GithubHelp home page GithubHelp logo

uboss's Issues

WS-2019-0063 (High) detected in js-yaml-3.12.2.tgz

WS-2019-0063 - High Severity Vulnerability

Vulnerable Library - js-yaml-3.12.2.tgz

YAML 1.2 parser and serializer

Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.12.2.tgz

Path to dependency file: /uBoss/package.json

Path to vulnerable library: /tmp/git/uBoss/node_modules/js-yaml/package.json

Dependency Hierarchy:

  • react-scripts-2.1.8.tgz (Root Library)
    • eslint-5.12.0.tgz
      • js-yaml-3.12.2.tgz (Vulnerable Library)

Found in HEAD commit: 9ee1f675cb5c94aa16c0ac1dccdca0afdef27d40

Vulnerability Details

Js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file.

Publish Date: 2019-04-30

URL: WS-2019-0063

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/813

Release Date: 2019-04-30

Fix Resolution: 3.13.1

Step up your Open Source Security Game with WhiteSource here

WS-2019-0019 Medium Severity Vulnerability detected by WhiteSource

WS-2019-0019 - Medium Severity Vulnerability

Vulnerable Library - braces-1.8.5.tgz

Fastest brace expansion for node.js, with the most complete support for the Bash 4.3 braces specification.

path: /tmp/git/uBoss/node_modules/braces/package.json

Library home page: https://registry.npmjs.org/braces/-/braces-1.8.5.tgz

Dependency Hierarchy:

  • react-scripts-2.1.8.tgz (Root Library)
    • jest-23.6.0.tgz
      • jest-cli-23.6.0.tgz
        • micromatch-2.3.11.tgz
          • braces-1.8.5.tgz (Vulnerable Library)

Vulnerability Details

Version of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.

Publish Date: 2019-02-21

URL: WS-2019-0019

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/786

Release Date: 2019-02-21

Fix Resolution: 2.3.1

Step up your Open Source Security Game with WhiteSource here

WS-2019-0032 Medium Severity Vulnerability detected by WhiteSource

WS-2019-0032 - Medium Severity Vulnerability

Vulnerable Library - js-yaml-3.12.2.tgz

YAML 1.2 parser and serializer

path: /tmp/git/uBoss/node_modules/js-yaml/package.json

Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.12.2.tgz

Dependency Hierarchy:

  • react-scripts-2.1.8.tgz (Root Library)
    • eslint-5.12.0.tgz
      • js-yaml-3.12.2.tgz (Vulnerable Library)

Found in HEAD commit: 7e570c8c7d27e2e1f27e9eb4f3cde336881a3acb

Vulnerability Details

Versions js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

Publish Date: 2019-03-26

URL: WS-2019-0032

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/788/versions

Release Date: 2019-03-26

Fix Resolution: 3.13.0

Step up your Open Source Security Game with WhiteSource here

user profile menu stacked

after closing the interface of profile management the menu still up and cant click outside. the problem is related to anchorEL and it needs to be set it back to null

Dashboards Management

Implement the dashboards management in the application, and it has the following requirements

  • create a dashboard
  • edit dashboards
  • show dashboards
  • connect trello account
  • select the transform method (source list -> target list)
  • select dashboards from trello to load
  • Backend API

Edit dashboard note
for now, the dashboards edit can have an impact on the name and the description, lists name cannot be changed right now

WS-2019-0047 Medium Severity Vulnerability detected by WhiteSource

WS-2019-0047 - Medium Severity Vulnerability

Vulnerable Library - tar-4.4.1.tgz

tar for node

Library home page: https://registry.npmjs.org/tar/-/tar-4.4.1.tgz

Dependency Hierarchy:

  • react-scripts-2.1.8.tgz (Root Library)
    • fsevents-1.2.4.tgz
      • node-pre-gyp-0.10.0.tgz
        • tar-4.4.1.tgz (Vulnerable Library)

Found in HEAD commit: 8b5d7641af924a5670dfc24f163d7d19ea3126d3

Vulnerability Details

Versions of node-tar prior to 4.4.2 are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file.

Publish Date: 2019-04-05

URL: WS-2019-0047

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/803

Release Date: 2019-04-05

Fix Resolution: 4.4.2

Step up your Open Source Security Game with WhiteSource here

WS-2019-0064 (High) detected in handlebars-4.1.1.tgz

WS-2019-0064 - High Severity Vulnerability

Vulnerable Library - handlebars-4.1.1.tgz

Handlebars provides the power necessary to let you build semantic templates effectively with no frustration

Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.1.1.tgz

Path to dependency file: /uBoss/package.json

Path to vulnerable library: /tmp/git/uBoss/node_modules/handlebars/package.json

Dependency Hierarchy:

  • react-scripts-2.1.8.tgz (Root Library)
    • jest-23.6.0.tgz
      • jest-cli-23.6.0.tgz
        • istanbul-api-1.3.7.tgz
          • istanbul-reports-1.5.1.tgz
            • handlebars-4.1.1.tgz (Vulnerable Library)

Found in HEAD commit: 9ee1f675cb5c94aa16c0ac1dccdca0afdef27d40

Vulnerability Details

Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.

Publish Date: 2019-04-30

URL: WS-2019-0064

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/755/versions

Release Date: 2019-04-30

Fix Resolution: 1.0.6-2,4.0.14,4.1.2

Step up your Open Source Security Game with WhiteSource here

security work

  • getting APP_KEY from the backend
  • hash the local storage

Release 2

The following issue represents the second release in our app
image

Main axes to work on :

  • Showing card
  • Card data are shown in a popup
  • Card DND
  • Card API for all supported Platform (only trello)
  • Styling card depend on user view mode

User management

Full sprint run on the user management

  • Logout
  • Edit profile {data - password}
  • Signup
  • Login

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.