alekeagle / eaglebot-eris Goto Github PK
View Code? Open in Web Editor NEWEagleBot in Eris form
EagleBot in Eris form
Advanced file system stream things
Library home page: https://registry.npmjs.org/fstream/-/fstream-1.0.11.tgz
Path to dependency file: /EagleBot-Eris/package.json
Path to vulnerable library: /tmp/git/EagleBot-Eris/node_modules/npm/node_modules/fstream/package.json
Dependency Hierarchy:
Found in HEAD commit: ce922ebbd3d4363a4bfec25758f14fca5e5c862b
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.
Publish Date: 2019-07-02
URL: CVE-2019-13173
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13173
Release Date: 2019-07-02
Fix Resolution: 1.0.12
Step up your Open Source Security Game with WhiteSource here
Memoize functions - An optimization used to speed up consecutive function calls by caching the result of calls with identical input
Library home page: https://registry.npmjs.org/mem/-/mem-1.1.0.tgz
Path to dependency file: /tmp/ws-scm/EagleBot-Eris/package.json
Path to vulnerable library: /tmp/ws-scm/EagleBot-Eris/node_modules/npm/node_modules/mem/package.json
Dependency Hierarchy:
Found in HEAD commit: 8e4252df4aac30e6a4c5290e1fd41b5bad1b7399
Denial of Service (DoS) vulnerability found in mem before 4.0.0. There is a failure in removal of old values from the cache. As a result, attacker may exhaust the system's memory.
Publish Date: 2019-12-01
URL: WS-2019-0307
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1084
Release Date: 2019-12-01
Fix Resolution: mem - 4.0.0
Step up your Open Source Security Game with WhiteSource here
Promise based HTTP client for the browser and node.js
Library home page: https://registry.npmjs.org/axios/-/axios-0.18.0.tgz
Path to dependency file: /EagleBot-Eris/package.json
Path to vulnerable library: /EagleBot-Eris/node_modules/axios/package.json
Dependency Hierarchy:
Found in HEAD commit: ce922ebbd3d4363a4bfec25758f14fca5e5c862b
Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.
Publish Date: 2019-05-07
URL: CVE-2019-10742
Base Score Metrics:
Type: Upgrade version
Origin: axios/axios#1098
Release Date: 2019-05-31
Fix Resolution: 0.19.0
Step up your Open Source Security Game with WhiteSource here
Memoize functions - An optimization used to speed up consecutive function calls by caching the result of calls with identical input
Library home page: https://registry.npmjs.org/mem/-/mem-1.1.0.tgz
Path to dependency file: /EagleBot-Eris/package.json
Path to vulnerable library: /tmp/git/EagleBot-Eris/node_modules/npm/node_modules/mem/package.json
Dependency Hierarchy:
Found in HEAD commit: ce922ebbd3d4363a4bfec25758f14fca5e5c862b
In nodejs-mem before version 4.0.0 there is a memory leak due to old results not being removed from the cache despite reaching maxAge. Exploitation of this can lead to exhaustion of memory and subsequent denial of service.
Publish Date: 2019-05-30
URL: WS-2018-0236
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1623744
Release Date: 2019-05-30
Fix Resolution: 4.0.0
Step up your Open Source Security Game with WhiteSource here
An HTTP(s) proxy `http.Agent` implementation for HTTPS
Library home page: https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-2.2.1.tgz
Path to dependency file: /tmp/ws-scm/EagleBot-Eris/package.json
Path to vulnerable library: /tmp/ws-scm/EagleBot-Eris/node_modules/https-proxy-agent/package.json
Dependency Hierarchy:
Found in HEAD commit: 8e4252df4aac30e6a4c5290e1fd41b5bad1b7399
There is a Machine-In-The-Middle vulnerability found in https-proxy-agent before 2.2.3. There is a failure of TLS enforcement on the socket. Attacker may intercept unencrypted communications.
Publish Date: 2019-12-01
URL: WS-2019-0310
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1184
Release Date: 2019-12-01
Fix Resolution: https-proxy-agent - 2.2.3
Step up your Open Source Security Game with WhiteSource here
tar for node
Library home page: https://registry.npmjs.org/tar/-/tar-2.2.1.tgz
Path to dependency file: /EagleBot-Eris/package.json
Path to vulnerable library: /tmp/git/EagleBot-Eris/node_modules/npm/node_modules/node-gyp/node_modules/tar/package.json
Dependency Hierarchy:
Found in HEAD commit: 2468809357b1a8e8da5ad05aacd34803bfc5ca9e
Versions of node-tar prior to 4.4.2 are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file.
Publish Date: 2019-04-05
URL: WS-2019-0047
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/803
Release Date: 2019-04-05
Fix Resolution: 4.4.2
Step up your Open Source Security Game with WhiteSource here
Advanced file system stream things
Library home page: https://registry.npmjs.org/fstream/-/fstream-1.0.11.tgz
Path to dependency file: /EagleBot-Eris/package.json
Path to vulnerable library: /tmp/git/EagleBot-Eris/node_modules/npm/node_modules/fstream/package.json
Dependency Hierarchy:
Found in HEAD commit: ce922ebbd3d4363a4bfec25758f14fca5e5c862b
Versions of fstream prior to 1.0.12 are vulnerable to Arbitrary File Overwrite.
Publish Date: 2019-05-23
URL: WS-2019-0100
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/886
Release Date: 2019-05-23
Fix Resolution: 1.0.12
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz
Path to dependency file: /EagleBot-Eris/package.json
Path to vulnerable library: /tmp/git/EagleBot-Eris/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: ce922ebbd3d4363a4bfec25758f14fca5e5c862b
A Prototype Pollution vulnerability was found in lodash through version 4.17.11.
Publish Date: 2019-07-08
URL: CVE-2019-10744
Type: Upgrade version
Origin: lodash/lodash@a01e4fa
Release Date: 2019-07-08
Fix Resolution: 4.17.12
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.