View Code? Open in Web Editor
NEW
Construct for setting up billing alarms in AWS.
License: Apache License 2.0
TypeScript 94.35%
JavaScript 5.65%
cdktf-budget-notifier's Introduction
๐ฉ๐ช I'm living in Dortmund, North Rhine-Westphalia
๐ฑ Iโm currently learning a lot of things about โ๏ธ computing, e.g. infrastructure automation with
Cloud Development Kit
๐ Terraform
๐ I'm passionate about automation and experimenting with new technologies
๐ซ How to reach me:
cdktf-budget-notifier's People
Stargazers
cdktf-budget-notifier's Issues
CVE-2020-7789 - Medium Severity Vulnerability
Vulnerable Library - node-notifier-8.0.0.tgz
A Node.js module for sending notifications on native Mac, Windows (post and pre 8) and Linux (or Growl as fallback)
Library home page: https://registry.npmjs.org/node-notifier/-/node-notifier-8.0.0.tgz
Path to dependency file: cdktf-budget-notifier/package.json
Path to vulnerable library: cdktf-budget-notifier/node_modules/node-notifier/package.json
Dependency Hierarchy:
jest-26.6.3.tgz (Root Library)
core-26.6.3.tgz
reporters-26.6.2.tgz
โ node-notifier-8.0.0.tgz (Vulnerable Library)
Found in HEAD commit: 9e415e4fb519fabbdc1d7975fa41f9619b130d99
Found in base branch: master
Vulnerability Details
This affects the package node-notifier before 9.0.0. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array.
Publish Date: 2020-12-11
URL: CVE-2020-7789
CVSS 3 Score Details (5.6 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: None
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: Low
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7789
Release Date: 2020-12-11
Fix Resolution: 9.0.0
Step up your Open Source Security Game with WhiteSource here
CVE-2020-26137 - Medium Severity Vulnerability
Vulnerable Library - pip20.1.1
The Python package installer
Library home page: https://github.com/pypa/pip.git
Found in HEAD commit: 1f3e471a9114fefc537152f958857756d194b7a1
Found in base branch: master
Vulnerable Source Files (0)
Vulnerability Details
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116 .
Publish Date: 2020-09-30
URL: CVE-2020-26137
CVSS 3 Score Details (6.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26137
Release Date: 2020-09-30
Fix Resolution: 1.25.9
Step up your Open Source Security Game with WhiteSource here
There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.
Error type: undefined. Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.
CVE-2020-7608 - Medium Severity Vulnerability
Vulnerable Library - yargs-parser-9.0.2.tgz
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-9.0.2.tgz
Path to dependency file: cdktf-budget-notifier/package.json
Path to vulnerable library: cdktf-budget-notifier/node_modules/jsii-srcmak/node_modules/yargs-parser/package.json
Dependency Hierarchy:
cdktf-cli-0.0.17.tgz (Root Library)
jsii-srcmak-0.1.26.tgz
yargs-11.1.1.tgz
โ yargs-parser-9.0.2.tgz (Vulnerable Library)
Found in HEAD commit: b700962114b4aabf5e6eeedd183b6ab43b82b75b
Found in base branch: master
Vulnerability Details
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto " payload.
Publish Date: 2020-03-16
URL: CVE-2020-7608
CVSS 3 Score Details (5.3 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Local
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: Low
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608
Release Date: 2020-03-16
Fix Resolution: v18.1.1;13.1.2;15.0.1
Step up your Open Source Security Game with WhiteSource here
CVE-2020-7774 - High Severity Vulnerability
Vulnerable Library - y18n-4.0.0.tgz
the bare-bones internationalization library used by yargs
Library home page: https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz
Path to dependency file: cdktf-budget-notifier/package.json
Path to vulnerable library: cdktf-budget-notifier/node_modules/y18n/package.json
Dependency Hierarchy:
cdktf-cli-0.1.0.tgz (Root Library)
yargs-15.4.1.tgz
โ y18n-4.0.0.tgz (Vulnerable Library)
Found in HEAD commit: a0579a2dcde439b999ab7e45651afc94bb08cd5e
Found in base branch: master
Vulnerability Details
This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('proto '); y18n.updateLocale({polluted: true}); console.log(polluted); // true
Publish Date: 2020-11-17
URL: CVE-2020-7774
CVSS 3 Score Details (7.3 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: Low
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7774
Release Date: 2020-11-17
Fix Resolution: 5.0.5
Step up your Open Source Security Game with WhiteSource here