0089
CVSS 3 Score Details (8.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-fq42-c5rg-92c2
Release Date: 2022-03-01
Fix Resolution: nokogiri - v1.13.2
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
