A Node.js based library for controlling a Parrot minidrone. This library also provides the feature to take pictures from the drone, download them all at a time and delete them whenever required.
License: Apache License 2.0
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "mend-bolt-for-github[bot]")
I have used the example code. To take off go forward and then land. The log says it is connected and sending commands but the drone doesn't seem to be running them.
See Log:
Creating observer...
scanning devices...
peripheral discovered: Travis_138173 at promixity: -46
scanning stopped...
noble warning: unknown handle 3585 disconnected!
handshake completed...
proximity updated to: -47
services found: {"uuid":"1800","name":"Generic Access","type":"org.bluetooth.service.generic_access","includedServiceUuids":null},{"uuid":"1801","name":"Generic Attribute","type":"org.bluetooth.service.generic_attribute","includedServiceUuids":null},{"uuid":"9a66fa000800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null},{"uuid":"9a66fb000800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null},{"uuid":"9a66fc000800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null},{"uuid":"9a66fd210800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null},{"uuid":"9a66fd510800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null},{"uuid":"9a66fe000800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null}
characteristics found: {"uuid":"2a00","name":"Device Name","type":"org.bluetooth.characteristic.gap.device_name","properties":["read"]},{"uuid":"2a01","name":"Appearance","type":"org.bluetooth.characteristic.gap.appearance","properties":["read"]},{"uuid":"2a04","name":"Peripheral Preferred Connection Parameters","type":"org.bluetooth.characteristic.gap.peripheral_preferred_connection_parameters","properties":["read"]}
characteristics found: {"uuid":"2a05","name":"Service Changed","type":"org.bluetooth.characteristic.gatt.service_changed","properties":["indicate"]}
characteristics found: {"uuid":"9a66ffc10800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse","write"]}
characteristics found: {"uuid":"9a66fd220800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]},{"uuid":"9a66fd230800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]},{"uuid":"9a66fd240800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]}
characteristics found: {"uuid":"9a66fd520800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]},{"uuid":"9a66fd530800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]},{"uuid":"9a66fd540800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]}
characteristics found: {"uuid":"9a66fe010800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse","write"]},{"uuid":"9a66fe020800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]}
characteristics found: {"uuid":"9a66fa000800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa010800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa020800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa030800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa040800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa050800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa060800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa070800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa080800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa090800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0a0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0b0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0c0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0d0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0e0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0f0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa100800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa110800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa120800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa130800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa140800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa150800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa160800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa170800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa180800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa190800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1a0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1b0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1c0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1d0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1e0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1f0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]}
characteristics found: {"uuid":"9a66fb000800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb010800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb020800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb030800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb040800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb050800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb060800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb070800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb080800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb090800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0a0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0b0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0c0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0d0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0e0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0f0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb100800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb110800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb120800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb130800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb140800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb150800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb160800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb170800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb180800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb190800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1a0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1b0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1c0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1d0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1e0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1f0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]}
subscribed to characteristics...
subscribed to characteristics...
Creating observable...
Creating observable...
Drone connected successfully
Sending Command...
Sending Command...
Sending Command...
My code:
var minidrone = require('dronejs');
var navDataStream = minidrone.getNavDataStream();
minidrone.enableLogging();
navDataStream.subscribe((data) => {
console.log(data);
},
err => debug(err),
() => debug('complete'));
minidrone.connect('Travis_138173')
.then(() => minidrone.checkAllStates())
.then(() => minidrone.flatTrim())
.then(() => minidrone.takeOff())
.then(() => minidrone.flatTrim())
.then(() => minidrone.forward(50, 5))
.then(() => minidrone.flatTrim())
.then(() => minidrone.land())
.then()
.catch((e) => {
console.log('Error occurred: ' + e);
});
get this with mars mini drone when executing node basic-maneuver.js
{ flatTrimChanged: {} }
{ flatTrimChanged: {},
flyingStateChanged: { state: 'takingoff' } }
../iot/minidrone/DroneJS/node_modules/rxjs/Subscriber.js:242
throw err;
^
TypeError: Cannot read property 'name' of undefined
at MiniDroneController.parseData ...iot/minidrone/DroneJS/lib/controllers/MiniDroneController.js:254:21)
Vulnerable Library - mocha-6.1.4.tgzsimple, flexible, fun test framework
Library home page: https://registry.npmjs.org/mocha/-/mocha-6.1.4.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/mocha/package.json
Dependency Hierarchy:
Vulnerability Details
There is regular Expression Denial of Service (ReDoS) vulnerability in mocha.
It allows cause a denial of service when stripping crafted invalid function definition from strs.
Publish Date: 2021-09-18
URL: WS-2021-0638
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2021-09-18
Fix Resolution: 10.2.0
Step up your Open Source Security Game with Mend here
Vulnerable Library - lodash-4.17.11.tgzLodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: d1dea4351f1a0413701f540fa46610ceccec4a91
Vulnerability Details
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Publish Date: 2019-07-26
URL: CVE-2019-10744
CVSS 3 Score Details (9.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-jf85-cpcp-j695
Release Date: 2019-07-26
Fix Resolution: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0
Step up your Open Source Security Game with Mend here
Vulnerable Library - ajv-6.10.0.tgzAnother JSON Schema Validator
Library home page: https://registry.npmjs.org/ajv/-/ajv-6.10.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/ajv/package.json
Dependency Hierarchy:
Vulnerability Details
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)
Publish Date: 2020-07-15
URL: CVE-2020-15366
CVSS 3 Score Details (5.6)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2020-07-15
Fix Resolution (ajv): 6.12.3
Direct dependency fix Resolution (universal-analytics): 0.4.21
Step up your Open Source Security Game with Mend here
Vulnerable Library - decode-uri-component-0.2.0.tgzA better decodeURIComponent
Library home page: https://registry.npmjs.org/decode-uri-component/-/decode-uri-component-0.2.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/decode-uri-component/package.json
Dependency Hierarchy:
Vulnerability Details
decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.
Publish Date: 2022-11-28
URL: CVE-2022-38900
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-w573-4hg7-7wgq
Release Date: 2022-11-28
Fix Resolution: decode-uri-component - 0.2.1
Step up your Open Source Security Game with Mend here
Vulnerable Library - ms-0.7.1.tgzTiny ms conversion utility
Library home page: https://registry.npmjs.org/ms/-/ms-0.7.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/noble/node_modules/ms/package.json
Dependency Hierarchy:
Vulnerability Details
A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is caae2988ba2a37765d055c4eee63d383320ee662. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217451.
Publish Date: 2023-01-05
URL: CVE-2017-20162
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2023-01-05
Fix Resolution: ms - 2.0.0
Step up your Open Source Security Game with Mend here
hey gandhimonik,
maybe you remember we wrote back on the parrot sdk board.
I dropped my attempt. I'd like to use yours but i keep getting
this error when i try to connect. Do you have any idea why this
keeps happening?
C:\Users\usr\AppData\Roaming\npm\node_modules\dronejs>node main.js
C:\Users\usr\AppData\Roaming\npm\node_modules\dronejs\node_modules\usb\usb.js
:33
this.__open()
^
Error: LIBUSB_ERROR_NOT_SUPPORTED
at Error (native)
at Device.usb.Device.open (C:\Users\usr\AppData\Roaming\npm\node_modules\
dronejs\node_modules\usb\usb.js:33:7)
at BluetoothHciSocket.bindUser (C:\Users\usr\AppData\Roaming\npm\node_mod
ules\dronejs\node_modules\bluetooth-hci-socket\lib\usb.js:73:19)
at BluetoothHciSocket.bindRaw (C:\Users\usr\AppData\Roaming\npm\node_modu
les\dronejs\node_modules\bluetooth-hci-socket\lib\usb.js:28:8)
at Hci.init (C:\Users\usr\AppData\Roaming\npm\node_modules\dronejs\node_m
odules\noble\lib\hci-socket\hci.js:101:35)
at NobleBindings.init (C:\Users\usr\AppData\Roaming\npm\node_modules\dron
ejs\node_modules\noble\lib\hci-socket\bindings.js:82:13)
at new Noble (C:\Users\usr\AppData\Roaming\npm\node_modules\dronejs\node_
modules\noble\lib\noble.js:50:18)
at Object.<anonymous> (C:\Users\usr\AppData\Roaming\npm\node_modules\dron
ejs\node_modules\noble\index.js:4:18)
at Module._compile (module.js:570:32)
at Object.Module._extensions..js (module.js:579:10)
C:\Users\usr\AppData\Roaming\npm\node_modules\dronejs>
regards moe-the-fabber
Hello, the library does not work, the drone does not respond. I tried other libraries on nodejs and they worked for me, but I want to use this because it is the only one that has the possibility to download photos.
Thank you
Dear Gandhimonik,
I would really like to use your code for an educational project. However when executing some examplecode like:
`var minidrone = require('dronejs');
var navDataStream = minidrone.getNavDataStream();
navDataStream.subscribe((data) => {
console.log(data);
},
err => debug(err),
() => debug('complete'));
minidrone.connect('RS_')
.then(() => minidrone.flatTrim())
.then(() => minidrone.takeOff())
.then(() => minidrone.flatTrim())
.then(() => minidrone.takePicture())
.then(() => minidrone.flatTrim())
.then(() => minidrone.land())
.then()
.catch((e) => {
console.log('Error occurred: ' + e);
});`
the drone (Rolling Spider) does not give any reaction. I do not get any error messages except some noble warning which I also get using the software of node-rollling-spider (https://github.com/voodootikigod/node-rolling-spider) however with that software the drone does react.
Changing 'RS_' in the connect statement to the correct bluetoothcode of the drone also does not help.
I am currently using:
Have you any idea what I am doing wrong?
Vulnerable Library - mixin-deep-1.3.1.tgzDeeply mix the properties of objects into the first object. Like merge-deep, but doesn't clone.
Library home page: https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/mixin-deep/package.json
Dependency Hierarchy:
Found in HEAD commit: d1dea4351f1a0413701f540fa46610ceccec4a91
Vulnerability Details
mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Publish Date: 2019-08-23
URL: CVE-2019-10746
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2019-08-23
Fix Resolution: 1.3.2,2.0.1
Step up your Open Source Security Game with Mend here
I am running node 8.8.1 and trying to use Parrot Minidrone Airborne Nght Swat drone with this library. Drone firmware is updated to lastest available (2.6.8), other nodejs libraries and the freeflight iphone app works, so drone is ok. It fails to connect even when running examples provided with this lib.
log:
Creating observer...
scanning devices...
peripheral discovered: Swat_098861 at promixity: -73
scanning stopped...
handshake completed...
proximity updated to: -56
services found: {"uuid":"1801","name":"Generic Attribute","type":"org.bluetooth.service.generic_attribute","includedServiceUuids":null},{"uuid":"1800","name":"Generic Access","type":"org.bluetooth.service.generic_access","includedServiceUuids":null},{"uuid":"9a66fa000800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null},{"uuid":"9a66fb000800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null},{"uuid":"9a66fd210800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null},{"uuid":"9a66fd510800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null},{"uuid":"9a66fe000800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null}
characteristics found: {"uuid":"2a00","name":"Device Name","type":"org.bluetooth.characteristic.gap.device_name","properties":["read"]},{"uuid":"2a01","name":"Appearance","type":"org.bluetooth.characteristic.gap.appearance","properties":["read"]},{"uuid":"2a04","name":"Peripheral Preferred Connection Parameters","type":"org.bluetooth.characteristic.gap.peripheral_preferred_connection_parameters","properties":["read"]}
characteristics found: {"uuid":"9a66fd220800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]},{"uuid":"9a66fd230800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]},{"uuid":"9a66fd240800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write"]}
characteristics found: {"uuid":"9a66fd520800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]},{"uuid":"9a66fd530800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]},{"uuid":"9a66fd540800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write"]}
characteristics found: {"uuid":"2a05","name":"Service Changed","type":"org.bluetooth.characteristic.gatt.service_changed","properties":["indicate"]}
characteristics found: {"uuid":"9a66fe010800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse","write"]},{"uuid":"9a66fe020800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]}
characteristics found: {"uuid":"9a66fa000800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa010800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa020800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa030800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa040800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa050800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa060800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa070800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa080800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa090800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0a0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0b0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0c0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0d0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0e0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0f0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa100800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa110800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa120800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa130800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa140800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa150800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa160800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa170800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa180800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa190800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1a0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1b0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1c0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1d0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1e0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1f0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]}
characteristics found: {"uuid":"9a66fb000800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb010800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb020800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb030800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb040800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb050800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb060800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb070800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb080800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb090800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0a0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0b0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0c0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0d0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0e0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0f0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb100800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb110800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb120800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb130800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb140800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb150800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb160800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb170800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb180800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb190800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1a0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1b0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1c0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1d0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1e0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1f0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]}
subscribed to characteristics...
Vulnerable Library - pathval-1.1.0.tgzObject value retrieval given a string path
Library home page: https://registry.npmjs.org/pathval/-/pathval-1.1.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/pathval/package.json
Dependency Hierarchy:
Vulnerability Details
pathval before version 1.1.1 is vulnerable to prototype pollution.
Publish Date: 2020-10-26
URL: CVE-2020-7751
CVSS 3 Score Details (7.2)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7751
Release Date: 2020-10-26
Fix Resolution (pathval): 1.1.1
Direct dependency fix Resolution (chai): 4.3.0
Step up your Open Source Security Game with Mend here
this occurs with the CheckAllStates function, and pops up in some other cases also.
here is the log of the CheckAllStates example:
Creating observer...
scanning devices...
peripheral discovered: Mambo_651045 at promixity: -45
scanning stopped...
handshake completed...
proximity updated to: -44
services found: {"uuid":"9a66fa000800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null},{"uuid":"9a66fb000800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null},{"uuid":"9a66fd210800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null},{"uuid":"9a66fd510800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null},{"uuid":"9a66fe000800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null}
characteristics found: {"uuid":"9a66fa000800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa010800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa020800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa030800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa040800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa050800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa060800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa070800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa080800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa090800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0a0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0b0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0c0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0d0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0e0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0f0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa100800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa110800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa120800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa130800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa140800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa150800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa160800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa170800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa180800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa190800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1a0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1b0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1c0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1d0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1e0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1f0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]}
characteristics found: {"uuid":"9a66fb000800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb010800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb020800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb030800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb040800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb050800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb060800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb070800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb080800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb090800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0a0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0b0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0c0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0d0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0e0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0f0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb100800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb110800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb120800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb130800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb140800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb150800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb160800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb170800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb180800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb190800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1a0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1b0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1c0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1d0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1e0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1f0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]}
characteristics found: {"uuid":"9a66fd220800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]},{"uuid":"9a66fd230800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]},{"uuid":"9a66fd240800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write"]}
characteristics found: {"uuid":"9a66fd520800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]},{"uuid":"9a66fd530800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]},{"uuid":"9a66fd540800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write"]}
characteristics found: {"uuid":"9a66fe010800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse","write"]},{"uuid":"9a66fe020800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]}
subscribed to characteristics...
subscribed to characteristics...
Creating observable...
Creating observable...
Drone connected successfully
Sending Command...
[ '2',
'1',
'0',
'18',
'2',
'0',
'52',
'46',
'48',
'46',
'48',
'46',
'52',
'0' ]
Navdata: { deviceLibARCommandsVersion: { version: '4.0.0.4\u0000' } }
{ deviceLibARCommandsVersion: { version: '4.0.0.4\u0000' } }
[ '2', '2', '0', '5', '1', '0', '61' ]
Navdata: { deviceLibARCommandsVersion: { version: '4.0.0.4\u0000' },
batteryStateChanged: { percent: 61 } }
{ deviceLibARCommandsVersion: { version: '4.0.0.4\u0000' },
batteryStateChanged: { percent: 61 } }
[ '2', '3', '0', '30', '0', '0', '0' ]
Navdata: { deviceLibARCommandsVersion: { version: '4.0.0.4\u0000' },
batteryStateChanged: { percent: 61 },
runIdChanged: { runId: '\u0000' } }
{ deviceLibARCommandsVersion: { version: '4.0.0.4\u0000' },
batteryStateChanged: { percent: 61 },
runIdChanged: { runId: '\u0000' } }
[ '2',
'4',
'0',
'5',
'11',
'0',
'0',
'0',
'0',
'0',
'0',
'0',
'0',
'0',
'0' ]
Navdata: { deviceLibARCommandsVersion: { version: '4.0.0.4\u0000' },
batteryStateChanged: { percent: 61 },
runIdChanged: { runId: '\u0000' },
deprecatedMassStorageContentChanged:
{ mass_storage_id: 0,
nbPhotos: 0,
nbVideos: 0,
nbPuds: 0,
nbCrashLogs: 0 } }
{ deviceLibARCommandsVersion: { version: '4.0.0.4\u0000' },
batteryStateChanged: { percent: 61 },
runIdChanged: { runId: '\u0000' },
deprecatedMassStorageContentChanged:
{ mass_storage_id: 0,
nbPhotos: 0,
nbVideos: 0,
nbPuds: 0,
nbCrashLogs: 0 } }
[ '2', '5', '2', '3', '1', '0', '0', '0', '0', '0' ]
Navdata: { deviceLibARCommandsVersion: { version: '4.0.0.4\u0000' },
batteryStateChanged: { percent: 61 },
runIdChanged: { runId: '\u0000' },
deprecatedMassStorageContentChanged:
{ mass_storage_id: 0,
nbPhotos: 0,
nbVideos: 0,
nbPuds: 0,
nbCrashLogs: 0 },
flyingStateChanged: { state: 'landed' } }
{ deviceLibARCommandsVersion: { version: '4.0.0.4\u0000' },
batteryStateChanged: { percent: 61 },
runIdChanged: { runId: '\u0000' },
deprecatedMassStorageContentChanged:
{ mass_storage_id: 0,
nbPhotos: 0,
nbVideos: 0,
nbPuds: 0,
nbCrashLogs: 0 },
flyingStateChanged: { state: 'landed' } }
[ '2',
'6',
'0',
'29',
'3',
'0',
'5',
'0',
'0',
'0',
'1',
'0',
'0',
'0',
'5',
'65' ]
Navdata: { deviceLibARCommandsVersion: { version: '4.0.0.4\u0000' },
batteryStateChanged: { percent: 61 },
runIdChanged: { runId: '\u0000' },
deprecatedMassStorageContentChanged:
{ mass_storage_id: 0,
nbPhotos: 0,
nbVideos: 0,
nbPuds: 0,
nbCrashLogs: 0 },
flyingStateChanged: { state: 'landed' },
chargingInfo:
{ phase: 'DISCHARGING',
rate: 'SLOW',
intensity: 5,
fullChargingTime: 65 } }
{ deviceLibARCommandsVersion: { version: '4.0.0.4\u0000' },
batteryStateChanged: { percent: 61 },
runIdChanged: { runId: '\u0000' },
deprecatedMassStorageContentChanged:
{ mass_storage_id: 0,
nbPhotos: 0,
nbVideos: 0,
nbPuds: 0,
nbCrashLogs: 0 },
flyingStateChanged: { state: 'landed' },
chargingInfo:
{ phase: 'DISCHARGING',
rate: 'SLOW',
intensity: 5,
fullChargingTime: 65 } }
[ '2', '7', '2', '25', '0', '0', '0' ]
observable disposed
/Users/hadfield/Local/vital-git/haley-parrot-drone/node_modules/rxjs/Subscriber.js:243
throw err;
^
TypeError: Cannot read property 'name' of undefined
at MiniDroneController.parseData (/Users/hadfield/Local/vital-git/haley-parrot-drone/node_modules/dronejs/lib/controllers/MiniDroneController.js:271:21)
at SafeSubscriber._next (/Users/hadfield/Local/vital-git/haley-parrot-drone/node_modules/dronejs/lib/controllers/MiniDroneController.js:183:34)
at SafeSubscriber.__tryOrUnsub (/Users/hadfield/Local/vital-git/haley-parrot-drone/node_modules/rxjs/Subscriber.js:239:16)
at SafeSubscriber.next (/Users/hadfield/Local/vital-git/haley-parrot-drone/node_modules/rxjs/Subscriber.js:186:22)
at Subscriber._next (/Users/hadfield/Local/vital-git/haley-parrot-drone/node_modules/rxjs/Subscriber.js:126:26)
at Subscriber.next (/Users/hadfield/Local/vital-git/haley-parrot-drone/node_modules/rxjs/Subscriber.js:90:18)
at DistinctUntilChangedSubscriber._next (/Users/hadfield/Local/vital-git/haley-parrot-drone/node_modules/rxjs/operators/distinctUntilChanged.js:103:30)
at DistinctUntilChangedSubscriber.Subscriber.next (/Users/hadfield/Local/vital-git/haley-parrot-drone/node_modules/rxjs/Subscriber.js:90:18)
at Characteristic. (/Users/hadfield/Local/vital-git/haley-parrot-drone/node_modules/dronejs/lib/services/MiniDroneService.js:238:34)
at Characteristic.emit (events.js:160:13)
Vulnerable Library - debug-2.2.0.tgzsmall debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-2.2.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/noble/node_modules/debug/package.json
Dependency Hierarchy:
Found in HEAD commit: d1dea4351f1a0413701f540fa46610ceccec4a91
Vulnerability Details
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.
Publish Date: 2018-06-07
URL: CVE-2017-16137
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16137
Release Date: 2018-06-07
Fix Resolution: 2.6.9
Step up your Open Source Security Game with Mend here
Vulnerable Library - braces-1.8.5.tgzFastest brace expansion for node.js, with the most complete support for the Bash 4.3 braces specification.
Library home page: https://registry.npmjs.org/braces/-/braces-1.8.5.tgz
Path to dependency file: /tmp/ws-scm/DroneJS/package.json
Path to vulnerable library: /tmp/ws-scm/DroneJS/node_modules/micromatch/node_modules/braces/package.json
Dependency Hierarchy:
Found in HEAD commit: d1dea4351f1a0413701f540fa46610ceccec4a91
Vulnerability Details
Version of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.
Publish Date: 2019-03-25
URL: WS-2019-0019
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/786
Release Date: 2019-02-21
Fix Resolution: 2.3.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - glob-parent-2.0.0.tgzStrips glob magic from a string to provide the parent path
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-2.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/glob-parent/package.json
Dependency Hierarchy:
Vulnerability Details
The package glob-parent before 6.0.1 are vulnerable to Regular Expression Denial of Service (ReDoS)
Publish Date: 2021-06-22
URL: CVE-2021-35065
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-cj88-88mr-972w
Release Date: 2021-06-22
Fix Resolution: glob-parent - 6.0.1
Step up your Open Source Security Game with Mend here
Vulnerable Library - glob-parent-2.0.0.tgzStrips glob magic from a string to provide the parent path
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-2.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/glob-parent/package.json
Dependency Hierarchy:
Vulnerability Details
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
Publish Date: 2021-06-03
URL: CVE-2020-28469
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28469
Release Date: 2021-06-03
Fix Resolution: glob-parent - 5.1.2
Step up your Open Source Security Game with Mend here
Vulnerable Library - ms-0.7.1.tgzTiny ms conversion utility
Library home page: https://registry.npmjs.org/ms/-/ms-0.7.1.tgz
Path to dependency file: DroneJS/package.json
Path to vulnerable library: DroneJS/node_modules/noble/node_modules/ms/package.json
Dependency Hierarchy:
Found in HEAD commit: d1dea4351f1a0413701f540fa46610ceccec4a91
Vulnerability Details
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS).
Publish Date: 2017-04-12
URL: WS-2017-0247
CVSS 2 Score Details (3.4)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: vercel/ms#89
Release Date: 2017-04-12
Fix Resolution: 2.1.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Libraries - set-value-2.0.0.tgz, set-value-0.4.3.tgz
Create nested values and any intermediaries using dot notation (`'a.b.c'`) paths.
Library home page: https://registry.npmjs.org/set-value/-/set-value-2.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/set-value/package.json
Dependency Hierarchy:
Create nested values and any intermediaries using dot notation (`'a.b.c'`) paths.
Library home page: https://registry.npmjs.org/set-value/-/set-value-0.4.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/union-value/node_modules/set-value/package.json
Dependency Hierarchy:
Found in HEAD commit: d1dea4351f1a0413701f540fa46610ceccec4a91
Vulnerability Details
set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and proto payloads.
Publish Date: 2019-08-23
URL: CVE-2019-10747
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2019-10-29
Fix Resolution: 2.0.1,3.0.1
Step up your Open Source Security Game with Mend here
Vulnerable Library - kind-of-6.0.2.tgzGet the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/readdirp/node_modules/kind-of/package.json
Dependency Hierarchy:
Vulnerability Details
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
Publish Date: 2019-12-30
URL: CVE-2019-20149
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20149
Release Date: 2019-12-30
Fix Resolution: 6.0.3
Step up your Open Source Security Game with Mend here
Hello Downloading a picture is not working.
I am using the mars minidrone
log below
node download-picture.js
scanning devices...
peripheral discovered: Mars_101547 at promixity: 86
scanning stopped...
handshake completed...
proximity updated to: -39
services found: {"uuid":"9a66fa000800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null},{"uuid":"9a66fb000800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null},{"uuid":"9a66fd210800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null},{"uuid":"9a66fd510800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null},{"uuid":"9a66fe000800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null}
characteristics found: {"uuid":"9a66fa000800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa010800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa020800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa030800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa040800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa050800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa060800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa070800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa080800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa090800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0a0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0b0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0c0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0d0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0e0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0f0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa100800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa110800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa120800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa130800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa140800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa150800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa160800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa170800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa180800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa190800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1a0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1b0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1c0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1d0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1e0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1f0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]}
characteristics found: {"uuid":"9a66fb000800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb010800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb020800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb030800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb040800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb050800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb060800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb070800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb080800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb090800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0a0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0b0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0c0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0d0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0e0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0f0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb100800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb110800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb120800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb130800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb140800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb150800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb160800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb170800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb180800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb190800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1a0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1b0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1c0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1d0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1e0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1f0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]}
characteristics found: {"uuid":"9a66fd220800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]},{"uuid":"9a66fd230800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]},{"uuid":"9a66fd240800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write"]}
characteristics found: {"uuid":"9a66fd520800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]},{"uuid":"9a66fd530800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]},{"uuid":"9a66fd540800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write"]}
characteristics found: {"uuid":"9a66fe010800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse","write"]},{"uuid":"9a66fe020800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]}
subscribed to characteristics...
subscribed to characteristics...
Creating observable...
Creating observable...
Drone connected successfully
Sending FTP Command...
Vulnerable Library - lodash-4.17.11.tgzLodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/lodash/package.json
Dependency Hierarchy:
Vulnerability Details
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Mend Note: After conducting further research, Mend has determined that CVE-2020-28500 only affects environments with versions 4.0.0 to 4.17.20 of Lodash.
Publish Date: 2021-02-15
URL: CVE-2020-28500
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500
Release Date: 2021-02-15
Fix Resolution: lodash - 4.17.21
Step up your Open Source Security Game with Mend here
hey gandhi
i wondered if you could add the other drone functions
like picture taking and claw and tool actions of the mambo
parrot.
regards
Vulnerable Library - minimatch-3.0.4.tgza glob matcher in javascript
Library home page: https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/minimatch/package.json
Dependency Hierarchy:
Vulnerability Details
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
Publish Date: 2022-10-17
URL: CVE-2022-3517
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2022-10-17
Fix Resolution: minimatch - 3.0.5
Step up your Open Source Security Game with Mend here
Hello the basic-maneuver.js
does not work with Mars ... the drone takes off but does not land
node basic-maneuver.js
Creating observer...
scanning devices...
peripheral discovered: Mars_101547 at promixity: 85
scanning stopped...
handshake completed...
proximity updated to: -42
services found: {"uuid":"9a66fa000800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null},{"uuid":"9a66fb000800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null},{"uuid":"9a66fd210800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null},{"uuid":"9a66fd510800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null},{"uuid":"9a66fe000800919111e4012d1540cb8e","name":null,"type":null,"includedServiceUuids":null}
characteristics found: {"uuid":"9a66fa000800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa010800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa020800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa030800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa040800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa050800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa060800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa070800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa080800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa090800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0a0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0b0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0c0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0d0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0e0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa0f0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa100800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa110800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa120800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa130800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa140800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa150800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa160800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa170800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa180800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa190800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1a0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1b0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1c0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1d0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1e0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]},{"uuid":"9a66fa1f0800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse"]}
characteristics found: {"uuid":"9a66fb000800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb010800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb020800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb030800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb040800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb050800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb060800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb070800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb080800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb090800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0a0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0b0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0c0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0d0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0e0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb0f0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb100800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb110800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb120800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb130800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb140800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb150800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb160800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb170800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb180800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb190800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1a0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1b0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1c0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1d0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1e0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]},{"uuid":"9a66fb1f0800919111e4012d1540cb8e","name":null,"type":null,"properties":["notify"]}
characteristics found: {"uuid":"9a66fd220800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]},{"uuid":"9a66fd230800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]},{"uuid":"9a66fd240800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write"]}
characteristics found: {"uuid":"9a66fd520800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]},{"uuid":"9a66fd530800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]},{"uuid":"9a66fd540800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write"]}
characteristics found: {"uuid":"9a66fe010800919111e4012d1540cb8e","name":null,"type":null,"properties":["writeWithoutResponse","write"]},{"uuid":"9a66fe020800919111e4012d1540cb8e","name":null,"type":null,"properties":["read","writeWithoutResponse","write","notify"]}
subscribed to characteristics...
subscribed to characteristics...
Creating observable...
Creating observable...
Drone connected successfully
Sending Command...
[ '4', '1', '2', '3', '0', '0' ]
Navdata: { flatTrimChanged: {} }
{ flatTrimChanged: {} }
Sending Command...
[ '4', '2', '2', '3', '1', '0', '1', '0', '0', '0' ]
Navdata: { flatTrimChanged: {},
flyingStateChanged: { state: 'takingoff' } }
{ flatTrimChanged: {},
flyingStateChanged: { state: 'takingoff' } }
[ '4', '3', '0', '30', '0', '0', '53', '65', '66', '56', '70', '56', '0' ]
Navdata: { flatTrimChanged: {},
flyingStateChanged: { state: 'takingoff' },
runIdChanged: { runId: '5AB8F8\u0000' } }
{ flatTrimChanged: {},
flyingStateChanged: { state: 'takingoff' },
runIdChanged: { runId: '5AB8F8\u0000' } }
[ '2', '1', '0', '5', '1', '0', '66' ]
Navdata: { flatTrimChanged: {},
flyingStateChanged: { state: 'takingoff' },
runIdChanged: { runId: '5AB8F8\u0000' },
batteryStateChanged: { percent: 66 } }
{ flatTrimChanged: {},
flyingStateChanged: { state: 'takingoff' },
runIdChanged: { runId: '5AB8F8\u0000' },
batteryStateChanged: { percent: 66 } }
[ '4', '3', '0', '30', '0', '0', '53', '65', '66', '56', '70', '56', '0' ]
Navdata: { flatTrimChanged: {},
flyingStateChanged: { state: 'takingoff' },
runIdChanged: { runId: '5AB8F8\u0000' },
batteryStateChanged: { percent: 66 } }
{ flatTrimChanged: {},
flyingStateChanged: { state: 'takingoff' },
runIdChanged: { runId: '5AB8F8\u0000' },
batteryStateChanged: { percent: 66 } }
^C
Vulnerable Library - lodash-4.17.11.tgzLodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/lodash/package.json
Dependency Hierarchy:
Vulnerability Details
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
Publish Date: 2020-07-15
URL: CVE-2020-8203
CVSS 3 Score Details (7.4)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1523
Release Date: 2020-07-15
Fix Resolution: lodash - 4.17.19
Step up your Open Source Security Game with Mend here
Vulnerable Library - lodash-4.17.11.tgzLodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/lodash/package.json
Dependency Hierarchy:
Vulnerability Details
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Publish Date: 2021-02-15
URL: CVE-2021-23337
CVSS 3 Score Details (7.2)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2021-02-15
Fix Resolution: lodash - 4.17.21
Step up your Open Source Security Game with Mend here
Hi.
I have upgrade the drone to new one (MAMBO) and after takeoff the nodejs throws an exception in one field "name" in undefined variable... reviewing the code is in the rxjs subscriber module
observable disposed
/home/pi/node_modules/rxjs/Subscriber.js:250
throw err;
^
TypeError: Cannot read property 'name' of undefined
at MiniDroneController.parseData _(/home/pi/node_modules/dronejs/lib/controllers/MiniDroneController.js:287:21)
at SafeSubscriber.next (/home/pi/node_modules/dronejs/lib/controllers/MiniDroneController.js:192:32)
at SafeSubscriber.__tryOrUnsub (/home/pi/node_modules/rxjs/Subscriber.js:246:16)
at SafeSubscriber.next (/home/pi/node_modules/rxjs/Subscriber.js:193:22)
at Subscriber._next (/home/pi/node_modules/rxjs/Subscriber.js:133:26)
at Subscriber.next (/home/pi/node_modules/rxjs/Subscriber.js:97:18)
at DistinctUntilChangedSubscriber._next (/home/pi/node_modules/rxjs/operators/distinctUntilChanged.js:103:30)
at DistinctUntilChangedSubscriber.Subscriber.next (/home/pi/node_modules/rxjs/Subscriber.js:97:18)
at Characteristic. (/home/pi/node_modules/dronejs/lib/services/MiniDroneService.js:250:34)
at emitTwo (events.js:126:13)
minidronecontroller.js line 287 is this piece of code:
categoryName = cmds.project.categories.filter(function (category) {
(0, _debug.debug)('PARSE OBJECT::: category ' + categoryId);
return category.id === categoryId;
}).pop().name;
Any ideas why this object is undefined??
More debug lines:
OBJECT PARSED::: { name: 'runIdChanged',
args: [ { name: 'runId', value: '19DFCF\u0000' } ] }
Navdata: { flatTrimChanged: {},
flyingStateChanged: { state: 'takingoff' },
runIdChanged: { runId: '19DFCF\u0000' } }
{ flatTrimChanged: {},
flyingStateChanged: { state: 'takingoff' },
runIdChanged: { runId: '19DFCF\u0000' } }
PARSE OBJECT::: 2,1,2,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
PARSE OBJECT::: category 18
PARSE OBJECT::: category 18
PARSE OBJECT::: category 18
PARSE OBJECT::: category 18
PARSE OBJECT::: category 18
PARSE OBJECT::: category 18
PARSE OBJECT::: category 18
PARSE OBJECT::: category 18
PARSE OBJECT::: category 18
PARSE OBJECT::: category 18
PARSE OBJECT::: category 18
PARSE OBJECT::: category 18
PARSE OBJECT::: category 18
PARSE OBJECT::: category 18
PARSE OBJECT::: category 18
PARSE OBJECT::: category 18
PARSE OBJECT::: category 18
PARSE OBJECT::: category 18
PARSE OBJECT::: category 18
PARSE OBJECT::: category 18
PARSE OBJECT::: category 18
PARSE OBJECT::: category 18
PARSE OBJECT::: category 18
PARSE OBJECT::: category 18
observable disposed
/home/pi/node_modules/rxjs/Subscriber.js:250
throw err;
^
Regards!
Vulnerable Libraries - set-value-2.0.0.tgz, set-value-0.4.3.tgz
Create nested values and any intermediaries using dot notation (`'a.b.c'`) paths.
Library home page: https://registry.npmjs.org/set-value/-/set-value-2.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/set-value/package.json
Dependency Hierarchy:
Create nested values and any intermediaries using dot notation (`'a.b.c'`) paths.
Library home page: https://registry.npmjs.org/set-value/-/set-value-0.4.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/union-value/node_modules/set-value/package.json
Dependency Hierarchy:
Vulnerability Details
This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.
Mend Note: After conducting further research, Mend has determined that all versions of set-value up to version 4.0.0 are vulnerable to CVE-2021-23440.
Publish Date: 2021-09-12
URL: CVE-2021-23440
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2021-09-12
Fix Resolution: set-value - 4.0.1
Step up your Open Source Security Game with Mend here
Vulnerable Library - request-2.88.0.tgzSimplified HTTP request client.
Library home page: https://registry.npmjs.org/request/-/request-2.88.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/request/package.json
Dependency Hierarchy:
Vulnerability Details
** UNSUPPORTED WHEN ASSIGNED ** The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Publish Date: 2023-03-16
URL: CVE-2023-28155
CVSS 3 Score Details (5.5)
Base Score Metrics:
Step up your Open Source Security Game with Mend here
Vulnerable Libraries - yargs-parser-13.0.0.tgz, yargs-parser-11.1.1.tgz
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-13.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/yargs-parser/package.json
Dependency Hierarchy:
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-11.1.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/yargs-unparser/node_modules/yargs-parser/package.json
Dependency Hierarchy:
Vulnerability Details
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.
Publish Date: 2020-03-16
URL: CVE-2020-7608
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2020-03-16
Fix Resolution (yargs-parser): 13.1.2
Direct dependency fix Resolution (mocha): 6.2.3
Fix Resolution (yargs-parser): 13.1.2
Direct dependency fix Resolution (mocha): 6.2.3
Step up your Open Source Security Game with Mend here
Vulnerable Library - json5-0.5.1.tgzJSON for the ES5 era.
Library home page: https://registry.npmjs.org/json5/-/json5-0.5.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/json5/package.json
Dependency Hierarchy:
Vulnerability Details
JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The parse method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named __proto__, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by JSON5.parse and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. JSON5.parse should restrict parsing of __proto__ keys when parsing JSON strings to objects. As a point of reference, the JSON.parse method included in JavaScript ignores __proto__ keys. Simply changing JSON5.parse to JSON.parse in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2, 2.2.2, and later.
Publish Date: 2022-12-24
URL: CVE-2022-46175
CVSS 3 Score Details (8.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2022-46175
Release Date: 2022-12-24
Fix Resolution: json5 - 2.2.2
Step up your Open Source Security Game with Mend here
Vulnerable Libraries - minimist-0.0.8.tgz, minimist-1.2.0.tgz
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/minimist/package.json
Dependency Hierarchy:
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz
Dependency Hierarchy:
Vulnerability Details
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
Publish Date: 2020-03-11
URL: CVE-2020-7598
CVSS 3 Score Details (5.6)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2020-03-11
Fix Resolution: minimist - 0.2.1,1.2.3
Step up your Open Source Security Game with Mend here
Vulnerable Library - flat-4.1.0.tgzTake a nested Javascript object and flatten it, or unflatten an object with delimited keys
Library home page: https://registry.npmjs.org/flat/-/flat-4.1.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/flat/package.json
Dependency Hierarchy:
Vulnerability Details
A vulnerability, which was classified as critical, was found in hughsk flat up to 5.0.0. This affects the function unflatten of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to initiate the attack remotely. Upgrading to version 5.0.1 is able to address this issue. The name of the patch is 20ef0ef55dfa028caddaedbcb33efbdb04d18e13. It is recommended to upgrade the affected component. The identifier VDB-216777 was assigned to this vulnerability.
Publish Date: 2022-12-25
URL: CVE-2020-36632
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-2j2x-2gpw-g8fm
Release Date: 2022-12-25
Fix Resolution (flat): 4.1.1
Direct dependency fix Resolution (mocha): 6.2.0
Step up your Open Source Security Game with Mend here
Vulnerable Libraries - minimist-0.0.8.tgz, minimist-1.2.0.tgz
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/minimist/package.json
Dependency Hierarchy:
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz
Dependency Hierarchy:
Vulnerability Details
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Publish Date: 2022-03-17
URL: CVE-2021-44906
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2022-03-17
Fix Resolution: minimist - 1.2.6
Step up your Open Source Security Game with Mend here
Vulnerable Library - debug-2.2.0.tgzsmall debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-2.2.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/noble/node_modules/debug/package.json
Dependency Hierarchy:
Vulnerability Details
A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue. The name of the patch is c38a0166c266a679c8de012d4eaccec3f944e685. It is recommended to upgrade the affected component. The identifier VDB-217665 was assigned to this vulnerability.
Publish Date: 2023-01-09
URL: CVE-2017-20165
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-9vvw-cc9w-f27h
Release Date: 2023-01-09
Fix Resolution: debug - 2.6.9,3.1.0
Step up your Open Source Security Game with Mend here
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.