GithubHelp home page GithubHelp logo

hernikplays / m00n Goto Github PK

View Code? Open in Web Editor NEW
1.0 1.0 1.0 6.64 MB

Discord Entertainment bot written in NodeJS

License: GNU Affero General Public License v3.0

JavaScript 100.00%
bot discord discord-bot discord-js

m00n's Introduction

This profile exists so I can contribute to projects hosted on GitHub.

All my new projects are stored on https://git.mnau.xyz.

m00n's People

Contributors

dependabot[bot] avatar gr8trbots avatar hernikplays avatar

Stargazers

avatar

Forkers

fossabot

m00n's Issues

CVE-2017-16088 High Severity Vulnerability detected by WhiteSource

CVE-2017-16088 - High Severity Vulnerability

Vulnerable Library - safe-eval-0.3.0.tgz

Safer version of eval()

path: /JustAPotato/node_modules/safe-eval/package.json

Library home page: https://registry.npmjs.org/safe-eval/-/safe-eval-0.3.0.tgz

Dependency Hierarchy:

  • safe-eval-0.3.0.tgz (Vulnerable Library)

Vulnerability Details

The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.

Publish Date: 2018-06-07

URL: CVE-2017-16088

CVSS 3 Score Details (10.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/337

Release Date: 2017-08-30

Fix Resolution: No direct patch for this package is available, due to restrictions inherent in the node platform. Executing untrusted user input as code is rarely safe, and the use of packages like this are always going to carry some degree of risk.

At this time, it is not recommended to use this package.

A safer solution for executing untrusted code is to run the code using OS level containerization, such as docker.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-3728 Medium Severity Vulnerability detected by WhiteSource

CVE-2018-3728 - Medium Severity Vulnerability

Vulnerable Library - hoek-2.16.3.tgz

General purpose node utilities

path: /JustAPotato/node_modules/hoek/package.json

Library home page: http://registry.npmjs.org/hoek/-/hoek-2.16.3.tgz

Dependency Hierarchy:

  • hoek-2.16.3.tgz (Vulnerable Library)

Vulnerability Details

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.

Publish Date: 2018-03-30

URL: CVE-2018-3728

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: hapijs/hoek@623667e

Release Date: 2018-02-15

Fix Resolution: Replace or update the following files: index.js, index.js

Step up your Open Source Security Game with WhiteSource here

WS-2018-0210 Low Severity Vulnerability detected by WhiteSource

WS-2018-0210 - Low Severity Vulnerability

Vulnerable Library - lodash-4.17.10.tgz

Lodash modular utilities.

path: /JustAPotato/node_modules/lodash/package.json

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz

Dependency Hierarchy:

  • lodash-4.17.10.tgz (Vulnerable Library)

Vulnerability Details

In the node_module "lodash" before version 4.17.11 the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects.

Publish Date: 2018-11-25

URL: WS-2018-0210

CVSS 2 Score Details (3.5)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: lodash/lodash@90e6199

Release Date: 2018-08-31

Fix Resolution: Replace or update the following files: lodash.js, test.js

Step up your Open Source Security Game with WhiteSource here

WS-2017-0330 Low Severity Vulnerability detected by WhiteSource

WS-2017-0330 - Low Severity Vulnerability

Vulnerable Library - mime-1.3.6.tgz

A comprehensive library for mime-type mapping

path: /JustAPotato/node_modules/unirest/node_modules/mime/package.json

Library home page: https://registry.npmjs.org/mime/-/mime-1.3.6.tgz

Dependency Hierarchy:

  • mime-1.3.6.tgz (Vulnerable Library)

Vulnerability Details

Affected version of mime (1.0.0 throw 1.4.0 and 2.0.0 throw 2.0.2), are vulnerable to regular expression denial of service.

Publish Date: 2017-09-27

URL: WS-2017-0330

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

WS-2018-0076 Medium Severity Vulnerability detected by WhiteSource

WS-2018-0076 - Medium Severity Vulnerability

Vulnerable Library - tunnel-agent-0.4.3.tgz

HTTP proxy tunneling agent. Formerly part of mikeal/request, now a standalone module.

path: /JustAPotato/node_modules/unirest/node_modules/tunnel-agent/package.json

Library home page: https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.4.3.tgz

Dependency Hierarchy:

  • tunnel-agent-0.4.3.tgz (Vulnerable Library)

Vulnerability Details

Versions of tunnel-agent before 0.6.0 are vulnerable to memory exposure.

This is exploitable if user supplied input is provided to the auth value and is a number.

Publish Date: 2018-04-25

URL: WS-2018-0076

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

CVE-2016-2515 High Severity Vulnerability detected by WhiteSource

CVE-2016-2515 - High Severity Vulnerability

Vulnerable Library - hawk-3.1.3.tgz

HTTP Hawk Authentication Scheme

path: /JustAPotato/node_modules/hawk/package.json

Library home page: http://registry.npmjs.org/hawk/-/hawk-3.1.3.tgz

Dependency Hierarchy:

  • hawk-3.1.3.tgz (Vulnerable Library)

Vulnerability Details

Hawk before 3.1.3 and 4.x before 4.1.1 allow remote attackers to cause a denial of service (CPU consumption or partial outage) via a long (1) header or (2) URI that is matched against an improper regular expression.

Publish Date: 2016-04-13

URL: CVE-2016-2515

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/77

Release Date: 2016-01-19

Fix Resolution: Update to hawk version 4.1.1 or greater.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-1000620 High Severity Vulnerability detected by WhiteSource

CVE-2018-1000620 - High Severity Vulnerability

Vulnerable Library - cryptiles-2.0.5.tgz

General purpose crypto utilities

path: /JustAPotato/node_modules/cryptiles/package.json

Library home page: http://registry.npmjs.org/cryptiles/-/cryptiles-2.0.5.tgz

Dependency Hierarchy:

  • cryptiles-2.0.5.tgz (Vulnerable Library)

Vulnerability Details

Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.

Publish Date: 2018-07-09

URL: CVE-2018-1000620

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.