followers-app's People
followers-app's Issues
CVE-2018-19826 (Medium) detected in node-sass-v4.12.0
CVE-2018-19826 - Medium Severity Vulnerability
Vulnerable Library - node-sassv4.12.0
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Library Source Files (121)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
- /followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cencode.c
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.cpp
- /followers-app/node_modules/node-sass/src/callback_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
- /followers-app/node_modules/node-sass/src/sass_types/list.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/json.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /followers-app/node_modules/node-sass/src/sass_types/string.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.h
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
- /followers-app/node_modules/node-sass/src/sass_types/factory.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /followers-app/node_modules/node-sass/src/sass_types/color.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.hpp
- /followers-app/node_modules/node-sass/src/sass_types/value.h
- /followers-app/node_modules/node-sass/src/libsass/src/units.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.hpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /followers-app/node_modules/node-sass/src/binding.cpp
- /followers-app/node_modules/node-sass/src/sass_types/list.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
- /followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/values.cpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /followers-app/node_modules/node-sass/src/sass_types/number.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/c99func.c
- /followers-app/node_modules/node-sass/src/libsass/src/node.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
- /followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /followers-app/node_modules/node-sass/src/sass_types/null.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
- /followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.hpp
- /followers-app/node_modules/node-sass/src/sass_types/map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/units.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
- /followers-app/node_modules/node-sass/src/sass_types/color.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.hpp
Vulnerability Details
** DISPUTED ** In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. NOTE: Upstream comments indicate this issue is closed as "won't fix" and "works as intended" by design.
Publish Date: 2018-12-03
URL: CVE-2018-19826
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
WS-2019-0017 (Medium) detected in clean-css-4.1.9.tgz
WS-2019-0017 - Medium Severity Vulnerability
Vulnerable Library - clean-css-4.1.9.tgz
A well-tested CSS minifier
Library home page: https://registry.npmjs.org/clean-css/-/clean-css-4.1.9.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/clean-css/package.json
Dependency Hierarchy:
- cli-1.6.6.tgz (Root Library)
- html-webpack-plugin-2.30.1.tgz
- html-minifier-3.5.9.tgz
- โ clean-css-4.1.9.tgz (Vulnerable Library)
- html-minifier-3.5.9.tgz
- html-webpack-plugin-2.30.1.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
Version of clean-css prior to 4.1.11 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.
Publish Date: 2019-02-21
URL: WS-2019-0017
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/785
Release Date: 2019-02-21
Fix Resolution: v4.1.11
Step up your Open Source Security Game with WhiteSource here
WS-2019-0064 (High) detected in handlebars-4.0.11.tgz
WS-2019-0064 - High Severity Vulnerability
Vulnerable Library - handlebars-4.0.11.tgz
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.0.11.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/handlebars/package.json
Dependency Hierarchy:
- karma-coverage-istanbul-reporter-1.4.1.tgz (Root Library)
- istanbul-api-1.2.2.tgz
- istanbul-reports-1.1.4.tgz
- โ handlebars-4.0.11.tgz (Vulnerable Library)
- istanbul-reports-1.1.4.tgz
- istanbul-api-1.2.2.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.
Publish Date: 2019-04-30
URL: WS-2019-0064
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/755/versions
Release Date: 2019-04-30
Fix Resolution: 1.0.6-2,4.0.14,4.1.2
Step up your Open Source Security Game with WhiteSource here
CVE-2018-20821 (Medium) detected in node-sass-v4.12.0
CVE-2018-20821 - Medium Severity Vulnerability
Vulnerable Library - node-sassv4.12.0
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Library Source Files (121)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
- /followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cencode.c
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.cpp
- /followers-app/node_modules/node-sass/src/callback_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
- /followers-app/node_modules/node-sass/src/sass_types/list.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/json.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /followers-app/node_modules/node-sass/src/sass_types/string.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.h
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
- /followers-app/node_modules/node-sass/src/sass_types/factory.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /followers-app/node_modules/node-sass/src/sass_types/color.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.hpp
- /followers-app/node_modules/node-sass/src/sass_types/value.h
- /followers-app/node_modules/node-sass/src/libsass/src/units.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.hpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /followers-app/node_modules/node-sass/src/binding.cpp
- /followers-app/node_modules/node-sass/src/sass_types/list.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
- /followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/values.cpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /followers-app/node_modules/node-sass/src/sass_types/number.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/c99func.c
- /followers-app/node_modules/node-sass/src/libsass/src/node.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
- /followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /followers-app/node_modules/node-sass/src/sass_types/null.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
- /followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.hpp
- /followers-app/node_modules/node-sass/src/sass_types/map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/units.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
- /followers-app/node_modules/node-sass/src/sass_types/color.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.hpp
Vulnerability Details
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).
Publish Date: 2019-04-23
URL: CVE-2018-20821
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
WS-2018-0021 (Medium) detected in bootstrap-3.3.7.tgz
WS-2018-0021 - Medium Severity Vulnerability
Vulnerable Library - bootstrap-3.3.7.tgz
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://registry.npmjs.org/bootstrap/-/bootstrap-3.3.7.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /followers-app/node_modules/bootstrap/package.json
Dependency Hierarchy:
- โ bootstrap-3.3.7.tgz (Vulnerable Library)
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
XSS in data-target in bootstrap (3.3.7 and before)
Publish Date: 2017-06-27
URL: WS-2018-0021
Suggested Fix
Type: Change files
Origin: twbs/bootstrap@d9be1da
Release Date: 2017-08-25
Fix Resolution: Replace or update the following files: alert.js, carousel.js, collapse.js, dropdown.js, modal.js
Step up your Open Source Security Game with WhiteSource here
CVE-2018-16487 (High) detected in lodash-4.17.5.tgz, lodash-3.10.1.tgz
CVE-2018-16487 - High Severity Vulnerability
Vulnerable Libraries - lodash-4.17.5.tgz, lodash-3.10.1.tgz
lodash-4.17.5.tgz
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.5.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/lodash/package.json
Dependency Hierarchy:
- cli-1.6.6.tgz (Root Library)
- โ lodash-4.17.5.tgz (Vulnerable Library)
lodash-3.10.1.tgz
The modern build of lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/karma/node_modules/lodash/package.json
Dependency Hierarchy:
- karma-1.7.1.tgz (Root Library)
- โ lodash-3.10.1.tgz (Vulnerable Library)
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
Publish Date: 2019-02-01
URL: CVE-2018-16487
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16487
Release Date: 2019-02-01
Fix Resolution: 4.17.11
Step up your Open Source Security Game with WhiteSource here
CVE-2018-3739 (High) detected in https-proxy-agent-1.0.0.tgz
CVE-2018-3739 - High Severity Vulnerability
Vulnerable Library - https-proxy-agent-1.0.0.tgz
An HTTP(s) proxy `http.Agent` implementation for HTTPS
Library home page: https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-1.0.0.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/https-proxy-agent/package.json
Dependency Hierarchy:
- protractor-5.1.2.tgz (Root Library)
- saucelabs-1.3.0.tgz
- โ https-proxy-agent-1.0.0.tgz (Vulnerable Library)
- saucelabs-1.3.0.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).
Publish Date: 2018-06-07
URL: CVE-2018-3739
CVSS 3 Score Details (9.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3739
Release Date: 2018-06-07
Fix Resolution: 2.1.1
Step up your Open Source Security Game with WhiteSource here
CVE-2017-15010 (High) detected in tough-cookie-2.3.2.tgz
CVE-2017-15010 - High Severity Vulnerability
Vulnerable Library - tough-cookie-2.3.2.tgz
RFC6265 Cookies and Cookie Jar for node.js
Library home page: https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.3.2.tgz
Dependency Hierarchy:
- karma-1.7.1.tgz (Root Library)
- chokidar-1.7.0.tgz
- fsevents-1.1.3.tgz
- node-pre-gyp-0.6.39.tgz
- request-2.81.0.tgz
- โ tough-cookie-2.3.2.tgz (Vulnerable Library)
- request-2.81.0.tgz
- node-pre-gyp-0.6.39.tgz
- fsevents-1.1.3.tgz
- chokidar-1.7.0.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.
Publish Date: 2017-10-04
URL: CVE-2017-15010
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-15010
Release Date: 2017-10-04
Fix Resolution: 2.3.3
Step up your Open Source Security Game with WhiteSource here
CVE-2018-11696 (High) detected in node-sass-v4.12.0
CVE-2018-11696 - High Severity Vulnerability
Vulnerable Library - node-sassv4.12.0
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Library Source Files (121)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
- /followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cencode.c
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.cpp
- /followers-app/node_modules/node-sass/src/callback_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
- /followers-app/node_modules/node-sass/src/sass_types/list.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/json.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /followers-app/node_modules/node-sass/src/sass_types/string.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.h
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
- /followers-app/node_modules/node-sass/src/sass_types/factory.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /followers-app/node_modules/node-sass/src/sass_types/color.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.hpp
- /followers-app/node_modules/node-sass/src/sass_types/value.h
- /followers-app/node_modules/node-sass/src/libsass/src/units.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.hpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /followers-app/node_modules/node-sass/src/binding.cpp
- /followers-app/node_modules/node-sass/src/sass_types/list.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
- /followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/values.cpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /followers-app/node_modules/node-sass/src/sass_types/number.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/c99func.c
- /followers-app/node_modules/node-sass/src/libsass/src/node.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
- /followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /followers-app/node_modules/node-sass/src/sass_types/null.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
- /followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.hpp
- /followers-app/node_modules/node-sass/src/sass_types/map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/units.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
- /followers-app/node_modules/node-sass/src/sass_types/color.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.hpp
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11696
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
CVE-2018-19838 (Medium) detected in node-sass-v4.12.0
CVE-2018-19838 - Medium Severity Vulnerability
Vulnerable Library - node-sassv4.12.0
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Library Source Files (121)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
- /followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cencode.c
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.cpp
- /followers-app/node_modules/node-sass/src/callback_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
- /followers-app/node_modules/node-sass/src/sass_types/list.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/json.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /followers-app/node_modules/node-sass/src/sass_types/string.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.h
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
- /followers-app/node_modules/node-sass/src/sass_types/factory.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /followers-app/node_modules/node-sass/src/sass_types/color.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.hpp
- /followers-app/node_modules/node-sass/src/sass_types/value.h
- /followers-app/node_modules/node-sass/src/libsass/src/units.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.hpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /followers-app/node_modules/node-sass/src/binding.cpp
- /followers-app/node_modules/node-sass/src/sass_types/list.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
- /followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/values.cpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /followers-app/node_modules/node-sass/src/sass_types/number.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/c99func.c
- /followers-app/node_modules/node-sass/src/libsass/src/node.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
- /followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /followers-app/node_modules/node-sass/src/sass_types/null.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
- /followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.hpp
- /followers-app/node_modules/node-sass/src/sass_types/map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/units.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
- /followers-app/node_modules/node-sass/src/sass_types/color.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.hpp
Vulnerability Details
In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().
Publish Date: 2018-12-04
URL: CVE-2018-19838
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19838
Fix Resolution: 3.5.5
Step up your Open Source Security Game with WhiteSource here
CVE-2018-19839 (Medium) detected in openalpr-v2.3.0
CVE-2018-19839 - Medium Severity Vulnerability
Vulnerable Library - openalprv2.3.0
Automatic License Plate Recognition library
Library home page: https://github.com/openalpr/openalpr.git
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Library Source Files (3)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /followers-app/node_modules/node-sass/src/libsass/src/utf8/core.h
- /followers-app/node_modules/node-sass/src/libsass/src/utf8/checked.h
- /followers-app/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
Vulnerability Details
In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.
Publish Date: 2018-12-04
URL: CVE-2018-19839
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19839
Fix Resolution: 3.5.5
Step up your Open Source Security Game with WhiteSource here
CVE-2018-11695 (High) detected in node-sass-v4.12.0
CVE-2018-11695 - High Severity Vulnerability
Vulnerable Library - node-sassv4.12.0
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Library Source Files (121)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
- /followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cencode.c
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.cpp
- /followers-app/node_modules/node-sass/src/callback_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
- /followers-app/node_modules/node-sass/src/sass_types/list.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/json.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /followers-app/node_modules/node-sass/src/sass_types/string.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.h
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
- /followers-app/node_modules/node-sass/src/sass_types/factory.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /followers-app/node_modules/node-sass/src/sass_types/color.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.hpp
- /followers-app/node_modules/node-sass/src/sass_types/value.h
- /followers-app/node_modules/node-sass/src/libsass/src/units.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.hpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /followers-app/node_modules/node-sass/src/binding.cpp
- /followers-app/node_modules/node-sass/src/sass_types/list.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
- /followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/values.cpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /followers-app/node_modules/node-sass/src/sass_types/number.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/c99func.c
- /followers-app/node_modules/node-sass/src/libsass/src/node.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
- /followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /followers-app/node_modules/node-sass/src/sass_types/null.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
- /followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.hpp
- /followers-app/node_modules/node-sass/src/sass_types/map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/units.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
- /followers-app/node_modules/node-sass/src/sass_types/color.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.hpp
Vulnerability Details
An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11695
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
WS-2018-0103 (Medium) detected in stringstream-0.0.5.tgz
WS-2018-0103 - Medium Severity Vulnerability
Vulnerable Library - stringstream-0.0.5.tgz
Encode and decode streams into string streams
Library home page: https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/stringstream/package.json
Dependency Hierarchy:
- karma-1.7.1.tgz (Root Library)
- chokidar-1.7.0.tgz
- fsevents-1.1.3.tgz
- node-pre-gyp-0.6.39.tgz
- request-2.81.0.tgz
- โ stringstream-0.0.5.tgz (Vulnerable Library)
- request-2.81.0.tgz
- node-pre-gyp-0.6.39.tgz
- fsevents-1.1.3.tgz
- chokidar-1.7.0.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
All versions of stringstream are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below.
Publish Date: 2018-05-16
URL: WS-2018-0103
Step up your Open Source Security Game with WhiteSource here
CVE-2018-13797 (High) detected in macaddress-0.2.8.tgz
CVE-2018-13797 - High Severity Vulnerability
Vulnerable Library - macaddress-0.2.8.tgz
Get the MAC addresses (hardware addresses) of the hosts network interfaces.
Library home page: https://registry.npmjs.org/macaddress/-/macaddress-0.2.8.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/macaddress/package.json
Dependency Hierarchy:
- cli-1.6.6.tgz (Root Library)
- cssnano-3.10.0.tgz
- postcss-filter-plugins-2.0.2.tgz
- uniqid-4.1.1.tgz
- โ macaddress-0.2.8.tgz (Vulnerable Library)
- uniqid-4.1.1.tgz
- postcss-filter-plugins-2.0.2.tgz
- cssnano-3.10.0.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.
Publish Date: 2018-07-10
URL: CVE-2018-13797
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-13797
Release Date: 2018-07-10
Fix Resolution: 0.2.9
Step up your Open Source Security Game with WhiteSource here
CVE-2018-11694 (High) detected in node-sass-v4.12.0
CVE-2018-11694 - High Severity Vulnerability
Vulnerable Library - node-sassv4.12.0
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Library Source Files (121)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
- /followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cencode.c
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.cpp
- /followers-app/node_modules/node-sass/src/callback_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
- /followers-app/node_modules/node-sass/src/sass_types/list.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/json.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /followers-app/node_modules/node-sass/src/sass_types/string.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.h
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
- /followers-app/node_modules/node-sass/src/sass_types/factory.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /followers-app/node_modules/node-sass/src/sass_types/color.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.hpp
- /followers-app/node_modules/node-sass/src/sass_types/value.h
- /followers-app/node_modules/node-sass/src/libsass/src/units.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.hpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /followers-app/node_modules/node-sass/src/binding.cpp
- /followers-app/node_modules/node-sass/src/sass_types/list.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
- /followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/values.cpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /followers-app/node_modules/node-sass/src/sass_types/number.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/c99func.c
- /followers-app/node_modules/node-sass/src/libsass/src/node.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
- /followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /followers-app/node_modules/node-sass/src/sass_types/null.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
- /followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.hpp
- /followers-app/node_modules/node-sass/src/sass_types/map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/units.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
- /followers-app/node_modules/node-sass/src/sass_types/color.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.hpp
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11694
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
WS-2018-0072 (High) detected in https-proxy-agent-1.0.0.tgz
WS-2018-0072 - High Severity Vulnerability
Vulnerable Library - https-proxy-agent-1.0.0.tgz
An HTTP(s) proxy `http.Agent` implementation for HTTPS
Library home page: https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-1.0.0.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/https-proxy-agent/package.json
Dependency Hierarchy:
- protractor-5.1.2.tgz (Root Library)
- saucelabs-1.3.0.tgz
- โ https-proxy-agent-1.0.0.tgz (Vulnerable Library)
- saucelabs-1.3.0.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
Versions of https-proxy-agent before 2.2.0 are vulnerable to a denial of service. This is due to unsanitized options (proxy.auth) being passed to Buffer().
Publish Date: 2018-04-25
URL: WS-2018-0072
Suggested Fix
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/593
Release Date: 2018-01-27
Fix Resolution: 2.2.0
Step up your Open Source Security Game with WhiteSource here
CVE-2018-14041 (Medium) detected in bootstrap-3.3.7.tgz
CVE-2018-14041 - Medium Severity Vulnerability
Vulnerable Library - bootstrap-3.3.7.tgz
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://registry.npmjs.org/bootstrap/-/bootstrap-3.3.7.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /followers-app/node_modules/bootstrap/package.json
Dependency Hierarchy:
- โ bootstrap-3.3.7.tgz (Vulnerable Library)
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
Publish Date: 2018-07-13
URL: CVE-2018-14041
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Change files
Origin: twbs/bootstrap@3229efc
Release Date: 2018-05-30
Fix Resolution: Replace or update the following file: scrollspy.js
Step up your Open Source Security Game with WhiteSource here
WS-2018-0113 (High) detected in macaddress-0.2.8.tgz
WS-2018-0113 - High Severity Vulnerability
Vulnerable Library - macaddress-0.2.8.tgz
Get the MAC addresses (hardware addresses) of the hosts network interfaces.
Library home page: https://registry.npmjs.org/macaddress/-/macaddress-0.2.8.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/macaddress/package.json
Dependency Hierarchy:
- cli-1.6.6.tgz (Root Library)
- cssnano-3.10.0.tgz
- postcss-filter-plugins-2.0.2.tgz
- uniqid-4.1.1.tgz
- โ macaddress-0.2.8.tgz (Vulnerable Library)
- uniqid-4.1.1.tgz
- postcss-filter-plugins-2.0.2.tgz
- cssnano-3.10.0.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
All versions of macaddress are vulnerable to command injection. For this vulnerability to be exploited an attacker needs to control the iface argument to the one method.
Publish Date: 2018-05-16
URL: WS-2018-0113
Suggested Fix
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/654
Release Date: 2018-05-16
Fix Resolution: No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is provided.
Step up your Open Source Security Game with WhiteSource here
WS-2019-0032 (Medium) detected in js-yaml-3.7.0.tgz
WS-2019-0032 - Medium Severity Vulnerability
Vulnerable Library - js-yaml-3.7.0.tgz
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.7.0.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/js-yaml/package.json
Dependency Hierarchy:
- karma-coverage-istanbul-reporter-1.4.1.tgz (Root Library)
- istanbul-api-1.2.2.tgz
- โ js-yaml-3.7.0.tgz (Vulnerable Library)
- istanbul-api-1.2.2.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
Versions js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.
Publish Date: 2019-03-26
URL: WS-2019-0032
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/788/versions
Release Date: 2019-03-26
Fix Resolution: 3.13.0
Step up your Open Source Security Game with WhiteSource here
WS-2019-0047 (Medium) detected in tar-2.2.1.tgz
WS-2019-0047 - Medium Severity Vulnerability
Vulnerable Library - tar-2.2.1.tgz
tar for node
Library home page: https://registry.npmjs.org/tar/-/tar-2.2.1.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/tar/package.json
Dependency Hierarchy:
- karma-1.7.1.tgz (Root Library)
- chokidar-1.7.0.tgz
- fsevents-1.1.3.tgz
- node-pre-gyp-0.6.39.tgz
- โ tar-2.2.1.tgz (Vulnerable Library)
- node-pre-gyp-0.6.39.tgz
- fsevents-1.1.3.tgz
- chokidar-1.7.0.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
Versions of node-tar prior to 4.4.2 are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file.
Publish Date: 2019-04-05
URL: WS-2019-0047
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/803
Release Date: 2019-04-05
Fix Resolution: 4.4.2
Step up your Open Source Security Game with WhiteSource here
CVE-2018-11697 (High) detected in node-sass-v4.12.0
CVE-2018-11697 - High Severity Vulnerability
Vulnerable Library - node-sassv4.12.0
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Library Source Files (121)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
- /followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cencode.c
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.cpp
- /followers-app/node_modules/node-sass/src/callback_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
- /followers-app/node_modules/node-sass/src/sass_types/list.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/json.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /followers-app/node_modules/node-sass/src/sass_types/string.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.h
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
- /followers-app/node_modules/node-sass/src/sass_types/factory.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /followers-app/node_modules/node-sass/src/sass_types/color.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.hpp
- /followers-app/node_modules/node-sass/src/sass_types/value.h
- /followers-app/node_modules/node-sass/src/libsass/src/units.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.hpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /followers-app/node_modules/node-sass/src/binding.cpp
- /followers-app/node_modules/node-sass/src/sass_types/list.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
- /followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/values.cpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /followers-app/node_modules/node-sass/src/sass_types/number.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/c99func.c
- /followers-app/node_modules/node-sass/src/libsass/src/node.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
- /followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /followers-app/node_modules/node-sass/src/sass_types/null.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
- /followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.hpp
- /followers-app/node_modules/node-sass/src/sass_types/map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/units.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
- /followers-app/node_modules/node-sass/src/sass_types/color.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.hpp
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11697
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
CVE-2018-11499 (High) detected in node-sass-v4.12.0
CVE-2018-11499 - High Severity Vulnerability
Vulnerable Library - node-sassv4.12.0
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Library Source Files (121)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
- /followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cencode.c
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.cpp
- /followers-app/node_modules/node-sass/src/callback_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
- /followers-app/node_modules/node-sass/src/sass_types/list.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/json.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /followers-app/node_modules/node-sass/src/sass_types/string.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.h
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
- /followers-app/node_modules/node-sass/src/sass_types/factory.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /followers-app/node_modules/node-sass/src/sass_types/color.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.hpp
- /followers-app/node_modules/node-sass/src/sass_types/value.h
- /followers-app/node_modules/node-sass/src/libsass/src/units.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.hpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /followers-app/node_modules/node-sass/src/binding.cpp
- /followers-app/node_modules/node-sass/src/sass_types/list.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
- /followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/values.cpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /followers-app/node_modules/node-sass/src/sass_types/number.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/c99func.c
- /followers-app/node_modules/node-sass/src/libsass/src/node.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
- /followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /followers-app/node_modules/node-sass/src/sass_types/null.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
- /followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.hpp
- /followers-app/node_modules/node-sass/src/sass_types/map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/units.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
- /followers-app/node_modules/node-sass/src/sass_types/color.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.hpp
Vulnerability Details
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.
Publish Date: 2018-05-26
URL: CVE-2018-11499
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
CVE-2018-3728 (High) detected in hoek-2.16.3.tgz
CVE-2018-3728 - High Severity Vulnerability
Vulnerable Library - hoek-2.16.3.tgz
General purpose node utilities
Library home page: https://registry.npmjs.org/hoek/-/hoek-2.16.3.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/hoek/package.json
Dependency Hierarchy:
- karma-1.7.1.tgz (Root Library)
- chokidar-1.7.0.tgz
- fsevents-1.1.3.tgz
- node-pre-gyp-0.6.39.tgz
- hawk-3.1.3.tgz
- sntp-1.0.9.tgz
- โ hoek-2.16.3.tgz (Vulnerable Library)
- sntp-1.0.9.tgz
- hawk-3.1.3.tgz
- node-pre-gyp-0.6.39.tgz
- fsevents-1.1.3.tgz
- chokidar-1.7.0.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.
Publish Date: 2018-03-30
URL: CVE-2018-3728
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Change files
Origin: hapijs/hoek@623667e
Release Date: 2018-02-15
Fix Resolution: Replace or update the following files: index.js, index.js
Step up your Open Source Security Game with WhiteSource here
WS-2017-0421 (High) detected in ws-1.1.2.tgz
WS-2017-0421 - High Severity Vulnerability
Vulnerable Library - ws-1.1.2.tgz
simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455
Library home page: https://registry.npmjs.org/ws/-/ws-1.1.2.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/ws/package.json
Dependency Hierarchy:
- karma-1.7.1.tgz (Root Library)
- socket.io-1.7.3.tgz
- engine.io-1.8.3.tgz
- โ ws-1.1.2.tgz (Vulnerable Library)
- engine.io-1.8.3.tgz
- socket.io-1.7.3.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
Affected version of ws (0.2.6--3.3.0) are vulnerable to A specially crafted value of the Sec-WebSocket-Extensions header that used Object.prototype property names as extension or parameter names could be used to make a ws server crash.
Publish Date: 2017-11-08
URL: WS-2017-0421
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/550/versions
Release Date: 2019-01-24
Fix Resolution: 3.3.1
Step up your Open Source Security Game with WhiteSource here
CVE-2018-11698 (High) detected in node-sass-v4.12.0
CVE-2018-11698 - High Severity Vulnerability
Vulnerable Library - node-sassv4.12.0
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Library Source Files (121)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
- /followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cencode.c
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.cpp
- /followers-app/node_modules/node-sass/src/callback_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
- /followers-app/node_modules/node-sass/src/sass_types/list.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/json.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /followers-app/node_modules/node-sass/src/sass_types/string.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.h
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
- /followers-app/node_modules/node-sass/src/sass_types/factory.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /followers-app/node_modules/node-sass/src/sass_types/color.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.hpp
- /followers-app/node_modules/node-sass/src/sass_types/value.h
- /followers-app/node_modules/node-sass/src/libsass/src/units.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.hpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /followers-app/node_modules/node-sass/src/binding.cpp
- /followers-app/node_modules/node-sass/src/sass_types/list.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
- /followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/values.cpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /followers-app/node_modules/node-sass/src/sass_types/number.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/c99func.c
- /followers-app/node_modules/node-sass/src/libsass/src/node.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
- /followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /followers-app/node_modules/node-sass/src/sass_types/null.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
- /followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.hpp
- /followers-app/node_modules/node-sass/src/sass_types/map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/units.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
- /followers-app/node_modules/node-sass/src/sass_types/color.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.hpp
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11698
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
CVE-2018-3721 (Medium) detected in lodash-3.10.1.tgz
CVE-2018-3721 - Medium Severity Vulnerability
Vulnerable Library - lodash-3.10.1.tgz
The modern build of lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/karma/node_modules/lodash/package.json
Dependency Hierarchy:
- karma-1.7.1.tgz (Root Library)
- โ lodash-3.10.1.tgz (Vulnerable Library)
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.
Publish Date: 2018-06-07
URL: CVE-2018-3721
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-3721
Release Date: 2018-06-07
Fix Resolution: 4.17.5
Step up your Open Source Security Game with WhiteSource here
CVE-2018-14040 (Medium) detected in bootstrap-3.3.7.tgz
CVE-2018-14040 - Medium Severity Vulnerability
Vulnerable Library - bootstrap-3.3.7.tgz
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://registry.npmjs.org/bootstrap/-/bootstrap-3.3.7.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /followers-app/node_modules/bootstrap/package.json
Dependency Hierarchy:
- โ bootstrap-3.3.7.tgz (Vulnerable Library)
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
Publish Date: 2018-07-13
URL: CVE-2018-14040
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14040
Release Date: 2018-07-13
Fix Resolution: 4.1.2
Step up your Open Source Security Game with WhiteSource here
CVE-2017-16113 (High) detected in parsejson-0.0.3.tgz
CVE-2017-16113 - High Severity Vulnerability
Vulnerable Library - parsejson-0.0.3.tgz
Method that parses a JSON string and returns a JSON object
Library home page: https://registry.npmjs.org/parsejson/-/parsejson-0.0.3.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/parsejson/package.json
Dependency Hierarchy:
- karma-1.7.1.tgz (Root Library)
- socket.io-1.7.3.tgz
- socket.io-client-1.7.3.tgz
- engine.io-client-1.8.3.tgz
- โ parsejson-0.0.3.tgz (Vulnerable Library)
- engine.io-client-1.8.3.tgz
- socket.io-client-1.7.3.tgz
- socket.io-1.7.3.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.
Publish Date: 2018-06-07
URL: CVE-2017-16113
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
CVE-2018-19837 (Medium) detected in node-sass-v4.12.0
CVE-2018-19837 - Medium Severity Vulnerability
Vulnerable Library - node-sassv4.12.0
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Library Source Files (121)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
- /followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cencode.c
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.cpp
- /followers-app/node_modules/node-sass/src/callback_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
- /followers-app/node_modules/node-sass/src/sass_types/list.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/json.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /followers-app/node_modules/node-sass/src/sass_types/string.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.h
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
- /followers-app/node_modules/node-sass/src/sass_types/factory.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /followers-app/node_modules/node-sass/src/sass_types/color.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.hpp
- /followers-app/node_modules/node-sass/src/sass_types/value.h
- /followers-app/node_modules/node-sass/src/libsass/src/units.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.hpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /followers-app/node_modules/node-sass/src/binding.cpp
- /followers-app/node_modules/node-sass/src/sass_types/list.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
- /followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/values.cpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /followers-app/node_modules/node-sass/src/sass_types/number.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/c99func.c
- /followers-app/node_modules/node-sass/src/libsass/src/node.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
- /followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /followers-app/node_modules/node-sass/src/sass_types/null.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
- /followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.hpp
- /followers-app/node_modules/node-sass/src/sass_types/map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/units.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
- /followers-app/node_modules/node-sass/src/sass_types/color.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.hpp
Vulnerability Details
In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp.
Publish Date: 2018-12-04
URL: CVE-2018-19837
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19837
Fix Resolution: 3.5.5
Step up your Open Source Security Game with WhiteSource here
CVE-2018-16492 (High) detected in extend-3.0.1.tgz
CVE-2018-16492 - High Severity Vulnerability
Vulnerable Library - extend-3.0.1.tgz
Port of jQuery.extend for node.js and the browser
Library home page: https://registry.npmjs.org/extend/-/extend-3.0.1.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/extend/package.json
Dependency Hierarchy:
- karma-1.7.1.tgz (Root Library)
- dom-serialize-2.2.1.tgz
- โ extend-3.0.1.tgz (Vulnerable Library)
- dom-serialize-2.2.1.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.
Publish Date: 2019-02-01
URL: CVE-2018-16492
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://hackerone.com/reports/381185
Release Date: 2019-02-01
Fix Resolution: v3.0.2,v2.0.2
Step up your Open Source Security Game with WhiteSource here
CVE-2018-1002204 (Medium) detected in adm-zip-0.4.7.tgz, adm-zip-0.4.4.tgz
CVE-2018-1002204 - Medium Severity Vulnerability
Vulnerable Libraries - adm-zip-0.4.7.tgz, adm-zip-0.4.4.tgz
adm-zip-0.4.7.tgz
A Javascript implementation of zip for nodejs. Allows user to create or extract zip files both in memory or to/from disk
Library home page: https://registry.npmjs.org/adm-zip/-/adm-zip-0.4.7.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/adm-zip/package.json
Dependency Hierarchy:
- protractor-5.1.2.tgz (Root Library)
- webdriver-manager-12.0.6.tgz
- โ adm-zip-0.4.7.tgz (Vulnerable Library)
- webdriver-manager-12.0.6.tgz
adm-zip-0.4.4.tgz
A Javascript implementation of zip for nodejs. Allows user to create or extract zip files both in memory or to/from disk
Library home page: https://registry.npmjs.org/adm-zip/-/adm-zip-0.4.4.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/webdriver-js-extender/node_modules/adm-zip/package.json
Dependency Hierarchy:
- protractor-5.1.2.tgz (Root Library)
- webdriver-js-extender-1.0.0.tgz
- selenium-webdriver-2.53.3.tgz
- โ adm-zip-0.4.4.tgz (Vulnerable Library)
- selenium-webdriver-2.53.3.tgz
- webdriver-js-extender-1.0.0.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
Publish Date: 2018-07-25
URL: CVE-2018-1002204
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-1002204
Release Date: 2018-07-25
Fix Resolution: 0.4.9
Step up your Open Source Security Game with WhiteSource here
CVE-2018-3774 (High) detected in url-parse-1.0.5.tgz, url-parse-1.2.0.tgz
CVE-2018-3774 - High Severity Vulnerability
Vulnerable Libraries - url-parse-1.0.5.tgz, url-parse-1.2.0.tgz
url-parse-1.0.5.tgz
Small footprint URL parser that works seamlessly across Node.js and browser environments
Library home page: https://registry.npmjs.org/url-parse/-/url-parse-1.0.5.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/original/node_modules/url-parse/package.json
Dependency Hierarchy:
- cli-1.6.6.tgz (Root Library)
- webpack-dev-server-2.11.1.tgz
- sockjs-client-1.1.4.tgz
- eventsource-0.1.6.tgz
- original-1.0.0.tgz
- โ url-parse-1.0.5.tgz (Vulnerable Library)
- original-1.0.0.tgz
- eventsource-0.1.6.tgz
- sockjs-client-1.1.4.tgz
- webpack-dev-server-2.11.1.tgz
url-parse-1.2.0.tgz
Small footprint URL parser that works seamlessly across Node.js and browser environments
Library home page: https://registry.npmjs.org/url-parse/-/url-parse-1.2.0.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/url-parse/package.json
Dependency Hierarchy:
- cli-1.6.6.tgz (Root Library)
- webpack-dev-server-2.11.1.tgz
- sockjs-client-1.1.4.tgz
- โ url-parse-1.2.0.tgz (Vulnerable Library)
- sockjs-client-1.1.4.tgz
- webpack-dev-server-2.11.1.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.
Publish Date: 2018-08-12
URL: CVE-2018-3774
CVSS 3 Score Details (10.0)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-3774
Release Date: 2018-08-12
Fix Resolution: 1.4.3
Step up your Open Source Security Game with WhiteSource here
WS-2017-0247 (Low) detected in ms-0.7.1.tgz, ms-0.7.2.tgz
WS-2017-0247 - Low Severity Vulnerability
Vulnerable Libraries - ms-0.7.1.tgz, ms-0.7.2.tgz
ms-0.7.1.tgz
Tiny ms conversion utility
Library home page: https://registry.npmjs.org/ms/-/ms-0.7.1.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/socket.io-parser/node_modules/ms/package.json
Dependency Hierarchy:
- karma-1.7.1.tgz (Root Library)
- socket.io-1.7.3.tgz
- socket.io-parser-2.3.1.tgz
- debug-2.2.0.tgz
- โ ms-0.7.1.tgz (Vulnerable Library)
- debug-2.2.0.tgz
- socket.io-parser-2.3.1.tgz
- socket.io-1.7.3.tgz
ms-0.7.2.tgz
Tiny milisecond conversion utility
Library home page: https://registry.npmjs.org/ms/-/ms-0.7.2.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/engine.io-client/node_modules/ms/package.json
Dependency Hierarchy:
- karma-1.7.1.tgz (Root Library)
- socket.io-1.7.3.tgz
- engine.io-1.8.3.tgz
- debug-2.3.3.tgz
- โ ms-0.7.2.tgz (Vulnerable Library)
- debug-2.3.3.tgz
- engine.io-1.8.3.tgz
- socket.io-1.7.3.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS).
Publish Date: 2017-05-15
URL: WS-2017-0247
Suggested Fix
Type: Change files
Origin: vercel/ms@305f2dd
Release Date: 2017-04-12
Fix Resolution: Replace or update the following file: index.js
Step up your Open Source Security Game with WhiteSource here
CVE-2018-14042 (Medium) detected in bootstrap-3.3.7.tgz
CVE-2018-14042 - Medium Severity Vulnerability
Vulnerable Library - bootstrap-3.3.7.tgz
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://registry.npmjs.org/bootstrap/-/bootstrap-3.3.7.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /followers-app/node_modules/bootstrap/package.json
Dependency Hierarchy:
- โ bootstrap-3.3.7.tgz (Vulnerable Library)
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
Publish Date: 2018-07-13
URL: CVE-2018-14042
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14042
Release Date: 2018-07-13
Fix Resolution: 4.1.2
Step up your Open Source Security Game with WhiteSource here
WS-2018-0076 (Medium) detected in tunnel-agent-0.4.3.tgz
WS-2018-0076 - Medium Severity Vulnerability
Vulnerable Library - tunnel-agent-0.4.3.tgz
HTTP proxy tunneling agent. Formerly part of mikeal/request, now a standalone module.
Library home page: https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.4.3.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/node-sass/node_modules/tunnel-agent/package.json
Dependency Hierarchy:
- cli-1.6.6.tgz (Root Library)
- node-sass-4.7.2.tgz
- request-2.79.0.tgz
- โ tunnel-agent-0.4.3.tgz (Vulnerable Library)
- request-2.79.0.tgz
- node-sass-4.7.2.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
Versions of tunnel-agent before 0.6.0 are vulnerable to memory exposure.
This is exploitable if user supplied input is provided to the auth value and is a number.
Publish Date: 2018-04-25
URL: WS-2018-0076
Suggested Fix
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/598
Release Date: 2018-01-27
Fix Resolution: 0.6.0
Step up your Open Source Security Game with WhiteSource here
CVE-2018-20190 (Medium) detected in node-sass-v4.12.0
CVE-2018-20190 - Medium Severity Vulnerability
Vulnerable Library - node-sassv4.12.0
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Library Source Files (121)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
- /followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cencode.c
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.cpp
- /followers-app/node_modules/node-sass/src/callback_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
- /followers-app/node_modules/node-sass/src/sass_types/list.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/json.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /followers-app/node_modules/node-sass/src/sass_types/string.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.h
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
- /followers-app/node_modules/node-sass/src/sass_types/factory.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /followers-app/node_modules/node-sass/src/sass_types/color.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.hpp
- /followers-app/node_modules/node-sass/src/sass_types/value.h
- /followers-app/node_modules/node-sass/src/libsass/src/units.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.hpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /followers-app/node_modules/node-sass/src/binding.cpp
- /followers-app/node_modules/node-sass/src/sass_types/list.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
- /followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/values.cpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /followers-app/node_modules/node-sass/src/sass_types/number.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/c99func.c
- /followers-app/node_modules/node-sass/src/libsass/src/node.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
- /followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /followers-app/node_modules/node-sass/src/sass_types/null.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
- /followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.hpp
- /followers-app/node_modules/node-sass/src/sass_types/map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/units.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
- /followers-app/node_modules/node-sass/src/sass_types/color.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.hpp
Vulnerability Details
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.
Publish Date: 2018-12-17
URL: CVE-2018-20190
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
CVE-2018-3745 (High) detected in atob-2.0.3.tgz
CVE-2018-3745 - High Severity Vulnerability
Vulnerable Library - atob-2.0.3.tgz
atob for Node.JS and Linux / Mac / Windows CLI (it's a one-liner)
Library home page: https://registry.npmjs.org/atob/-/atob-2.0.3.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/atob/package.json
Dependency Hierarchy:
- cli-1.6.6.tgz (Root Library)
- webpack-dev-server-2.11.1.tgz
- chokidar-2.0.2.tgz
- braces-2.3.0.tgz
- snapdragon-0.8.1.tgz
- source-map-resolve-0.5.1.tgz
- โ atob-2.0.3.tgz (Vulnerable Library)
- source-map-resolve-0.5.1.tgz
- snapdragon-0.8.1.tgz
- braces-2.3.0.tgz
- chokidar-2.0.2.tgz
- webpack-dev-server-2.11.1.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below.
Publish Date: 2018-05-29
URL: CVE-2018-3745
CVSS 3 Score Details (9.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Change files
Origin: RetireJS/retire.js@6a71696
Release Date: 2018-05-09
Fix Resolution: Replace or update the following file: npmrepository.json
Step up your Open Source Security Game with WhiteSource here
CVE-2017-16028 (Medium) detected in randomatic-1.1.7.tgz
CVE-2017-16028 - Medium Severity Vulnerability
Vulnerable Library - randomatic-1.1.7.tgz
Generate randomized strings of a specified length, fast. Only the length is necessary, but you can optionally generate patterns using any combination of numeric, alpha-numeric, alphabetical, special or custom characters.
Library home page: https://registry.npmjs.org/randomatic/-/randomatic-1.1.7.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/randomatic/package.json
Dependency Hierarchy:
- cli-1.6.6.tgz (Root Library)
- webpack-dev-server-2.11.1.tgz
- http-proxy-middleware-0.17.4.tgz
- micromatch-2.3.11.tgz
- braces-1.8.5.tgz
- expand-range-1.8.2.tgz
- fill-range-2.2.3.tgz
- โ randomatic-1.1.7.tgz (Vulnerable Library)
- fill-range-2.2.3.tgz
- expand-range-1.8.2.tgz
- braces-1.8.5.tgz
- micromatch-2.3.11.tgz
- http-proxy-middleware-0.17.4.tgz
- webpack-dev-server-2.11.1.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).
Publish Date: 2018-06-04
URL: CVE-2017-16028
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/157
Release Date: 2017-04-14
Fix Resolution: Update to version 3.0.0 or later.
Step up your Open Source Security Game with WhiteSource here
WS-2019-0100 (Medium) detected in fstream-1.0.11.tgz
WS-2019-0100 - Medium Severity Vulnerability
Vulnerable Library - fstream-1.0.11.tgz
Advanced file system stream things
Library home page: https://registry.npmjs.org/fstream/-/fstream-1.0.11.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/fstream/package.json
Dependency Hierarchy:
- karma-1.7.1.tgz (Root Library)
- chokidar-1.7.0.tgz
- fsevents-1.1.3.tgz
- node-pre-gyp-0.6.39.tgz
- tar-2.2.1.tgz
- โ fstream-1.0.11.tgz (Vulnerable Library)
- tar-2.2.1.tgz
- node-pre-gyp-0.6.39.tgz
- fsevents-1.1.3.tgz
- chokidar-1.7.0.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
Versions of fstream prior to 1.0.12 are vulnerable to Arbitrary File Overwrite.
Publish Date: 2019-05-23
URL: WS-2019-0100
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/886
Release Date: 2019-05-23
Fix Resolution: 1.0.12
Step up your Open Source Security Game with WhiteSource here
CVE-2018-1000620 (High) detected in cryptiles-2.0.5.tgz
CVE-2018-1000620 - High Severity Vulnerability
Vulnerable Library - cryptiles-2.0.5.tgz
General purpose crypto utilities
Library home page: https://registry.npmjs.org/cryptiles/-/cryptiles-2.0.5.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/cryptiles/package.json
Dependency Hierarchy:
- karma-1.7.1.tgz (Root Library)
- chokidar-1.7.0.tgz
- fsevents-1.1.3.tgz
- node-pre-gyp-0.6.39.tgz
- hawk-3.1.3.tgz
- โ cryptiles-2.0.5.tgz (Vulnerable Library)
- hawk-3.1.3.tgz
- node-pre-gyp-0.6.39.tgz
- fsevents-1.1.3.tgz
- chokidar-1.7.0.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.
Publish Date: 2018-07-09
URL: CVE-2018-1000620
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-1000620
Release Date: 2019-04-08
Fix Resolution: 4.1.2
Step up your Open Source Security Game with WhiteSource here
CVE-2019-8331 (Medium) detected in bootstrap-3.3.7.tgz
CVE-2019-8331 - Medium Severity Vulnerability
Vulnerable Library - bootstrap-3.3.7.tgz
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://registry.npmjs.org/bootstrap/-/bootstrap-3.3.7.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /followers-app/node_modules/bootstrap/package.json
Dependency Hierarchy:
- โ bootstrap-3.3.7.tgz (Vulnerable Library)
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Publish Date: 2019-02-20
URL: CVE-2019-8331
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: twbs/bootstrap#28236
Release Date: 2019-02-20
Fix Resolution: 3.4.1, 4.3.1
Step up your Open Source Security Game with WhiteSource here
CVE-2018-19797 (Medium) detected in node-sass-v4.12.0
CVE-2018-19797 - Medium Severity Vulnerability
Vulnerable Library - node-sassv4.12.0
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Library Source Files (121)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
- /followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cencode.c
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.cpp
- /followers-app/node_modules/node-sass/src/callback_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
- /followers-app/node_modules/node-sass/src/sass_types/list.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/json.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /followers-app/node_modules/node-sass/src/sass_types/string.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.h
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
- /followers-app/node_modules/node-sass/src/sass_types/factory.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /followers-app/node_modules/node-sass/src/sass_types/color.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.hpp
- /followers-app/node_modules/node-sass/src/sass_types/value.h
- /followers-app/node_modules/node-sass/src/libsass/src/units.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.hpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /followers-app/node_modules/node-sass/src/binding.cpp
- /followers-app/node_modules/node-sass/src/sass_types/list.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
- /followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/values.cpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /followers-app/node_modules/node-sass/src/sass_types/number.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/c99func.c
- /followers-app/node_modules/node-sass/src/libsass/src/node.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
- /followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /followers-app/node_modules/node-sass/src/sass_types/null.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
- /followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.hpp
- /followers-app/node_modules/node-sass/src/sass_types/map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/units.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
- /followers-app/node_modules/node-sass/src/sass_types/color.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.hpp
Vulnerability Details
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.
Publish Date: 2018-12-03
URL: CVE-2018-19797
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
CVE-2019-6283 (Medium) detected in node-sass-v4.12.0
CVE-2019-6283 - Medium Severity Vulnerability
Vulnerable Library - node-sassv4.12.0
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Library Source Files (121)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
- /followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cencode.c
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.cpp
- /followers-app/node_modules/node-sass/src/callback_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
- /followers-app/node_modules/node-sass/src/sass_types/list.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/json.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /followers-app/node_modules/node-sass/src/sass_types/string.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.h
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
- /followers-app/node_modules/node-sass/src/sass_types/factory.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /followers-app/node_modules/node-sass/src/sass_types/color.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.hpp
- /followers-app/node_modules/node-sass/src/sass_types/value.h
- /followers-app/node_modules/node-sass/src/libsass/src/units.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.hpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /followers-app/node_modules/node-sass/src/binding.cpp
- /followers-app/node_modules/node-sass/src/sass_types/list.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
- /followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/values.cpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /followers-app/node_modules/node-sass/src/sass_types/number.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/c99func.c
- /followers-app/node_modules/node-sass/src/libsass/src/node.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
- /followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /followers-app/node_modules/node-sass/src/sass_types/null.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
- /followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.hpp
- /followers-app/node_modules/node-sass/src/sass_types/map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/units.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
- /followers-app/node_modules/node-sass/src/sass_types/color.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.hpp
Vulnerability Details
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.
Publish Date: 2019-01-14
URL: CVE-2019-6283
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
WS-2018-0084 (High) detected in sshpk-1.13.0.tgz, sshpk-1.13.1.tgz
WS-2018-0084 - High Severity Vulnerability
Vulnerable Libraries - sshpk-1.13.0.tgz, sshpk-1.13.1.tgz
sshpk-1.13.0.tgz
A library for finding and using SSH public keys
Library home page: https://registry.npmjs.org/sshpk/-/sshpk-1.13.0.tgz
Dependency Hierarchy:
- karma-1.7.1.tgz (Root Library)
- chokidar-1.7.0.tgz
- fsevents-1.1.3.tgz
- node-pre-gyp-0.6.39.tgz
- request-2.81.0.tgz
- http-signature-1.1.1.tgz
- โ sshpk-1.13.0.tgz (Vulnerable Library)
- http-signature-1.1.1.tgz
- request-2.81.0.tgz
- node-pre-gyp-0.6.39.tgz
- fsevents-1.1.3.tgz
- chokidar-1.7.0.tgz
sshpk-1.13.1.tgz
A library for finding and using SSH public keys
Library home page: https://registry.npmjs.org/sshpk/-/sshpk-1.13.1.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/sshpk/package.json
Dependency Hierarchy:
- cli-1.6.6.tgz (Root Library)
- less-2.7.3.tgz
- request-2.81.0.tgz
- http-signature-1.1.1.tgz
- โ sshpk-1.13.1.tgz (Vulnerable Library)
- http-signature-1.1.1.tgz
- request-2.81.0.tgz
- less-2.7.3.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
Versions of sshpk before 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys.
Publish Date: 2018-04-25
URL: WS-2018-0084
Suggested Fix
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/606
Release Date: 2018-01-27
Fix Resolution: 1.14.1
Step up your Open Source Security Game with WhiteSource here
WS-2019-0063 (High) detected in js-yaml-3.7.0.tgz
WS-2019-0063 - High Severity Vulnerability
Vulnerable Library - js-yaml-3.7.0.tgz
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.7.0.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/js-yaml/package.json
Dependency Hierarchy:
- karma-coverage-istanbul-reporter-1.4.1.tgz (Root Library)
- istanbul-api-1.2.2.tgz
- โ js-yaml-3.7.0.tgz (Vulnerable Library)
- istanbul-api-1.2.2.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
Js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file.
Publish Date: 2019-04-30
URL: WS-2019-0063
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/813
Release Date: 2019-04-30
Fix Resolution: 3.13.1
Step up your Open Source Security Game with WhiteSource here
CVE-2017-16137 (Medium) detected in multiple libraries
CVE-2017-16137 - Medium Severity Vulnerability
Vulnerable Libraries - debug-2.6.8.tgz, debug-2.3.3.tgz, debug-2.2.0.tgz
debug-2.6.8.tgz
small debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-2.6.8.tgz
Dependency Hierarchy:
- karma-1.7.1.tgz (Root Library)
- chokidar-1.7.0.tgz
- fsevents-1.1.3.tgz
- node-pre-gyp-0.6.39.tgz
- tar-pack-3.4.0.tgz
- โ debug-2.6.8.tgz (Vulnerable Library)
- tar-pack-3.4.0.tgz
- node-pre-gyp-0.6.39.tgz
- fsevents-1.1.3.tgz
- chokidar-1.7.0.tgz
debug-2.3.3.tgz
small debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-2.3.3.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/engine.io-client/node_modules/debug/package.json
Dependency Hierarchy:
- karma-1.7.1.tgz (Root Library)
- socket.io-1.7.3.tgz
- engine.io-1.8.3.tgz
- โ debug-2.3.3.tgz (Vulnerable Library)
- engine.io-1.8.3.tgz
- socket.io-1.7.3.tgz
debug-2.2.0.tgz
small debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-2.2.0.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/socket.io-parser/node_modules/debug/package.json
Dependency Hierarchy:
- karma-1.7.1.tgz (Root Library)
- socket.io-1.7.3.tgz
- socket.io-parser-2.3.1.tgz
- โ debug-2.2.0.tgz (Vulnerable Library)
- socket.io-parser-2.3.1.tgz
- socket.io-1.7.3.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.
Publish Date: 2018-06-07
URL: CVE-2017-16137
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
Suggested Fix
Type: Change files
Origin: debug-js/debug@42a6ae0
Release Date: 2017-09-21
Fix Resolution: Replace or update the following file: node.js
Step up your Open Source Security Game with WhiteSource here
WS-2019-0019 (Medium) detected in multiple libraries
WS-2019-0019 - Medium Severity Vulnerability
Vulnerable Libraries - braces-1.8.5.tgz, braces-0.1.5.tgz, braces-2.3.0.tgz
braces-1.8.5.tgz
Fastest brace expansion for node.js, with the most complete support for the Bash 4.3 braces specification.
Library home page: https://registry.npmjs.org/braces/-/braces-1.8.5.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/braces/package.json
Dependency Hierarchy:
- cli-1.6.6.tgz (Root Library)
- webpack-dev-server-2.11.1.tgz
- http-proxy-middleware-0.17.4.tgz
- micromatch-2.3.11.tgz
- โ braces-1.8.5.tgz (Vulnerable Library)
- micromatch-2.3.11.tgz
- http-proxy-middleware-0.17.4.tgz
- webpack-dev-server-2.11.1.tgz
braces-0.1.5.tgz
Fastest brace expansion lib. Typically used with file paths, but can be used with any string. Expands comma-separated values (e.g. `foo/{a,b,c}/bar`) and alphabetical or numerical ranges (e.g. `{1..9}`)
Library home page: https://registry.npmjs.org/braces/-/braces-0.1.5.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/expand-braces/node_modules/braces/package.json
Dependency Hierarchy:
- karma-1.7.1.tgz (Root Library)
- expand-braces-0.1.2.tgz
- โ braces-0.1.5.tgz (Vulnerable Library)
- expand-braces-0.1.2.tgz
braces-2.3.0.tgz
Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support for the Bash 4.3 braces specification, without sacrificing speed.
Library home page: https://registry.npmjs.org/braces/-/braces-2.3.0.tgz
Path to dependency file: /followers-app/package.json
Path to vulnerable library: /tmp/git/followers-app/node_modules/webpack-dev-server/node_modules/braces/package.json
Dependency Hierarchy:
- cli-1.6.6.tgz (Root Library)
- webpack-dev-server-2.11.1.tgz
- chokidar-2.0.2.tgz
- โ braces-2.3.0.tgz (Vulnerable Library)
- chokidar-2.0.2.tgz
- webpack-dev-server-2.11.1.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
Version of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.
Publish Date: 2019-03-25
URL: WS-2019-0019
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/786
Release Date: 2019-02-21
Fix Resolution: 2.3.1
Step up your Open Source Security Game with WhiteSource here
CVE-2018-19827 (High) detected in node-sass-v4.12.0
CVE-2018-19827 - High Severity Vulnerability
Vulnerable Library - node-sassv4.12.0
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Library Source Files (121)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
- /followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cencode.c
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.cpp
- /followers-app/node_modules/node-sass/src/callback_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
- /followers-app/node_modules/node-sass/src/sass_types/list.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/json.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /followers-app/node_modules/node-sass/src/sass_types/string.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.h
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
- /followers-app/node_modules/node-sass/src/sass_types/factory.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /followers-app/node_modules/node-sass/src/sass_types/color.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.hpp
- /followers-app/node_modules/node-sass/src/sass_types/value.h
- /followers-app/node_modules/node-sass/src/libsass/src/units.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.hpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /followers-app/node_modules/node-sass/src/binding.cpp
- /followers-app/node_modules/node-sass/src/sass_types/list.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
- /followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/values.cpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /followers-app/node_modules/node-sass/src/sass_types/number.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/c99func.c
- /followers-app/node_modules/node-sass/src/libsass/src/node.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
- /followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /followers-app/node_modules/node-sass/src/sass_types/null.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
- /followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.hpp
- /followers-app/node_modules/node-sass/src/sass_types/map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/units.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
- /followers-app/node_modules/node-sass/src/sass_types/color.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.hpp
Vulnerability Details
In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-12-03
URL: CVE-2018-19827
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
CVE-2018-3750 (High) detected in deep-extend-0.4.2.tgz
CVE-2018-3750 - High Severity Vulnerability
Vulnerable Library - deep-extend-0.4.2.tgz
Recursive object extending
Library home page: https://registry.npmjs.org/deep-extend/-/deep-extend-0.4.2.tgz
Dependency Hierarchy:
- karma-1.7.1.tgz (Root Library)
- chokidar-1.7.0.tgz
- fsevents-1.1.3.tgz
- node-pre-gyp-0.6.39.tgz
- rc-1.2.1.tgz
- โ deep-extend-0.4.2.tgz (Vulnerable Library)
- rc-1.2.1.tgz
- node-pre-gyp-0.6.39.tgz
- fsevents-1.1.3.tgz
- chokidar-1.7.0.tgz
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Vulnerability Details
The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
Publish Date: 2018-07-03
URL: CVE-2018-3750
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Change files
Origin: RetireJS/retire.js@6a71696
Release Date: 2018-05-09
Fix Resolution: Replace or update the following file: npmrepository.json
Step up your Open Source Security Game with WhiteSource here
CVE-2018-11693 (High) detected in node-sass-v4.12.0
CVE-2018-11693 - High Severity Vulnerability
Vulnerable Library - node-sassv4.12.0
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632
Library Source Files (121)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/output.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
- /followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cencode.c
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.cpp
- /followers-app/node_modules/node-sass/src/callback_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
- /followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
- /followers-app/node_modules/node-sass/src/sass_types/list.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/json.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
- /followers-app/node_modules/node-sass/src/sass_types/string.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.h
- /followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
- /followers-app/node_modules/node-sass/src/sass_types/factory.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
- /followers-app/node_modules/node-sass/src/sass_types/color.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
- /followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.hpp
- /followers-app/node_modules/node-sass/src/sass_types/value.h
- /followers-app/node_modules/node-sass/src/libsass/src/units.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/position.hpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/node.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
- /followers-app/node_modules/node-sass/src/binding.cpp
- /followers-app/node_modules/node-sass/src/sass_types/list.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
- /followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
- /followers-app/node_modules/node-sass/src/custom_importer_bridge.h
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
- /followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/values.cpp
- /followers-app/node_modules/node-sass/src/sass_context_wrapper.h
- /followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
- /followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
- /followers-app/node_modules/node-sass/src/sass_types/number.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/c99func.c
- /followers-app/node_modules/node-sass/src/libsass/src/node.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
- /followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
- /followers-app/node_modules/node-sass/src/sass_types/null.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/context.cpp
- /followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
- /followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
- /followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/util.hpp
- /followers-app/node_modules/node-sass/src/sass_types/map.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/file.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/units.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
- /followers-app/node_modules/node-sass/src/sass_types/color.h
- /followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
- /followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
- /followers-app/node_modules/node-sass/src/libsass/src/parser.hpp
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11693
CVSS 3 Score Details (8.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.