GithubHelp home page GithubHelp logo

77's Introduction

Nodejs Sailjs web application

Sample Nodejs Sailjs web application built on visual studio code.

Language Framework Runtime Platform Author
javascript Sailjs node Azure Web App

Installation

For development, you will need Node.js and a node global package

Node

If the installation was successful, you should be able to run the following command.

$ node --version
v8.11.3

$ npm --version
6.1.0

If you need to update npm, you can make it using npm! Cool right? After running the following command, just open again the command line and be happy.

$ npm install npm -g

Running

    $ git clone https://github.com/YOUR_USERNAME/REPOSITORY_NAME.git
    $ cd Application
    $ npm install -g
    $ cd Application
    $ npm start
    $ cd Tests
    $ npm install -g
    $ npm test

Deploying on Azure

Any change to this repository will result in triggering a workflow to build and deploy this app on azure as an app service. Learn more about Azure App Service and Github Actions.

Contributing

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

License:

See LICENSE.

77's People

Contributors

classicvalues avatar deepsource-autofix[bot] avatar deepsourcebot avatar dependabot[bot] avatar depfu[bot] avatar mend-bolt-for-github[bot] avatar renovate[bot] avatar snyk-bot avatar

Stargazers

avatar avatar

Watchers

avatar avatar avatar

Forkers

lovetyagi-17 00mjk

77's Issues

CVE-2020-11023 (Medium) detected in jquery-1.11.1.min.js - autoclosed

CVE-2020-11023 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.11.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js

Path to dependency file: /Application/node_modules/@sailshq/nedb/browser-version/test/index.html

Path to vulnerable library: /Application/node_modules/@sailshq/nedb/browser-version/test/jquery.min.js

Dependency Hierarchy:

  • jquery-1.11.1.min.js (Vulnerable Library)

Found in HEAD commit: fefe12a162add6ddeaaa7750d2ec2b1a4bc53eff

Found in base branch: master

Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11023

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6,https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440

Release Date: 2020-04-29

Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0

Step up your Open Source Security Game with WhiteSource here

CVE-2022-1537 (High) detected in grunt-1.4.1.tgz - autoclosed

CVE-2022-1537 - High Severity Vulnerability

Vulnerable Library - grunt-1.4.1.tgz

The JavaScript Task Runner

Library home page: https://registry.npmjs.org/grunt/-/grunt-1.4.1.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/grunt/package.json

Dependency Hierarchy:

  • grunt-1.4.1.tgz (Vulnerable Library)

Found in HEAD commit: ad3bc61f12418516c390ff622f39243a04a0650e

Found in base branch: master

Vulnerability Details

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.

Publish Date: 2022-05-10

URL: CVE-2022-1537

CVSS 3 Score Details (7.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4d/

Release Date: 2022-05-10

Fix Resolution: 1.5.3

Step up your Open Source Security Game with WhiteSource here

CVE-2021-29469 (High) detected in redis-2.8.0.tgz - autoclosed

CVE-2021-29469 - High Severity Vulnerability

Vulnerable Library - redis-2.8.0.tgz

Redis client library

Library home page: https://registry.npmjs.org/redis/-/redis-2.8.0.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/redis/package.json

Dependency Hierarchy:

  • sails-1.5.2.tgz (Root Library)
    • machinepack-redis-2.0.6.tgz
      • redis-2.8.0.tgz (Vulnerable Library)

Found in HEAD commit: ad3bc61f12418516c390ff622f39243a04a0650e

Found in base branch: master

Vulnerability Details

Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issue is patched in version 3.1.1.

Publish Date: 2021-04-23

URL: CVE-2021-29469

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-35q2-47q7-3pc3

Release Date: 2021-04-23

Fix Resolution: redis - 3.1.1

Step up your Open Source Security Game with Mend here

CVE-2022-25883 (High) detected in multiple libraries

CVE-2022-25883 - High Severity Vulnerability

Vulnerable Libraries - semver-7.5.1.tgz, semver-4.3.6.tgz, semver-5.4.1.tgz, semver-5.7.1.tgz

semver-7.5.1.tgz

Library home page: https://registry.npmjs.org/semver/-/semver-7.5.1.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/@opentelemetry/instrumentation/node_modules/semver/package.json

Dependency Hierarchy:

  • applicationinsights-2.7.0.tgz (Root Library)
    • opentelemetry-instrumentation-azure-sdk-1.0.0-beta.3.tgz
      • instrumentation-0.35.1.tgz
        • semver-7.5.1.tgz (Vulnerable Library)
semver-4.3.6.tgz

The semantic version parser used by npm.

Library home page: https://registry.npmjs.org/semver/-/semver-4.3.6.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/sails/node_modules/semver/package.json,/Application/node_modules/skipper/node_modules/semver/package.json

Dependency Hierarchy:

  • sails-1.5.4.tgz (Root Library)
    • semver-4.3.6.tgz (Vulnerable Library)
semver-5.4.1.tgz

The semantic version parser used by npm.

Library home page: https://registry.npmjs.org/semver/-/semver-5.4.1.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/semver/package.json

Dependency Hierarchy:

  • sails-1.5.6.tgz (Root Library)
    • captains-log-2.0.3.tgz
      • semver-5.4.1.tgz (Vulnerable Library)
semver-5.7.1.tgz

The semantic version parser used by npm.

Library home page: https://registry.npmjs.org/semver/-/semver-5.7.1.tgz

Dependency Hierarchy:

  • applicationinsights-2.7.0.tgz (Root Library)
    • diagnostic-channel-1.1.0.tgz
      • semver-5.7.1.tgz (Vulnerable Library)

Found in HEAD commit: ac37c17ffd352a8f2f390c54b6556c77a49c7631

Found in base branch: master

Vulnerability Details

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

Publish Date: 2023-06-21

URL: CVE-2022-25883

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-c2qf-rxjj-qqgw

Release Date: 2023-06-21

Fix Resolution: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2

Step up your Open Source Security Game with Mend here

WS-2021-0153 (High) detected in ejs-2.5.7.tgz - autoclosed

WS-2021-0153 - High Severity Vulnerability

Vulnerable Library - ejs-2.5.7.tgz

Embedded JavaScript templates

Library home page: https://registry.npmjs.org/ejs/-/ejs-2.5.7.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/sails/node_modules/ejs/package.json

Dependency Hierarchy:

  • sails-1.5.2.tgz (Root Library)
    • ejs-2.5.7.tgz (Vulnerable Library)

Found in HEAD commit: ad3bc61f12418516c390ff622f39243a04a0650e

Found in base branch: master

Vulnerability Details

Arbitrary Code Injection vulnerability was found in ejs before 3.1.6. Caused by filename which isn't sanitized for display.

Publish Date: 2021-01-22

URL: WS-2021-0153

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2021-01-22

Fix Resolution: ejs - 3.1.6

Step up your Open Source Security Game with Mend here

WS-2018-0148 (High) detected in utile-0.3.0.tgz - autoclosed

WS-2018-0148 - High Severity Vulnerability

Vulnerable Library - utile-0.3.0.tgz

A drop-in replacement for `util` with some additional advantageous functions

Library home page: https://registry.npmjs.org/utile/-/utile-0.3.0.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/utile/package.json

Dependency Hierarchy:

  • sails-1.5.0.tgz (Root Library)
    • prompt-1.1.0.tgz
      • utile-0.3.0.tgz (Vulnerable Library)

Found in HEAD commit: fefe12a162add6ddeaaa7750d2ec2b1a4bc53eff

Found in base branch: master

Vulnerability Details

The utile npm module, version 0.3.0, allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed (e.g. from JSON).

Publish Date: 2018-07-16

URL: WS-2018-0148

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/WS-2018-0148

Release Date: 2018-01-16

Fix Resolution: JetBrains.Rider.Frontend5 - 213.0.20211008.154703-eap03

Step up your Open Source Security Game with WhiteSource here

CVE-2015-9251 (Medium) detected in jquery-1.11.1.min.js - autoclosed

CVE-2015-9251 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.11.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js

Path to dependency file: /Application/node_modules/@sailshq/nedb/browser-version/test/index.html

Path to vulnerable library: /Application/node_modules/@sailshq/nedb/browser-version/test/jquery.min.js

Dependency Hierarchy:

  • jquery-1.11.1.min.js (Vulnerable Library)

Found in HEAD commit: fefe12a162add6ddeaaa7750d2ec2b1a4bc53eff

Found in base branch: master

Vulnerability Details

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Publish Date: 2018-01-18

URL: CVE-2015-9251

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251

Release Date: 2018-01-18

Fix Resolution: jQuery - v3.0.0

Step up your Open Source Security Game with WhiteSource here

CVE-2021-3820 (Medium) detected in i-0.3.6.tgz - autoclosed

CVE-2021-3820 - Medium Severity Vulnerability

Vulnerable Library - i-0.3.6.tgz

custom inflections for nodejs

Library home page: https://registry.npmjs.org/i/-/i-0.3.6.tgz

Path to dependency file: 77/Application/package.json

Path to vulnerable library: 77/Application/node_modules/i/package.json

Dependency Hierarchy:

  • sails-1.4.4.tgz (Root Library)
    • prompt-1.1.0.tgz
      • utile-0.3.0.tgz
        • i-0.3.6.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

inflect is vulnerable to Inefficient Regular Expression Complexity

Publish Date: 2021-09-27

URL: CVE-2021-3820

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: N/A
    • Attack Complexity: N/A
    • Privileges Required: N/A
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3820

Release Date: 2021-09-27

Fix Resolution: i - 0.3.7

Step up your Open Source Security Game with WhiteSource here

CVE-2021-3765 (High) detected in validator-5.7.0.tgz - autoclosed

CVE-2021-3765 - High Severity Vulnerability

Vulnerable Library - validator-5.7.0.tgz

String validation and sanitization

Library home page: https://registry.npmjs.org/validator/-/validator-5.7.0.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/validator/package.json

Dependency Hierarchy:

  • sails-1.5.2.tgz (Root Library)
    • machine-15.2.2.tgz
      • anchor-1.4.0.tgz
        • validator-5.7.0.tgz (Vulnerable Library)

Found in HEAD commit: ad3bc61f12418516c390ff622f39243a04a0650e

Found in base branch: master

Vulnerability Details

validator.js is vulnerable to Inefficient Regular Expression Complexity

Publish Date: 2021-11-02

URL: CVE-2021-3765

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-qgmg-gppg-76g5

Release Date: 2021-11-02

Fix Resolution: validator - 13.7.0

Step up your Open Source Security Game with Mend here

CVE-2022-24999 (High) detected in qs-6.7.0.tgz, qs-6.5.1.tgz - autoclosed

CVE-2022-24999 - High Severity Vulnerability

Vulnerable Libraries - qs-6.7.0.tgz, qs-6.5.1.tgz

qs-6.7.0.tgz

A querystring parser that supports nesting and arrays, with a depth limit

Library home page: https://registry.npmjs.org/qs/-/qs-6.7.0.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/express/node_modules/qs/package.json,/Application/node_modules/body-parser/node_modules/qs/package.json

Dependency Hierarchy:

  • sails-1.5.3.tgz (Root Library)
    • express-4.17.1.tgz
      • qs-6.7.0.tgz (Vulnerable Library)
qs-6.5.1.tgz

A querystring parser that supports nesting and arrays, with a depth limit

Library home page: https://registry.npmjs.org/qs/-/qs-6.5.1.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/qs/package.json

Dependency Hierarchy:

  • grunt-contrib-watch-1.1.0.tgz (Root Library)
    • tiny-lr-1.1.1.tgz
      • qs-6.5.1.tgz (Vulnerable Library)

Found in HEAD commit: 557ce3a63b9689f3222aed75bacf3887fc7e8e3f

Found in base branch: master

Vulnerability Details

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[proto]=b&a[proto]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: [email protected]" in its release description, is not vulnerable).

Publish Date: 2022-11-26

URL: CVE-2022-24999

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2022-24999

Release Date: 2022-11-26

Fix Resolution (qs): 6.7.3

Direct dependency fix Resolution (sails): 1.5.4

Step up your Open Source Security Game with Mend here

Depfu Error: Depfu is stuck and needs your help

Hello,

⚠️ We're getting errors with this repo and have given up after trying several times.

In most cases that means something is wrong with your current Npm setup and we can't fix it automatically:

• Error details:
Invalid JSON
• Error details:
Invalid JSON
• Error details:
Invalid JSON

After you've fixed the problem, please activate this project again in the Depfu Dashboard.

👉 We will not send you further PRs until this is fixed and the repo is activated again.

If you need help or this looks like an error on our side, please send us an email.

CVE-2020-11022 (Medium) detected in jquery-1.11.1.min.js - autoclosed

CVE-2020-11022 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.11.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js

Path to dependency file: /Application/node_modules/@sailshq/nedb/browser-version/test/index.html

Path to vulnerable library: /Application/node_modules/@sailshq/nedb/browser-version/test/jquery.min.js

Dependency Hierarchy:

  • jquery-1.11.1.min.js (Vulnerable Library)

Found in HEAD commit: fefe12a162add6ddeaaa7750d2ec2b1a4bc53eff

Found in base branch: master

Vulnerability Details

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

Step up your Open Source Security Game with WhiteSource here

CVE-2021-23395 (Medium) detected in nedb-1.8.0.tgz - autoclosed

CVE-2021-23395 - Medium Severity Vulnerability

Vulnerable Library - nedb-1.8.0.tgz

File-based embedded data store for node.js

Library home page: https://registry.npmjs.org/nedb/-/nedb-1.8.0.tgz

Path to dependency file: 77/Application/package.json

Path to vulnerable library: 77/Application/node_modules/nedb/package.json

Dependency Hierarchy:

  • sails-disk-2.1.0.tgz (Root Library)
    • nedb-1.8.0.tgz (Vulnerable Library)

Found in HEAD commit: fefe12a162add6ddeaaa7750d2ec2b1a4bc53eff

Found in base branch: master

Vulnerability Details

This affects all versions of package nedb. The library could be tricked into adding or modifying properties of Object.prototype using a proto or constructor.prototype payload.

Publish Date: 2021-06-15

URL: CVE-2021-23395

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2022-3517 (High) detected in minimatch-3.0.4.tgz - autoclosed

CVE-2022-3517 - High Severity Vulnerability

Vulnerable Library - minimatch-3.0.4.tgz

a glob matcher in javascript

Library home page: https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/minimatch/package.json

Dependency Hierarchy:

  • grunt-1.5.3.tgz (Root Library)
    • minimatch-3.0.4.tgz (Vulnerable Library)

Found in HEAD commit: ad3bc61f12418516c390ff622f39243a04a0650e

Found in base branch: master

Vulnerability Details

A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.

Publish Date: 2022-10-17

URL: CVE-2022-3517

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-10-17

Fix Resolution: minimatch - 3.0.5

Step up your Open Source Security Game with Mend here

CVE-2022-0436 (Medium) detected in grunt-1.4.1.tgz - autoclosed

CVE-2022-0436 - Medium Severity Vulnerability

Vulnerable Library - grunt-1.4.1.tgz

The JavaScript Task Runner

Library home page: https://registry.npmjs.org/grunt/-/grunt-1.4.1.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/grunt/package.json

Dependency Hierarchy:

  • grunt-1.4.1.tgz (Vulnerable Library)

Found in HEAD commit: ad3bc61f12418516c390ff622f39243a04a0650e

Found in base branch: master

Vulnerability Details

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.

Publish Date: 2022-04-12

URL: CVE-2022-0436

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0436

Release Date: 2022-04-12

Fix Resolution: 1.5.1

Step up your Open Source Security Game with WhiteSource here

CVE-2021-44906 (High) detected in multiple libraries - autoclosed

CVE-2021-44906 - High Severity Vulnerability

Vulnerable Libraries - minimist-0.0.8.tgz, minimist-1.2.0.tgz, minimist-1.2.5.tgz

minimist-0.0.8.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/mkdirp/node_modules/minimist/package.json

Dependency Hierarchy:

  • sails-disk-2.1.1.tgz (Root Library)
    • nedb-1.8.1.tgz
      • mkdirp-0.5.1.tgz
        • minimist-0.0.8.tgz (Vulnerable Library)
minimist-1.2.0.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/minimist/package.json

Dependency Hierarchy:

  • rc-1.2.8.tgz (Root Library)
    • minimist-1.2.0.tgz (Vulnerable Library)
minimist-1.2.5.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/sails/node_modules/minimist/package.json

Dependency Hierarchy:

  • sails-1.5.2.tgz (Root Library)
    • minimist-1.2.5.tgz (Vulnerable Library)

Found in HEAD commit: ad3bc61f12418516c390ff622f39243a04a0650e

Found in base branch: master

Vulnerability Details

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

Publish Date: 2022-03-17

URL: CVE-2021-44906

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-03-17

Fix Resolution: minimist - 1.2.6

Step up your Open Source Security Game with Mend here

CVE-2020-7788 (Critical) detected in ini-1.3.4.tgz - autoclosed

CVE-2020-7788 - Critical Severity Vulnerability

Vulnerable Library - ini-1.3.4.tgz

An ini encoder/decoder for node

Library home page: https://registry.npmjs.org/ini/-/ini-1.3.4.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/ini/package.json

Dependency Hierarchy:

  • rc-1.2.8.tgz (Root Library)
    • ini-1.3.4.tgz (Vulnerable Library)

Found in HEAD commit: ad3bc61f12418516c390ff622f39243a04a0650e

Found in base branch: master

Vulnerability Details

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.

Publish Date: 2020-12-11

URL: CVE-2020-7788

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788

Release Date: 2020-12-11

Fix Resolution: v1.3.6

Step up your Open Source Security Game with Mend here

CVE-2020-7598 (Medium) detected in minimist-1.2.0.tgz, minimist-0.0.8.tgz - autoclosed

CVE-2020-7598 - Medium Severity Vulnerability

Vulnerable Libraries - minimist-1.2.0.tgz, minimist-0.0.8.tgz

minimist-1.2.0.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/minimist/package.json

Dependency Hierarchy:

  • rc-1.2.8.tgz (Root Library)
    • minimist-1.2.0.tgz (Vulnerable Library)
minimist-0.0.8.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/mkdirp/node_modules/minimist/package.json

Dependency Hierarchy:

  • sails-disk-2.1.1.tgz (Root Library)
    • nedb-1.8.1.tgz
      • mkdirp-0.5.1.tgz
        • minimist-0.0.8.tgz (Vulnerable Library)

Found in HEAD commit: ad3bc61f12418516c390ff622f39243a04a0650e

Found in base branch: master

Vulnerability Details

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.

Publish Date: 2020-03-11

URL: CVE-2020-7598

CVSS 3 Score Details (5.6)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2020-03-11

Fix Resolution: minimist - 0.2.1,1.2.3

Step up your Open Source Security Game with Mend here

CVE-2021-3807 (Medium) detected in ansi-regex-2.1.1.tgz - autoclosed

CVE-2021-3807 - Medium Severity Vulnerability

Vulnerable Library - ansi-regex-2.1.1.tgz

Regular expression for matching ANSI escape codes

Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz

Path to dependency file: 77/Application/package.json

Path to vulnerable library: 77/Application/node_modules/ansi-regex/package.json

Dependency Hierarchy:

  • grunt-contrib-concat-1.0.1.tgz (Root Library)
    • chalk-1.1.3.tgz
      • has-ansi-2.0.0.tgz
        • ansi-regex-2.1.1.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

ansi-regex is vulnerable to Inefficient Regular Expression Complexity

Publish Date: 2021-09-17

URL: CVE-2021-3807

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: N/A
    • Attack Complexity: N/A
    • Privileges Required: N/A
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994/

Release Date: 2021-09-17

Fix Resolution: ansi-regex - 5.0.1,6.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2021-23358 (High) detected in underscore-min-1.8.3.js - autoclosed

CVE-2021-23358 - High Severity Vulnerability

Vulnerable Library - underscore-min-1.8.3.js

JavaScript's functional programming helper library.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js

Path to dependency file: /Application/node_modules/@sailshq/nedb/browser-version/test/index.html

Path to vulnerable library: /Application/node_modules/@sailshq/nedb/browser-version/test/underscore.min.js

Dependency Hierarchy:

  • underscore-min-1.8.3.js (Vulnerable Library)

Found in HEAD commit: fefe12a162add6ddeaaa7750d2ec2b1a4bc53eff

Found in base branch: master

Vulnerability Details

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.

Publish Date: 2021-03-29

URL: CVE-2021-23358

CVSS 3 Score Details (7.2)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: High
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358

Release Date: 2021-03-29

Fix Resolution: underscore - 1.12.1,1.13.0-2

Step up your Open Source Security Game with WhiteSource here

CVE-2022-29078 (High) detected in ejs-2.5.7.tgz - autoclosed

CVE-2022-29078 - High Severity Vulnerability

Vulnerable Library - ejs-2.5.7.tgz

Embedded JavaScript templates

Library home page: https://registry.npmjs.org/ejs/-/ejs-2.5.7.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/sails/node_modules/ejs/package.json

Dependency Hierarchy:

  • sails-1.5.2.tgz (Root Library)
    • ejs-2.5.7.tgz (Vulnerable Library)

Found in HEAD commit: ad3bc61f12418516c390ff622f39243a04a0650e

Found in base branch: master

Vulnerability Details

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).

Publish Date: 2022-04-25

URL: CVE-2022-29078

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29078~

Release Date: 2022-04-25

Fix Resolution: ejs - v3.1.7

Step up your Open Source Security Game with Mend here

WS-2017-3772 (High) detected in underscore.string-3.3.5.tgz - autoclosed

WS-2017-3772 - High Severity Vulnerability

Vulnerable Library - underscore.string-3.3.5.tgz

String manipulation extensions for Underscore.js javascript library.

Library home page: https://registry.npmjs.org/underscore.string/-/underscore.string-3.3.5.tgz

Path to dependency file: 77/Application/package.json

Path to vulnerable library: 77/Application/node_modules/underscore.string/package.json

Dependency Hierarchy:

  • grunt-1.4.1.tgz (Root Library)
    • grunt-legacy-util-2.0.1.tgz
      • underscore.string-3.3.5.tgz (Vulnerable Library)

Found in HEAD commit: fefe12a162add6ddeaaa7750d2ec2b1a4bc53eff

Found in base branch: master

Vulnerability Details

Regular Expression Denial of Service (ReDoS) vulnerability was found in underscore.string 2.4.0 through 3.3.5.

Publish Date: 2017-09-08

URL: WS-2017-3772

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2021-44908 (High) detected in sails-1.5.2.tgz - autoclosed

CVE-2021-44908 - High Severity Vulnerability

Vulnerable Library - sails-1.5.2.tgz

API-driven framework for building realtime apps, using MVC conventions (based on Express and Socket.io)

Library home page: https://registry.npmjs.org/sails/-/sails-1.5.2.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/sails/package.json

Dependency Hierarchy:

  • sails-1.5.2.tgz (Vulnerable Library)

Found in HEAD commit: ad3bc61f12418516c390ff622f39243a04a0650e

Found in base branch: master

Vulnerability Details

SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules().

Publish Date: 2022-03-17

URL: CVE-2021-44908

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-44908

Release Date: 2022-03-17

Fix Resolution: sails - 1.0.0,0.12.10,0.12.2-0,0.12.11

Step up your Open Source Security Game with Mend here

CVE-2021-23343 (High) detected in path-parse-1.0.6.tgz - autoclosed

CVE-2021-23343 - High Severity Vulnerability

Vulnerable Library - path-parse-1.0.6.tgz

Node.js path.parse() ponyfill

Library home page: https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz

Path to dependency file: 77/Application/package.json

Path to vulnerable library: 77/Application/node_modules/path-parse/package.json

Dependency Hierarchy:

  • grunt-1.4.0.tgz (Root Library)
    • grunt-cli-1.4.2.tgz
      • liftup-3.0.1.tgz
        • resolve-1.20.0.tgz
          • path-parse-1.0.6.tgz (Vulnerable Library)

Found in HEAD commit: fefe12a162add6ddeaaa7750d2ec2b1a4bc53eff

Found in base branch: master

Vulnerability Details

All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.

Publish Date: 2021-05-04

URL: CVE-2021-23343

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: jbgutierrez/path-parse#8

Release Date: 2021-05-04

Fix Resolution: path-parse - 1.0.7

Step up your Open Source Security Game with WhiteSource here

CVE-2023-29827 (Critical) detected in ejs-3.1.9.tgz, ejs-3.1.7.tgz - autoclosed

CVE-2023-29827 - Critical Severity Vulnerability

Vulnerable Libraries - ejs-3.1.9.tgz, ejs-3.1.7.tgz

ejs-3.1.9.tgz

Library home page: https://registry.npmjs.org/ejs/-/ejs-3.1.9.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/ejs/package.json

Dependency Hierarchy:

  • ejs-3.1.9.tgz (Vulnerable Library)
ejs-3.1.7.tgz

Embedded JavaScript templates

Library home page: https://registry.npmjs.org/ejs/-/ejs-3.1.7.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/sails/node_modules/ejs/package.json

Dependency Hierarchy:

  • sails-1.5.4.tgz (Root Library)
    • ejs-3.1.7.tgz (Vulnerable Library)

Found in HEAD commit: ad3bc61f12418516c390ff622f39243a04a0650e

Found in base branch: master

Vulnerability Details

** DISPUTED ** ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended to be used with untrusted input.

Publish Date: 2023-05-04

URL: CVE-2023-29827

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

CVE-2021-43138 (High) detected in async-0.2.10.tgz, async-0.9.2.tgz - autoclosed

CVE-2021-43138 - High Severity Vulnerability

Vulnerable Libraries - async-0.2.10.tgz, async-0.9.2.tgz

async-0.2.10.tgz

Higher-order functions and common patterns for asynchronous code

Library home page: https://registry.npmjs.org/async/-/async-0.2.10.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/@sailshq/nedb/node_modules/async/package.json

Dependency Hierarchy:

  • sails-disk-2.1.2.tgz (Root Library)
    • nedb-1.8.2.tgz
      • async-0.2.10.tgz (Vulnerable Library)
async-0.9.2.tgz

Higher-order functions and common patterns for asynchronous code

Library home page: https://registry.npmjs.org/async/-/async-0.9.2.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/prompt/node_modules/async/package.json

Dependency Hierarchy:

  • sails-1.5.3.tgz (Root Library)
    • prompt-1.2.1.tgz
      • async-0.9.2.tgz (Vulnerable Library)

Found in HEAD commit: ad3bc61f12418516c390ff622f39243a04a0650e

Found in base branch: master

Vulnerability Details

In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.

Publish Date: 2022-04-06

URL: CVE-2021-43138

CVSS 3 Score Details (7.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-43138

Release Date: 2022-04-06

Fix Resolution: async - 2.6.4,3.2.2

Step up your Open Source Security Game with Mend here

CVE-2023-38504 (High) detected in sails-1.5.6.tgz, sails-1.5.4.tgz

CVE-2023-38504 - High Severity Vulnerability

Vulnerable Libraries - sails-1.5.6.tgz, sails-1.5.4.tgz

sails-1.5.6.tgz

Library home page: https://registry.npmjs.org/sails/-/sails-1.5.6.tgz

Dependency Hierarchy:

  • sails-1.5.6.tgz (Vulnerable Library)
sails-1.5.4.tgz

Library home page: https://registry.npmjs.org/sails/-/sails-1.5.4.tgz

Dependency Hierarchy:

  • sails-1.5.4.tgz (Vulnerable Library)

Found in HEAD commit: ac37c17ffd352a8f2f390c54b6556c77a49c7631

Found in base branch: master

Vulnerability Details

Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the sails.io.js client.

Publish Date: 2023-07-27

URL: CVE-2023-38504

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-gpw9-fwm8-7rx7

Release Date: 2023-07-27

Fix Resolution: sails - 1.5.7

Step up your Open Source Security Game with Mend here

CVE-2022-0235 (Medium) detected in node-fetch-2.6.5.tgz - autoclosed

CVE-2022-0235 - Medium Severity Vulnerability

Vulnerable Library - node-fetch-2.6.5.tgz

A light-weight module that brings window.fetch to node.js

Library home page: https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.5.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/node-fetch/package.json

Dependency Hierarchy:

  • applicationinsights-2.1.8.tgz (Root Library)
    • core-http-2.2.1.tgz
      • node-fetch-2.6.5.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Publish Date: 2022-01-16

URL: CVE-2022-0235

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-r683-j2x4-v87g

Release Date: 2022-01-16

Fix Resolution: node-fetch - 2.6.7,3.1.1

Step up your Open Source Security Game with WhiteSource here

CVE-2021-3777 (High) detected in tmpl-1.0.4.tgz - autoclosed

CVE-2021-3777 - High Severity Vulnerability

Vulnerable Library - tmpl-1.0.4.tgz

JavaScript micro templates.

Library home page: https://registry.npmjs.org/tmpl/-/tmpl-1.0.4.tgz

Path to dependency file: 77/Application/package.json

Path to vulnerable library: 77/Application/node_modules/tmpl/package.json

Dependency Hierarchy:

  • sails-disk-2.1.0.tgz (Root Library)
    • machinepack-fs-12.0.1.tgz
      • walker-1.0.7.tgz
        • makeerror-1.0.11.tgz
          • tmpl-1.0.4.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity

Publish Date: 2021-09-15

URL: CVE-2021-3777

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/daaku/nodejs-tmpl/releases/tag/v1.0.5

Release Date: 2021-09-15

Fix Resolution: tmpl - 1.0.5

Step up your Open Source Security Game with WhiteSource here

CVE-2023-0842 (Medium) detected in xml2js-0.4.23.tgz - autoclosed

CVE-2023-0842 - Medium Severity Vulnerability

Vulnerable Library - xml2js-0.4.23.tgz

Simple XML to JavaScript object converter.

Library home page: https://registry.npmjs.org/xml2js/-/xml2js-0.4.23.tgz

Path to dependency file: /Application/package.json

Path to vulnerable library: /Application/node_modules/xml2js/package.json

Dependency Hierarchy:

  • applicationinsights-2.3.6.tgz (Root Library)
    • core-http-2.3.1.tgz
      • xml2js-0.4.23.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited.

Publish Date: 2023-04-05

URL: CVE-2023-0842

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

(JS-0049) Avoid square-bracket notation when accessing properties

Description

In JavaScript, there are two ways to access properties of object: - dot-notation (object.property) ( Recommended ) - square-bracket notation (object[&quot;property&quot;]) ( Bad Practice ) The dot notation is often preferred because it is easier to read, less verbose, and works better with aggressive JavaScript minimizers.

Occurrences

There are 5 occurrences of this issue in the repository.

See all occurrences on DeepSource → deepsource.io/gh/LaudateCorpus1/77/issue/JS-0049/occurrences/

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Repository problems

These problems occurred while renovating this repository. View logs.

  • WARN: Fallback to renovate.json file as a preset is deprecated, please use a default.json file instead.
  • WARN: Using npm packages for Renovate presets is now deprecated. Please migrate to repository-based presets instead.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

circleci
.circleci/config.yml
  • node 5.1.0
dockerfile
Application/Dockerfile
  • node 20.8.1
github-actions
.github/workflows/alibabacloud.yml
  • actions/checkout v3
  • aliyun/acr-login v1
  • aliyun/acr-scan v1
  • actions/checkout v3
  • aliyun/acr-login v1
  • aliyun/acr-scan v1
  • aliyun/ack-set-context v1
.github/workflows/anchore.yml
  • actions/checkout v3
  • anchore/scan-action 487706fd9fc531f35bd6fc1edcdbae6bb79870fa
  • github/codeql-action v2
.github/workflows/apisec-scan.yml
  • apisec-inc/apisec-run-scan eadaedebb5b8516971299b64cea226dc9d9edb6c
  • github/codeql-action v2
.github/workflows/aws.yml
  • actions/checkout v3
  • aws-actions/configure-aws-credentials v2
  • aws-actions/amazon-ecr-login v1
  • aws-actions/amazon-ecs-render-task-definition v1
  • aws-actions/amazon-ecs-deploy-task-definition v1
.github/workflows/azure-container-webapp.yml
  • actions/checkout v3
  • docker/setup-buildx-action v2
  • docker/login-action v2.2.0
  • docker/build-push-action v4
  • azure/webapps-deploy v2
.github/workflows/azure-kubernetes-service-helm.yml
  • actions/checkout v3
  • azure/login v1.4.7
  • azure/login v1.4.7
  • azure/aks-set-context v3.2
  • Azure/k8s-create-secret v4.0
  • actions/checkout v3
  • azure/login v1.4.7
  • azure/aks-set-context v3.2
  • azure/k8s-bake v2.4
  • Azure/k8s-deploy v4.9
.github/workflows/azure-kubernetes-service-kompose.yml
  • actions/checkout v3
  • azure/login v1.4.7
  • azure/login v1.4.7
  • azure/aks-set-context v3.2
  • Azure/k8s-create-secret v4.0
  • actions/checkout v3
  • azure/login v1.4.7
  • azure/aks-set-context v3.2
  • azure/k8s-bake v2.4
  • Azure/k8s-deploy v4.9
.github/workflows/azure-kubernetes-service-kustomize.yml
  • actions/checkout v3
  • azure/login v1.4.7
  • azure/login v1.4.7
  • azure/aks-set-context v3.2
  • Azure/k8s-create-secret v4.0
  • actions/checkout v3
  • azure/login v1.4.7
  • azure/aks-set-context v3.2
  • azure/k8s-bake v2.4
  • Azure/k8s-deploy v4.9
.github/workflows/azure-kubernetes-service.yml
  • actions/checkout v3
  • azure/login v1.4.7
  • azure/login v1.4.7
  • azure/aks-set-context v3.2
  • Azure/k8s-create-secret v4.0
  • actions/checkout v3
  • azure/login v1.4.7
  • azure/aks-set-context v3.2
  • Azure/k8s-deploy v4.9
.github/workflows/azure-staticwebapp.yml
  • actions/checkout v3
  • Azure/static-web-apps-deploy v1
  • Azure/static-web-apps-deploy v1
.github/workflows/azure-webapps-dotnet-core.yml
  • actions/checkout v3
  • actions/setup-dotnet v3
  • actions/cache v3
  • actions/upload-artifact v3
  • actions/download-artifact v3
  • azure/webapps-deploy v2
.github/workflows/azure-webapps-java-jar.yml
  • actions/checkout v3
  • actions/setup-java v3.11.0
  • actions/upload-artifact v3
  • actions/download-artifact v3
  • azure/webapps-deploy v2
.github/workflows/azure-webapps-node.yml
  • actions/checkout v3
  • actions/setup-node v3
  • actions/upload-artifact v3
  • actions/download-artifact v3
  • azure/webapps-deploy v2
.github/workflows/azure-webapps-php.yml
  • actions/checkout v3
  • shivammathur/setup-php 9c77701ae57b0c47f6732beebfbdec76e4e5c90a
  • andstor/file-existence-action 20b4d2e596410855db8f9ca21e96fbe18e12930b
  • actions/cache v3
  • actions/upload-artifact v3
  • actions/download-artifact v3
  • azure/webapps-deploy v2
.github/workflows/azure-webapps-python.yml
  • actions/checkout v3
  • actions/setup-python v4.6.1
  • actions/upload-artifact v3
  • actions/download-artifact v3
  • azure/webapps-deploy v2
.github/workflows/azure.yml
  • actions/checkout v3
  • actions/setup-node v3
  • azure/webapps-deploy v2
.github/workflows/brakeman.yml
  • actions/checkout v3
  • ruby/setup-ruby 250fcd6a742febb1123a77a841497ccaa8b9e939
  • github/codeql-action v2
.github/workflows/checkmarx.yml
  • actions/checkout v3
  • checkmarx-ts/checkmarx-cxflow-github-action 9c07e2adcb17d0fdf60f3184ff53720513ea3c09
  • github/codeql-action v2
.github/workflows/clj-holmes.yml
  • actions/checkout v3
  • clj-holmes/clj-holmes-action 53daa4da4ff495cccf791e4ba4222a8317ddae9e
  • github/codeql-action v2
  • codecov/codecov-action v3
.github/workflows/clj-watson.yml
  • actions/checkout v3
  • clj-holmes/clj-watson-action b4c3623c4d603932e60e6012a3a1db7bc60058c2
  • github/codeql-action v2
.github/workflows/codacy.yml
  • actions/checkout v3
  • codacy/codacy-analysis-cli-action fde117cc9d692f9e6f9221272c7b65a2f659f064
  • github/codeql-action v2
.github/workflows/codeql.yml
  • actions/checkout v3
  • github/codeql-action v2
  • github/codeql-action v2
  • github/codeql-action v2
  • codecov/codecov-action v3
.github/workflows/codescan.yml
  • actions/checkout v3
  • actions/cache v3
  • codescan-io/codescan-scanner-action 34bb1239ae63550b540bb82f8f5de370ecb34d99
  • github/codeql-action v2
.github/workflows/codescaner-analysis.yml
  • actions/checkout v3
  • actions/cache v3
  • github/codeql-action v2
.github/workflows/crunch42.yml
  • actions/checkout v3
  • 42Crunch/api-security-audit-action ae75e3c3693658c6bfab6e1d4650185c402fd6f9
.github/workflows/datadog-synthetics.yml
  • actions/checkout v3
  • DataDog/synthetics-ci-github-action a3ae3be10856e996d9f1f7bd188c4a449c7746c9
.github/workflows/deno.yml
  • actions/checkout v3
  • denolib/setup-deno 3c5f954c869f1b0d106e129797480905587250f5
.github/workflows/dependency-review.yml
  • actions/checkout v3
  • actions/dependency-review-action v3
  • codecov/codecov-action v3
.github/workflows/detekt.yml
  • actions/checkout v3
  • github/codeql-action v2
.github/workflows/devops-starter-workflow.yml
  • azure/login v1
  • azure/arm-deploy v1
  • azure/docker-login v1
  • azure/login v1
  • azure/arm-deploy v1
  • azure/webapps-deploy v2
  • actions/checkout v3
  • actions/setup-node v3
.github/workflows/devskim.yml
  • actions/checkout v3
  • microsoft/DevSkim-Action v1
  • github/codeql-action v2
  • codecov/codecov-action v3
  • ubuntu 20.04
.github/workflows/docker-image.yml
  • actions/checkout v3
.github/workflows/docker-publish.yml
  • actions/checkout v3
  • sigstore/cosign-installer 6e04d228eb30da1757ee4e1dd75a0ec73a653e06
  • docker/setup-buildx-action 16c0bc4a6e6ada2cfd8afd41d22d95379cf7c32a
  • docker/login-action 465a07811f14bebb1938fbed4728c6a1ff8901fc
  • docker/metadata-action ef25336f420be2d1a49205baf41a9b88712a65a1
  • docker/build-push-action 68d0dc20df34f84bca5214ce60a32e2d589dbaf2
.github/workflows/eslint.yml
  • actions/checkout v3
  • github/codeql-action v2
.github/workflows/fortify.yml
  • actions/checkout v3
  • actions/setup-java v3
  • fortify/gha-setup-scancentral-client 0dd7fb438a6ec17131fd0552b4c105f49c1ab351
  • fortify/gha-setup-fod-uploader 16e5036c084b26cee63cb0c38cfc2101cc9fd13d
  • fortify/gha-export-vulnerabilities 710c062be6afe6c5afc15adff75184760fb70493
  • github/codeql-action v2
.github/workflows/google-cloudrun-docker.yml
  • actions/checkout v3
  • google-github-actions/auth v1
  • docker/login-action v2
  • google-github-actions/deploy-cloudrun v1
.github/workflows/google-cloudrun-source.yml
  • actions/checkout v3
  • google-github-actions/auth v1
  • google-github-actions/deploy-cloudrun v1
.github/workflows/google.yml
  • actions/checkout v3
  • google-github-actions/setup-gcloud v1.1.1
  • google-github-actions/get-gke-credentials v1.0.2
.github/workflows/googleXs.yml
  • actions/checkout v3
  • google-github-actions/setup-gcloud v1.1.1
  • defensecode/thunderscan-action v1.0
  • google-github-actions/get-gke-credentials v1.0.2
.github/workflows/hadolint.yml
  • actions/checkout v3
  • hadolint/hadolint-action d292784f8f3eacda47060b259a580467b0ba410c
  • github/codeql-action v2
.github/workflows/ibm.yml
  • actions/checkout v3
.github/workflows/jekyll.yml
  • actions/checkout v3
.github/workflows/kubesec.yml
  • actions/checkout v3
  • controlplaneio/kubesec-action 43d0ddff5ffee89a6bb9f29b64cd865411137b14
  • github/codeql-action v2
  • ubuntu 20.04
.github/workflows/manual.yml
.github/workflows/mayhem-for-api.yml
  • actions/checkout v3
  • ForAllSecure/mapi-action 353b38b08ade35fe6c68053797a619834a8d225d
  • github/codeql-action v2
.github/workflows/mobsf.yml
  • actions/checkout v3
  • actions/setup-python v4
  • MobSF/mobsfscan 1a796a0729f9d1a0e1fa4fe6b156fde47f4f3185
  • github/codeql-action v2
  • codecov/codecov-action v3
.github/workflows/neuralegion.yml
  • actions/checkout v3
  • NeuraLegion/run-scan e8a357749253841cb233872e6c1fa9f71bb308f8
  • ubuntu 18.04
.github/workflows/njsscan.yml
  • actions/checkout v3
  • ajinabraham/njsscan-action 74e5a58c1edb363b84c9ddd626b0e22f038ac09e
  • github/codeql-action v2
  • codecov/codecov-action v3
.github/workflows/node.js.yml
  • actions/checkout v3
  • actions/setup-node v3
.github/workflows/nowsecure.yml
  • actions/checkout v3
  • nowsecure/nowsecure-action 5459f15cabd7040dee56dea24891ce4d291f25b4
  • github/codeql-action v2
.github/workflows/npm-grunt.yml
  • actions/checkout v3
  • actions/setup-node v3
.github/workflows/npm-gulp.yml
  • actions/checkout v3
  • actions/setup-node v3
.github/workflows/npm-publish-github-packages.yml
  • actions/checkout v3
  • actions/setup-node v3
  • actions/checkout v3
  • actions/setup-node v3
.github/workflows/npm-publish.yml
  • actions/checkout v3
  • actions/setup-node v3
  • actions/checkout v3
  • actions/setup-node v3
  • actions/checkout v3
  • actions/setup-node v3
.github/workflows/openshift.yml
  • actions/github-script v6
  • actions/checkout v3
  • redhat-actions/buildah-build v2
  • redhat-actions/push-to-registry v2
  • redhat-actions/openshift-tools-installer v1
  • redhat-actions/oc-login v1
  • redhat-actions/oc-new-app v1
  • ubuntu 18.04
.github/workflows/ossar-analysis.yml
  • actions/checkout v3
  • github/ossar-action v1
  • github/codeql-action v2
.github/workflows/ossar.yml
  • actions/checkout v3
  • github/ossar-action v1
  • github/codeql-action v2
  • codecov/codecov-action v3
.github/workflows/pmd.yml
  • actions/checkout v3
  • actions/setup-java v3
  • pmd/pmd-github-action 26c0078b0f7ddbdd322f83d28cfd0eaf6985ab6c
  • github/codeql-action v2
  • codecov/codecov-action v3
.github/workflows/powershell.yml
  • actions/checkout v3
  • microsoft/psscriptanalyzer-action 7a0da25f33985767f15f93140306528900744195
  • github/codeql-action v2
  • codecov/codecov-action v3
.github/workflows/python-app.yml
  • actions/checkout v3
  • actions/setup-python v4
.github/workflows/rubocop.yml
  • actions/checkout v3
  • ruby/setup-ruby 250fcd6a742febb1123a77a841497ccaa8b9e939
  • github/codeql-action v2
.github/workflows/rust-clippy.yml
  • actions/checkout v3
  • actions-rs/toolchain v1@16499b5e05bf2e26879000db0c1d13f7e13fa3af
  • github/codeql-action v2
  • codecov/codecov-action v3
.github/workflows/scorecards.yml
  • actions/checkout v3.5.3@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
  • ossf/scorecard-action v2.2.0@08b4669551908b1024bb425080c797723083c031
  • actions/upload-artifact v3.1.2@0b7f8abb1508181956e8e162db84b466c27e18ce
  • github/codeql-action v2.20.2@004c5de30b6423267685b897a3d595e944f7fed5
.github/workflows/securitycodescan.yml
  • actions/checkout v3
  • nuget/setup-nuget 296fd3ccf8528660c91106efefe2364482f86d6f
  • microsoft/setup-msbuild v1.3.1
  • security-code-scan/security-code-scan-add-action 2439fb4aaeda4ad590a7c8bde327d159d03875fd
  • security-code-scan/security-code-scan-results-action 579058214e4be88ce9eea302f1fb74df1b8bc1ed
  • github/codeql-action v2
.github/workflows/semgrep.yml
  • actions/checkout v3
  • returntocorp/semgrep-action 316a1751c53ffb6689b8726910e8204ffb591b4f
  • github/codeql-action v2
  • codecov/codecov-action v3
.github/workflows/snyk-container.yml
  • actions/checkout v3
  • snyk/actions 87b58602664ec2c1c4fd286e2dcf71f2c5a331d6
  • github/codeql-action v2
.github/workflows/snyk-infrastructure.yml
  • actions/checkout v3
  • snyk/actions 87b58602664ec2c1c4fd286e2dcf71f2c5a331d6
  • github/codeql-action v2
.github/workflows/sobelow.yml
  • actions/checkout v3
  • sobelow/action 85a7af55ecfe77cbecbae704398af72df079165e
  • github/codeql-action v2
.github/workflows/sonarcloud.yml
  • SonarSource/sonarcloud-github-action 9c0534dd12d09f22d69fbb301a1955249e49d910
.github/workflows/stackhawk.yml
  • actions/checkout v3
  • stackhawk/hawkscan-action 81fe3cc71a944ab0e47e04bd41e2b42bf2ff7a4b
  • codecov/codecov-action v3
  • ubuntu 20.04
.github/workflows/synopsys-io.yml
  • actions/checkout v3
  • synopsys-sig/intelligent-security-scan 33c8084571f0ad75fd2f370d7c8d10a021927599
  • blackducksoftware/github-action c106efe02c9ec3ba54a319d9da2c5b105a9af4fc
  • synopsys-sig/intelligent-security-scan 33c8084571f0ad75fd2f370d7c8d10a021927599
  • github/codeql-action v2
.github/workflows/sysdig-scan.yml
  • actions/checkout v3
  • sysdiglabs/scan-action 84e4cc594b1ac7eed0f42ddc0609fec175200868
  • github/codeql-action v2
.github/workflows/tencent.yml
  • actions/checkout v3
  • TencentCloud/tke-cluster-credential-action v1
.github/workflows/terraform.yml
  • actions/checkout v3
  • hashicorp/setup-terraform v2
.github/workflows/tfsec.yml
  • actions/checkout v3
  • tfsec/tfsec-sarif-action 21ded20e8ca120cd9d3d6ab04ef746477542a608
  • github/codeql-action v2
.github/workflows/trivy.yml
  • actions/checkout v3
  • aquasecurity/trivy-action 41f05d9ecffa2ed3f1580af306000f734b733e54
  • github/codeql-action v2
  • ubuntu 18.04
.github/workflows/veracode.yml
  • actions/checkout v3
  • actions/setup-java v3
  • veracode/veracode-pipeline-scan-results-to-sarif 99c541b171135ee0e29d3e5b938f74d88b0c5787
  • github/codeql-action v2
.github/workflows/webpack.yml
  • actions/checkout v3
  • actions/setup-node v3
.github/workflows/xanitizer.yml
  • actions/checkout v3
  • actions/setup-java v3
  • RIGS-IT/xanitizer-action 87d13138fb113b727cbe040c744a15a2b4fe5316
  • actions/upload-artifact v3
  • github/codeql-action v2
npm
Application/package.json
  • applicationinsights 2.7.0
  • ejs 3.1.9
  • grunt 1.6.1
  • grunt-contrib-clean 2.0.1
  • grunt-contrib-coffee 2.1.0
  • grunt-contrib-concat 2.1.0
  • grunt-contrib-copy 1.0.0
  • grunt-contrib-cssmin 5.0.0
  • grunt-contrib-jst 2.0.0
  • grunt-contrib-less 3.0.0
  • grunt-contrib-uglify 5.2.2
  • grunt-contrib-watch 1.1.0
  • grunt-sails-linker 1.0.4
  • grunt-sync 0.8.2
  • include-all 4.0.3
  • rc 1.2.8
  • sails 1.5.6
  • sails-disk 2.1.2
  • natives 1.1.6
  • Check this box to trigger a request for Renovate to run again on this repository

CVE-2019-11358 (Medium) detected in jquery-1.11.1.min.js - autoclosed

CVE-2019-11358 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.11.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js

Path to dependency file: /Application/node_modules/@sailshq/nedb/browser-version/test/index.html

Path to vulnerable library: /Application/node_modules/@sailshq/nedb/browser-version/test/jquery.min.js

Dependency Hierarchy:

  • jquery-1.11.1.min.js (Vulnerable Library)

Found in HEAD commit: fefe12a162add6ddeaaa7750d2ec2b1a4bc53eff

Found in base branch: master

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-20

URL: CVE-2019-11358

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

Release Date: 2019-04-20

Fix Resolution: 3.4.0

Step up your Open Source Security Game with WhiteSource here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.