vento-nuenenen / qitsune Goto Github PK
View Code? Open in Web Editor NEWEin Spiel, in welchem man QR-Codes suchen und einscannen muss um Punkte zu sammeln.
Ein Spiel, in welchem man QR-Codes suchen und einscannen muss um Punkte zu sammeln.
Node.js path.parse() ponyfill
Library home page: https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz
Path to dependency file: Qitsune/package.json
Path to vulnerable library: Qitsune/node_modules/path-parse
Dependency Hierarchy:
Found in HEAD commit: 0861b1875923558270c2dc7820bc904ea44c0b31
Found in base branch: dev_v2
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
Publish Date: 2021-05-04
URL: CVE-2021-23343
Base Score Metrics:
Type: Upgrade version
Origin: jbgutierrez/path-parse#8
Release Date: 2021-05-04
Fix Resolution: path-parse - 1.0.7
Step up your Open Source Security Game with WhiteSource here
An abstract-encoding compliant module for encoding / decoding DNS packets
Library home page: https://registry.npmjs.org/dns-packet/-/dns-packet-1.3.1.tgz
Path to dependency file: Qitsune/package.json
Path to vulnerable library: Qitsune/node_modules/dns-packet
Dependency Hierarchy:
Found in HEAD commit: 111fdc7d92a5487950d2a24755cd0197e1e84616
Found in base branch: dev_v2
This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.
Publish Date: 2021-05-20
URL: CVE-2021-23386
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23386
Release Date: 2021-05-20
Fix Resolution: dns-packet - 5.2.2
Step up your Open Source Security Game with WhiteSource here
Tool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.21.tgz
Path to dependency file: Qitsune/package.json
Path to vulnerable library: Qitsune/node_modules/resolve-url-loader/node_modules/postcss/package.json
Dependency Hierarchy:
Tool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.35.tgz
Path to dependency file: Qitsune/package.json
Path to vulnerable library: Qitsune/node_modules/postcss-minify-gradients/node_modules/postcss/package.json,Qitsune/node_modules/postcss-discard-duplicates/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-positions/node_modules/postcss/package.json,Qitsune/node_modules/postcss-discard-empty/node_modules/postcss/package.json,Qitsune/node_modules/postcss-discard-comments/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-whitespace/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-string/node_modules/postcss/package.json,Qitsune/node_modules/postcss-colormin/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-display-values/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-repeat-style/node_modules/postcss/package.json,Qitsune/node_modules/postcss-ordered-values/node_modules/postcss/package.json,Qitsune/node_modules/stylehacks/node_modules/postcss/package.json,Qitsune/node_modules/@vue/component-compiler-utils/node_modules/postcss/package.json,Qitsune/node_modules/postcss-reduce-initial/node_modules/postcss/package.json,Qitsune/node_modules/postcss-minify-font-values/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-url/node_modules/postcss/package.json,Qitsune/node_modules/postcss-merge-rules/node_modules/postcss/package.json,Qitsune/node_modules/@types/cssnano/node_modules/postcss/package.json,Qitsune/node_modules/postcss-unique-selectors/node_modules/postcss/package.json,Qitsune/node_modules/postcss-merge-longhand/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-unicode/node_modules/postcss/package.json,Qitsune/node_modules/postcss-convert-values/node_modules/postcss/package.json,Qitsune/node_modules/postcss-discard-overridden/node_modules/postcss/package.json,Qitsune/node_modules/cssnano-preset-default/node_modules/postcss/package.json,Qitsune/node_modules/cssnano-util-raw-cache/node_modules/postcss/package.json,Qitsune/node_modules/css-declaration-sorter/node_modules/postcss/package.json,Qitsune/node_modules/postcss-svgo/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-timing-functions/node_modules/postcss/package.json,Qitsune/node_modules/cssnano/node_modules/postcss/package.json,Qitsune/node_modules/postcss-minify-params/node_modules/postcss/package.json,Qitsune/node_modules/postcss-calc/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-charset/node_modules/postcss/package.json,Qitsune/node_modules/postcss-minify-selectors/node_modules/postcss/package.json,Qitsune/node_modules/postcss-reduce-transforms/node_modules/postcss/package.json
Dependency Hierarchy:
Found in HEAD commit: 713aeeb4bb3dada13816993d79f89e2557e817f6
Found in base branch: dev_v2
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
Publish Date: 2021-04-12
URL: CVE-2021-23368
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23368
Release Date: 2021-04-12
Fix Resolution: postcss -8.2.10
Step up your Open Source Security Game with WhiteSource here
Tool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.35.tgz
Path to dependency file: Qitsune/package.json
Path to vulnerable library: Qitsune/node_modules/postcss
Dependency Hierarchy:
Found in HEAD commit: dcd1842e1e1d7f4560a72965e5ba0677f38a8485
Found in base branch: dev_v2
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /*\s* sourceMappingURL=(.*).
Publish Date: 2021-04-26
URL: CVE-2021-23382
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23382
Release Date: 2021-04-26
Fix Resolution: postcss - 8.2.13
Step up your Open Source Security Game with WhiteSource here
Tool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.21.tgz
Path to dependency file: Qitsune/package.json
Path to vulnerable library: Qitsune/node_modules/resolve-url-loader/node_modules/postcss/package.json
Dependency Hierarchy:
Tool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.35.tgz
Path to dependency file: Qitsune/package.json
Path to vulnerable library: Qitsune/node_modules/postcss-minify-gradients/node_modules/postcss/package.json,Qitsune/node_modules/postcss-discard-duplicates/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-positions/node_modules/postcss/package.json,Qitsune/node_modules/postcss-discard-empty/node_modules/postcss/package.json,Qitsune/node_modules/postcss-discard-comments/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-whitespace/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-string/node_modules/postcss/package.json,Qitsune/node_modules/postcss-colormin/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-display-values/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-repeat-style/node_modules/postcss/package.json,Qitsune/node_modules/postcss-ordered-values/node_modules/postcss/package.json,Qitsune/node_modules/stylehacks/node_modules/postcss/package.json,Qitsune/node_modules/@vue/component-compiler-utils/node_modules/postcss/package.json,Qitsune/node_modules/postcss-reduce-initial/node_modules/postcss/package.json,Qitsune/node_modules/postcss-minify-font-values/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-url/node_modules/postcss/package.json,Qitsune/node_modules/postcss-merge-rules/node_modules/postcss/package.json,Qitsune/node_modules/@types/cssnano/node_modules/postcss/package.json,Qitsune/node_modules/postcss-unique-selectors/node_modules/postcss/package.json,Qitsune/node_modules/postcss-merge-longhand/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-unicode/node_modules/postcss/package.json,Qitsune/node_modules/postcss-convert-values/node_modules/postcss/package.json,Qitsune/node_modules/postcss-discard-overridden/node_modules/postcss/package.json,Qitsune/node_modules/cssnano-preset-default/node_modules/postcss/package.json,Qitsune/node_modules/cssnano-util-raw-cache/node_modules/postcss/package.json,Qitsune/node_modules/css-declaration-sorter/node_modules/postcss/package.json,Qitsune/node_modules/postcss-svgo/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-timing-functions/node_modules/postcss/package.json,Qitsune/node_modules/cssnano/node_modules/postcss/package.json,Qitsune/node_modules/postcss-minify-params/node_modules/postcss/package.json,Qitsune/node_modules/postcss-calc/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-charset/node_modules/postcss/package.json,Qitsune/node_modules/postcss-minify-selectors/node_modules/postcss/package.json,Qitsune/node_modules/postcss-reduce-transforms/node_modules/postcss/package.json
Dependency Hierarchy:
Found in HEAD commit: 49abc19a0b4e9906153dc6dbb86987fb419bfceb
Found in base branch: dev_v2
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
Publish Date: 2021-04-12
URL: CVE-2021-23368
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23368
Release Date: 2021-04-12
Fix Resolution: postcss -8.2.10
Step up your Open Source Security Game with WhiteSource here
Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js
Library home page: https://registry.npmjs.org/ws/-/ws-7.4.5.tgz
Path to dependency file: Qitsune/package.json
Path to vulnerable library: Qitsune/node_modules/ws
Dependency Hierarchy:
Found in HEAD commit: f5a43d5c31b5483007c7d3483f42cb59d20e9697
Found in base branch: dev_v2
ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol
header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected] (websockets/ws@00c425e). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the --max-http-header-size=size
and/or the maxHeaderSize
options.
Publish Date: 2021-05-25
URL: CVE-2021-32640
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-6fc8-4gx4-v693
Release Date: 2021-05-25
Fix Resolution: ws - 7.4.6
Step up your Open Source Security Game with WhiteSource here
Strips glob magic from a string to provide the parent directory path
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz
Path to dependency file: Qitsune/package.json
Path to vulnerable library: Qitsune/node_modules/glob-parent
Dependency Hierarchy:
Found in HEAD commit: e515787ebe1ca381d9ccc285eded823c079452a3
Found in base branch: dev_v2
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
Publish Date: 2021-06-03
URL: CVE-2020-28469
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28469
Release Date: 2021-06-03
Fix Resolution: glob-parent - 5.1.2
Step up your Open Source Security Game with WhiteSource here
🚨 You need to enable Continuous Integration on Greenkeeper branches of this repository. 🚨
To enable Greenkeeper, you need to make sure that a commit status is reported on all branches. This is required by Greenkeeper because it uses your CI build statuses to figure out when to notify you about breaking changes.
Since we didn’t receive a CI status on the greenkeeper/initial
branch, it’s possible that you don’t have CI set up yet. We recommend using Travis CI, but Greenkeeper will work with every other CI service as well.
If you have already set up a CI for this repository, you might need to check how it’s configured. Make sure it is set to run on all new branches. If you don’t want it to run on absolutely every branch, you can whitelist branches starting with greenkeeper/
.
Once you have installed and configured CI on this repository correctly, you’ll need to re-trigger Greenkeeper’s initial pull request. To do this, please click the 'fix repo' button on account.greenkeeper.io.
a CSS selector parser
Library home page: https://registry.npmjs.org/css-what/-/css-what-4.0.0.tgz
Path to dependency file: Qitsune/package.json
Path to vulnerable library: Qitsune/node_modules/css-what
Dependency Hierarchy:
Found in HEAD commit: c8973d8a74749f1c6772f547f99ec2c4a52e0490
Found in base branch: dev_v2
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
Publish Date: 2021-05-28
URL: CVE-2021-33587
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33587
Release Date: 2021-05-28
Fix Resolution: css-what - 5.0.1
Step up your Open Source Security Game with WhiteSource here
Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset
Library home page: https://registry.npmjs.org/browserslist/-/browserslist-4.16.3.tgz
Path to dependency file: Qitsune/package.json
Path to vulnerable library: Qitsune/node_modules/browserslist
Dependency Hierarchy:
Found in base branch: dev_v2
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
Publish Date: 2021-04-28
URL: CVE-2021-23364
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23364
Release Date: 2021-04-28
Fix Resolution: browserslist - 4.16.5
Step up your Open Source Security Game with WhiteSource here
a CSS selector parser
Library home page: https://registry.npmjs.org/css-what/-/css-what-3.4.2.tgz
Path to dependency file: Qitsune/package.json
Path to vulnerable library: Qitsune/node_modules/css-what
Dependency Hierarchy:
Found in HEAD commit: 08e7ddbe4cfdbfad3bb650385f03c694b4d82521
Found in base branch: dev_v2
The css-what package before 5.0.1 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
Publish Date: 2021-05-28
URL: CVE-2021-33587
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33587
Release Date: 2021-05-28
Fix Resolution: css-what - 5.0.1
Step up your Open Source Security Game with WhiteSource here
Strips glob magic from a string to provide the parent directory path
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz
Path to dependency file: Qitsune/package.json
Path to vulnerable library: Qitsune/node_modules/glob-parent
Dependency Hierarchy:
Found in HEAD commit: 4f9b43f31743239c22e2b8ec7b08224544ac295b
Found in base branch: dev_v2
Regular Expression Denial of Service (ReDoS) vulnerability was found in glob-parent before 5.1.2.
Publish Date: 2021-01-27
URL: WS-2021-0154
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2
Release Date: 2021-01-27
Fix Resolution: glob-parent - 5.1.2
Step up your Open Source Security Game with WhiteSource here
Normalize a URL
Library home page: https://registry.npmjs.org/normalize-url/-/normalize-url-3.3.0.tgz
Path to dependency file: Qitsune/package.json
Path to vulnerable library: Qitsune/node_modules/normalize-url
Dependency Hierarchy:
Found in HEAD commit: c8973d8a74749f1c6772f547f99ec2c4a52e0490
Found in base branch: dev_v2
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.
Publish Date: 2021-05-24
URL: CVE-2021-33502
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33502
Release Date: 2021-05-24
Fix Resolution: normalize-url - 4.5.1, 5.3.1, 6.0.1
Step up your Open Source Security Game with WhiteSource here
Check if a string or buffer is SVG
Library home page: https://registry.npmjs.org/is-svg/-/is-svg-3.0.0.tgz
Path to dependency file: Qitsune/package.json
Path to vulnerable library: Qitsune/node_modules/is-svg/package.json
Dependency Hierarchy:
Found in HEAD commit: e11729b075ef605d8200fc750604e166b48a5067
Found in base branch: dev_v2
The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time.
Publish Date: 2021-03-12
URL: CVE-2021-28092
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28092
Release Date: 2021-03-12
Fix Resolution: v4.2.2
Step up your Open Source Security Game with WhiteSource here
Tool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.35.tgz
Path to dependency file: Qitsune/package.json
Path to vulnerable library: Qitsune/node_modules/postcss
Dependency Hierarchy:
Found in HEAD commit: dcd1842e1e1d7f4560a72965e5ba0677f38a8485
Found in base branch: dev_v2
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
Publish Date: 2021-04-12
URL: CVE-2021-23368
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23368
Release Date: 2021-04-12
Fix Resolution: postcss -8.2.10
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js
Path to dependency file: Qitsune/node_modules/password-strength-meter/dist/index.html
Path to vulnerable library: Qitsune/node_modules/password-strength-meter/dist/index.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Path to dependency file: Qitsune/node_modules/hideshowpassword/index.html
Path to vulnerable library: Qitsune/node_modules/hideshowpassword/index.html
Dependency Hierarchy:
Found in HEAD commit: e11729b075ef605d8200fc750604e166b48a5067
Found in base branch: dev_v2
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
Base Score Metrics:
Type: Upgrade version
Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
4.17.10
to 4.17.11
.This version is covered by your current version range and after updating it in your project the build failed.
lodash is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
Tool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.21.tgz
Path to dependency file: Qitsune/package.json
Path to vulnerable library: Qitsune/node_modules/resolve-url-loader/node_modules/postcss/package.json
Dependency Hierarchy:
Tool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.35.tgz
Path to dependency file: Qitsune/package.json
Path to vulnerable library: Qitsune/node_modules/postcss-minify-gradients/node_modules/postcss/package.json,Qitsune/node_modules/postcss-discard-duplicates/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-positions/node_modules/postcss/package.json,Qitsune/node_modules/postcss-discard-empty/node_modules/postcss/package.json,Qitsune/node_modules/postcss-discard-comments/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-whitespace/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-string/node_modules/postcss/package.json,Qitsune/node_modules/postcss-colormin/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-display-values/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-repeat-style/node_modules/postcss/package.json,Qitsune/node_modules/postcss-ordered-values/node_modules/postcss/package.json,Qitsune/node_modules/stylehacks/node_modules/postcss/package.json,Qitsune/node_modules/@vue/component-compiler-utils/node_modules/postcss/package.json,Qitsune/node_modules/postcss-reduce-initial/node_modules/postcss/package.json,Qitsune/node_modules/postcss-minify-font-values/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-url/node_modules/postcss/package.json,Qitsune/node_modules/postcss-merge-rules/node_modules/postcss/package.json,Qitsune/node_modules/@types/cssnano/node_modules/postcss/package.json,Qitsune/node_modules/postcss-unique-selectors/node_modules/postcss/package.json,Qitsune/node_modules/postcss-merge-longhand/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-unicode/node_modules/postcss/package.json,Qitsune/node_modules/postcss-convert-values/node_modules/postcss/package.json,Qitsune/node_modules/postcss-discard-overridden/node_modules/postcss/package.json,Qitsune/node_modules/cssnano-preset-default/node_modules/postcss/package.json,Qitsune/node_modules/cssnano-util-raw-cache/node_modules/postcss/package.json,Qitsune/node_modules/css-declaration-sorter/node_modules/postcss/package.json,Qitsune/node_modules/postcss-svgo/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-timing-functions/node_modules/postcss/package.json,Qitsune/node_modules/cssnano/node_modules/postcss/package.json,Qitsune/node_modules/postcss-minify-params/node_modules/postcss/package.json,Qitsune/node_modules/postcss-calc/node_modules/postcss/package.json,Qitsune/node_modules/postcss-normalize-charset/node_modules/postcss/package.json,Qitsune/node_modules/postcss-minify-selectors/node_modules/postcss/package.json,Qitsune/node_modules/postcss-reduce-transforms/node_modules/postcss/package.json
Dependency Hierarchy:
Found in HEAD commit: 713aeeb4bb3dada13816993d79f89e2557e817f6
Found in base branch: dev_v2
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /*\s* sourceMappingURL=(.*).
Publish Date: 2021-04-26
URL: CVE-2021-23382
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23382
Release Date: 2021-04-26
Fix Resolution: postcss - 8.2.13
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js
Path to dependency file: Qitsune/node_modules/password-strength-meter/dist/index.html
Path to vulnerable library: Qitsune/node_modules/password-strength-meter/dist/index.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Path to dependency file: Qitsune/node_modules/hideshowpassword/index.html
Path to vulnerable library: Qitsune/node_modules/hideshowpassword/index.html
Dependency Hierarchy:
Found in HEAD commit: e11729b075ef605d8200fc750604e166b48a5067
Found in base branch: dev_v2
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
Normalize a URL
Library home page: https://registry.npmjs.org/normalize-url/-/normalize-url-3.3.0.tgz
Path to dependency file: Qitsune/package.json
Path to vulnerable library: Qitsune/node_modules/normalize-url
Dependency Hierarchy:
Found in HEAD commit: 08e7ddbe4cfdbfad3bb650385f03c694b4d82521
Found in base branch: dev_v2
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.
Publish Date: 2021-05-24
URL: CVE-2021-33502
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33502
Release Date: 2021-05-24
Fix Resolution: normalize-url - 4.5.1, 5.3.1, 6.0.1
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js
Path to dependency file: Qitsune/node_modules/password-strength-meter/dist/index.html
Path to vulnerable library: Qitsune/node_modules/password-strength-meter/dist/index.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Path to dependency file: Qitsune/node_modules/hideshowpassword/index.html
Path to vulnerable library: Qitsune/node_modules/hideshowpassword/index.html
Dependency Hierarchy:
Found in HEAD commit: e11729b075ef605d8200fc750604e166b48a5067
Found in base branch: dev_v2
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: 3.4.0
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.