Giter VIP home page Giter VIP logo

dekp-ui's Introduction

Hi there, I'm Victor Neves ๐Ÿ‘‹

๐Ÿ”ญ Iโ€™m a Frontend developer, currently exploring the JAMSTACK world and working/using Vue.js, Pinia, Vite, Vue Utils, Vitest, Histoire, StyleDictionary, Sentry, Github, NPM, Azure, Netlify, Vercel and Buddy.

I also have experience with Vuex, Vue Router, Jest, Storybook, jQuery, PugJs, Handlebars.js, Twig, Gulp, Webpack, ZenHub, Yarn, Bitbucket, Jira, Photoshop, Illustrator, Zeplin, and CorelDraw

๐ŸŒฑ Iโ€™m currently looking into Nuxt.js, React, Qwik, and Astro

Technology Stack:

HTM HTML5 CSS CSS3 SASS Javascript jQuery Vuejs Netlify Vercel Typescript Nuxtjs Jest Pug Vite SonarQube SonarLint


How to reach me:



Victor Neves github stats Victor Neves github stats

Victor Neves's Dev Card

dekp-ui's People

Contributors

mend-bolt-for-github[bot] avatar victorlmneves avatar

Watchers

avatar

dekp-ui's Issues

vuepress-plugin-vue-example-2.0.1.tgz: 3 vulnerabilities (highest severity is: 9.8)

Vulnerable Library - vuepress-plugin-vue-example-2.0.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/loader-utils/package.json

Found in HEAD commit: 384938a994a16dccd27675fdd242594327b2d423

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (vuepress-plugin-vue-example version) Remediation Available
CVE-2022-37601 High 9.8 loader-utils-2.0.2.tgz Transitive N/A* โŒ
CVE-2022-37603 High 7.5 loader-utils-2.0.2.tgz Transitive N/A* โŒ
CVE-2022-37599 High 7.5 loader-utils-2.0.2.tgz Transitive N/A* โŒ

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2022-37601

Vulnerable Library - loader-utils-2.0.2.tgz

utils for webpack loaders

Library home page: https://registry.npmjs.org/loader-utils/-/loader-utils-2.0.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/loader-utils/package.json

Dependency Hierarchy:

  • vuepress-plugin-vue-example-2.0.1.tgz (Root Library)
    • raw-loader-4.0.2.tgz
      • โŒ loader-utils-2.0.2.tgz (Vulnerable Library)

Found in HEAD commit: 384938a994a16dccd27675fdd242594327b2d423

Found in base branch: main

Vulnerability Details

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils 2.0.0 via the name variable in parseQuery.js.

Publish Date: 2022-10-12

URL: CVE-2022-37601

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-76p3-8jx3-jpfq

Release Date: 2022-10-12

Fix Resolution: loader-utils - 1.4.1,2.0.3

Step up your Open Source Security Game with Mend here

CVE-2022-37603

Vulnerable Library - loader-utils-2.0.2.tgz

utils for webpack loaders

Library home page: https://registry.npmjs.org/loader-utils/-/loader-utils-2.0.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/loader-utils/package.json

Dependency Hierarchy:

  • vuepress-plugin-vue-example-2.0.1.tgz (Root Library)
    • raw-loader-4.0.2.tgz
      • โŒ loader-utils-2.0.2.tgz (Vulnerable Library)

Found in HEAD commit: 384938a994a16dccd27675fdd242594327b2d423

Found in base branch: main

Vulnerability Details

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.

Publish Date: 2022-10-14

URL: CVE-2022-37603

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-3rfm-jhwj-7488

Release Date: 2022-10-14

Fix Resolution: loader-utils - 1.4.2,2.0.4,3.2.1

Step up your Open Source Security Game with Mend here

CVE-2022-37599

Vulnerable Library - loader-utils-2.0.2.tgz

utils for webpack loaders

Library home page: https://registry.npmjs.org/loader-utils/-/loader-utils-2.0.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/loader-utils/package.json

Dependency Hierarchy:

  • vuepress-plugin-vue-example-2.0.1.tgz (Root Library)
    • raw-loader-4.0.2.tgz
      • โŒ loader-utils-2.0.2.tgz (Vulnerable Library)

Found in HEAD commit: 384938a994a16dccd27675fdd242594327b2d423

Found in base branch: main

Vulnerability Details

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.

Publish Date: 2022-10-11

URL: CVE-2022-37599

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-hhq3-ff78-jv3g

Release Date: 2022-10-11

Fix Resolution: loader-utils - 1.4.2,2.0.4,3.2.1

Step up your Open Source Security Game with Mend here

plugin-search-2.0.0-beta.37.tgz: 1 vulnerabilities (highest severity is: 7.5) - autoclosed

Vulnerable Library - plugin-search-2.0.0-beta.37.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/glob-parent/package.json

Found in HEAD commit: 384938a994a16dccd27675fdd242594327b2d423

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (plugin-search version) Remediation Available
CVE-2021-35065 High 7.5 glob-parent-5.1.2.tgz Transitive N/A* โŒ

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the section "Details" below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2021-35065

Vulnerable Library - glob-parent-5.1.2.tgz

Extract the non-magic parent path from a glob string.

Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/glob-parent/package.json

Dependency Hierarchy:

  • plugin-search-2.0.0-beta.37.tgz (Root Library)
    • chokidar-3.5.3.tgz
      • โŒ glob-parent-5.1.2.tgz (Vulnerable Library)

Found in HEAD commit: 384938a994a16dccd27675fdd242594327b2d423

Found in base branch: main

Vulnerability Details

The package glob-parent from 6.0.0 and before 6.0.1 are vulnerable to Regular Expression Denial of Service (ReDoS)

Publish Date: 2021-06-22

URL: CVE-2021-35065

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-cj88-88mr-972w

Release Date: 2021-06-22

Fix Resolution: glob-parent - 6.0.1

Step up your Open Source Security Game with Mend here

postcss-inline-svg-5.0.0.tgz: 1 vulnerabilities (highest severity is: 7.5)

Vulnerable Library - postcss-inline-svg-5.0.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/css-what/package.json

Found in HEAD commit: 384938a994a16dccd27675fdd242594327b2d423

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (postcss-inline-svg version) Remediation Available
CVE-2021-33587 High 7.5 css-what-4.0.0.tgz Transitive N/A* โŒ

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2021-33587

Vulnerable Library - css-what-4.0.0.tgz

a CSS selector parser

Library home page: https://registry.npmjs.org/css-what/-/css-what-4.0.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/css-what/package.json

Dependency Hierarchy:

  • postcss-inline-svg-5.0.0.tgz (Root Library)
    • css-select-3.1.2.tgz
      • โŒ css-what-4.0.0.tgz (Vulnerable Library)

Found in HEAD commit: 384938a994a16dccd27675fdd242594327b2d423

Found in base branch: main

Vulnerability Details

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.

Publish Date: 2021-05-28

URL: CVE-2021-33587

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33587

Release Date: 2021-05-28

Fix Resolution: css-what - 5.0.1

Step up your Open Source Security Game with Mend here

bundler-vite-2.0.0-beta.37.tgz: 1 vulnerabilities (highest severity is: 4.3)

Vulnerable Library - bundler-vite-2.0.0-beta.37.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/@vuepress/bundler-vite/node_modules/vite/package.json

Found in HEAD commit: 384938a994a16dccd27675fdd242594327b2d423

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (bundler-vite version) Remediation Available
CVE-2022-35204 Medium 4.3 vite-2.8.6.tgz Transitive N/A* โŒ

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2022-35204

Vulnerable Library - vite-2.8.6.tgz

Native-ESM powered web dev build tool

Library home page: https://registry.npmjs.org/vite/-/vite-2.8.6.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/@vuepress/bundler-vite/node_modules/vite/package.json

Dependency Hierarchy:

  • bundler-vite-2.0.0-beta.37.tgz (Root Library)
    • โŒ vite-2.8.6.tgz (Vulnerable Library)

Found in HEAD commit: 384938a994a16dccd27675fdd242594327b2d423

Found in base branch: main

Vulnerability Details

Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service.

Publish Date: 2022-08-18

URL: CVE-2022-35204

CVSS 3 Score Details (4.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35204

Release Date: 2022-08-18

Fix Resolution: vite - 2.9.13

Step up your Open Source Security Game with Mend here

style-dictionary-3.7.0.tgz: 1 vulnerabilities (highest severity is: 8.8)

Vulnerable Library - style-dictionary-3.7.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/json5/package.json

Found in HEAD commit: 384938a994a16dccd27675fdd242594327b2d423

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (style-dictionary version) Remediation Available
CVE-2022-46175 High 8.8 json5-2.2.1.tgz Transitive 3.7.1 โŒ

Details

CVE-2022-46175

Vulnerable Library - json5-2.2.1.tgz

JSON for humans.

Library home page: https://registry.npmjs.org/json5/-/json5-2.2.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/json5/package.json

Dependency Hierarchy:

  • style-dictionary-3.7.0.tgz (Root Library)
    • โŒ json5-2.2.1.tgz (Vulnerable Library)

Found in HEAD commit: 384938a994a16dccd27675fdd242594327b2d423

Found in base branch: main

Vulnerability Details

JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The parse method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named __proto__, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by JSON5.parse and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. JSON5.parse should restrict parsing of __proto__ keys when parsing JSON strings to objects. As a point of reference, the JSON.parse method included in JavaScript ignores __proto__ keys. Simply changing JSON5.parse to JSON.parse in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2, 2.2.2, and later.

Publish Date: 2022-12-24

URL: CVE-2022-46175

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2022-46175

Release Date: 2022-12-24

Fix Resolution (json5): 2.2.2

Direct dependency fix Resolution (style-dictionary): 3.7.1

Step up your Open Source Security Game with Mend here

vite-2.9.1.tgz: 1 vulnerabilities (highest severity is: 4.3)

Vulnerable Library - vite-2.9.1.tgz

Native-ESM powered web dev build tool

Library home page: https://registry.npmjs.org/vite/-/vite-2.9.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/vite/package.json

Found in HEAD commit: 384938a994a16dccd27675fdd242594327b2d423

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (vite version) Remediation Available
CVE-2022-35204 Medium 4.3 vite-2.9.1.tgz Direct 2.9.14 โŒ

Details

CVE-2022-35204

Vulnerable Library - vite-2.9.1.tgz

Native-ESM powered web dev build tool

Library home page: https://registry.npmjs.org/vite/-/vite-2.9.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/vite/package.json

Dependency Hierarchy:

  • โŒ vite-2.9.1.tgz (Vulnerable Library)

Found in HEAD commit: 384938a994a16dccd27675fdd242594327b2d423

Found in base branch: main

Vulnerability Details

Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service.

Publish Date: 2022-08-18

URL: CVE-2022-35204

CVSS 3 Score Details (4.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35204

Release Date: 2022-08-18

Fix Resolution: 2.9.14

Step up your Open Source Security Game with Mend here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.