ilkeraltin / followers-app Goto Github PK

View Code? Open in Web Editor NEW

1.0 1.0 0.0 864 KB

TypeScript 73.22% JavaScript 11.14% HTML 14.50% CSS 1.14%

followers-app's People

Contributors

Stargazers

Watchers

followers-app's Issues

CVE-2018-19826 (Medium) detected in node-sass-v4.12.0

CVE-2018-19826 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Library Source Files (121)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
/followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cencode.c
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/followers-app/node_modules/node-sass/src/libsass/src/file.cpp
/followers-app/node_modules/node-sass/src/callback_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
/followers-app/node_modules/node-sass/src/sass_types/list.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/json.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
/followers-app/node_modules/node-sass/src/sass_types/string.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.h
/followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
/followers-app/node_modules/node-sass/src/sass_types/factory.cpp
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
/followers-app/node_modules/node-sass/src/sass_types/color.cpp
/followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
/followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
/followers-app/node_modules/node-sass/src/libsass/src/context.hpp
/followers-app/node_modules/node-sass/src/sass_types/value.h
/followers-app/node_modules/node-sass/src/libsass/src/units.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.hpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
/followers-app/node_modules/node-sass/src/libsass/src/node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/followers-app/node_modules/node-sass/src/binding.cpp
/followers-app/node_modules/node-sass/src/sass_types/list.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
/followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
/followers-app/node_modules/node-sass/src/libsass/src/values.cpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
/followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
/followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/followers-app/node_modules/node-sass/src/sass_types/number.cpp
/followers-app/node_modules/node-sass/src/libsass/src/c99func.c
/followers-app/node_modules/node-sass/src/libsass/src/node.hpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
/followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/followers-app/node_modules/node-sass/src/sass_types/null.cpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
/followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
/followers-app/node_modules/node-sass/src/libsass/src/context.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
/followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
/followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
/followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.hpp
/followers-app/node_modules/node-sass/src/sass_types/map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/file.hpp
/followers-app/node_modules/node-sass/src/libsass/src/units.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
/followers-app/node_modules/node-sass/src/sass_types/color.h
/followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.hpp

Vulnerability Details

** DISPUTED ** In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. NOTE: Upstream comments indicate this issue is closed as "won't fix" and "works as intended" by design.

Publish Date: 2018-12-03

URL: CVE-2018-19826

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

WS-2019-0017 (Medium) detected in clean-css-4.1.9.tgz

WS-2019-0017 - Medium Severity Vulnerability

Vulnerable Library - clean-css-4.1.9.tgz

A well-tested CSS minifier

Library home page: https://registry.npmjs.org/clean-css/-/clean-css-4.1.9.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/clean-css/package.json

Dependency Hierarchy:

cli-1.6.6.tgz (Root Library)
- html-webpack-plugin-2.30.1.tgz
  - html-minifier-3.5.9.tgz
    - ❌ clean-css-4.1.9.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

Version of clean-css prior to 4.1.11 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.

Publish Date: 2019-02-21

URL: WS-2019-0017

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/785

Release Date: 2019-02-21

Fix Resolution: v4.1.11

Step up your Open Source Security Game with WhiteSource here

WS-2019-0064 (High) detected in handlebars-4.0.11.tgz

WS-2019-0064 - High Severity Vulnerability

Vulnerable Library - handlebars-4.0.11.tgz

Handlebars provides the power necessary to let you build semantic templates effectively with no frustration

Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.0.11.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/handlebars/package.json

Dependency Hierarchy:

karma-coverage-istanbul-reporter-1.4.1.tgz (Root Library)
- istanbul-api-1.2.2.tgz
  - istanbul-reports-1.1.4.tgz
    - ❌ handlebars-4.0.11.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.

Publish Date: 2019-04-30

URL: WS-2019-0064

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/755/versions

Release Date: 2019-04-30

Fix Resolution: 1.0.6-2,4.0.14,4.1.2

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20821 (Medium) detected in node-sass-v4.12.0

CVE-2018-20821 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Library Source Files (121)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
/followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cencode.c
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/followers-app/node_modules/node-sass/src/libsass/src/file.cpp
/followers-app/node_modules/node-sass/src/callback_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
/followers-app/node_modules/node-sass/src/sass_types/list.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/json.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
/followers-app/node_modules/node-sass/src/sass_types/string.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.h
/followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
/followers-app/node_modules/node-sass/src/sass_types/factory.cpp
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
/followers-app/node_modules/node-sass/src/sass_types/color.cpp
/followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
/followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
/followers-app/node_modules/node-sass/src/libsass/src/context.hpp
/followers-app/node_modules/node-sass/src/sass_types/value.h
/followers-app/node_modules/node-sass/src/libsass/src/units.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.hpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
/followers-app/node_modules/node-sass/src/libsass/src/node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/followers-app/node_modules/node-sass/src/binding.cpp
/followers-app/node_modules/node-sass/src/sass_types/list.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
/followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
/followers-app/node_modules/node-sass/src/libsass/src/values.cpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
/followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
/followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/followers-app/node_modules/node-sass/src/sass_types/number.cpp
/followers-app/node_modules/node-sass/src/libsass/src/c99func.c
/followers-app/node_modules/node-sass/src/libsass/src/node.hpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
/followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/followers-app/node_modules/node-sass/src/sass_types/null.cpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
/followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
/followers-app/node_modules/node-sass/src/libsass/src/context.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
/followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
/followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
/followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.hpp
/followers-app/node_modules/node-sass/src/sass_types/map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/file.hpp
/followers-app/node_modules/node-sass/src/libsass/src/units.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
/followers-app/node_modules/node-sass/src/sass_types/color.h
/followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.hpp

Vulnerability Details

The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20821

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

WS-2018-0021 (Medium) detected in bootstrap-3.3.7.tgz

WS-2018-0021 - Medium Severity Vulnerability

Vulnerable Library - bootstrap-3.3.7.tgz

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://registry.npmjs.org/bootstrap/-/bootstrap-3.3.7.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /followers-app/node_modules/bootstrap/package.json

Dependency Hierarchy:

❌ bootstrap-3.3.7.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

XSS in data-target in bootstrap (3.3.7 and before)

Publish Date: 2017-06-27

URL: WS-2018-0021

CVSS 2 Score Details (6.5)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: twbs/bootstrap@d9be1da

Release Date: 2017-08-25

Fix Resolution: Replace or update the following files: alert.js, carousel.js, collapse.js, dropdown.js, modal.js

Step up your Open Source Security Game with WhiteSource here

CVE-2018-16487 (High) detected in lodash-4.17.5.tgz, lodash-3.10.1.tgz

CVE-2018-16487 - High Severity Vulnerability

Vulnerable Libraries - lodash-4.17.5.tgz, lodash-3.10.1.tgz

lodash-4.17.5.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.5.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/lodash/package.json

Dependency Hierarchy:

cli-1.6.6.tgz (Root Library)
- ❌ lodash-4.17.5.tgz (Vulnerable Library)

lodash-3.10.1.tgz

The modern build of lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/karma/node_modules/lodash/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- ❌ lodash-3.10.1.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.

Publish Date: 2019-02-01

URL: CVE-2018-16487

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16487

Release Date: 2019-02-01

Fix Resolution: 4.17.11

Step up your Open Source Security Game with WhiteSource here

CVE-2018-3739 (High) detected in https-proxy-agent-1.0.0.tgz

CVE-2018-3739 - High Severity Vulnerability

Vulnerable Library - https-proxy-agent-1.0.0.tgz

An HTTP(s) proxy `http.Agent` implementation for HTTPS

Library home page: https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-1.0.0.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/https-proxy-agent/package.json

Dependency Hierarchy:

protractor-5.1.2.tgz (Root Library)
- saucelabs-1.3.0.tgz
  - ❌ https-proxy-agent-1.0.0.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).

Publish Date: 2018-06-07

URL: CVE-2018-3739

CVSS 3 Score Details (9.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3739

Release Date: 2018-06-07

Fix Resolution: 2.1.1

Step up your Open Source Security Game with WhiteSource here

CVE-2017-15010 (High) detected in tough-cookie-2.3.2.tgz

CVE-2017-15010 - High Severity Vulnerability

Vulnerable Library - tough-cookie-2.3.2.tgz

RFC6265 Cookies and Cookie Jar for node.js

Library home page: https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.3.2.tgz

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- chokidar-1.7.0.tgz
  - fsevents-1.1.3.tgz
    - node-pre-gyp-0.6.39.tgz
      - request-2.81.0.tgz
        
        ❌ tough-cookie-2.3.2.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.

Publish Date: 2017-10-04

URL: CVE-2017-15010

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-15010

Release Date: 2017-10-04

Fix Resolution: 2.3.3

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11696 (High) detected in node-sass-v4.12.0

CVE-2018-11696 - High Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Library Source Files (121)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
/followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cencode.c
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/followers-app/node_modules/node-sass/src/libsass/src/file.cpp
/followers-app/node_modules/node-sass/src/callback_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
/followers-app/node_modules/node-sass/src/sass_types/list.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/json.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
/followers-app/node_modules/node-sass/src/sass_types/string.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.h
/followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
/followers-app/node_modules/node-sass/src/sass_types/factory.cpp
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
/followers-app/node_modules/node-sass/src/sass_types/color.cpp
/followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
/followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
/followers-app/node_modules/node-sass/src/libsass/src/context.hpp
/followers-app/node_modules/node-sass/src/sass_types/value.h
/followers-app/node_modules/node-sass/src/libsass/src/units.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.hpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
/followers-app/node_modules/node-sass/src/libsass/src/node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/followers-app/node_modules/node-sass/src/binding.cpp
/followers-app/node_modules/node-sass/src/sass_types/list.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
/followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
/followers-app/node_modules/node-sass/src/libsass/src/values.cpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
/followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
/followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/followers-app/node_modules/node-sass/src/sass_types/number.cpp
/followers-app/node_modules/node-sass/src/libsass/src/c99func.c
/followers-app/node_modules/node-sass/src/libsass/src/node.hpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
/followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/followers-app/node_modules/node-sass/src/sass_types/null.cpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
/followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
/followers-app/node_modules/node-sass/src/libsass/src/context.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
/followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
/followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
/followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.hpp
/followers-app/node_modules/node-sass/src/sass_types/map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/file.hpp
/followers-app/node_modules/node-sass/src/libsass/src/units.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
/followers-app/node_modules/node-sass/src/sass_types/color.h
/followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11696

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19838 (Medium) detected in node-sass-v4.12.0

CVE-2018-19838 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Library Source Files (121)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
/followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cencode.c
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/followers-app/node_modules/node-sass/src/libsass/src/file.cpp
/followers-app/node_modules/node-sass/src/callback_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
/followers-app/node_modules/node-sass/src/sass_types/list.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/json.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
/followers-app/node_modules/node-sass/src/sass_types/string.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.h
/followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
/followers-app/node_modules/node-sass/src/sass_types/factory.cpp
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
/followers-app/node_modules/node-sass/src/sass_types/color.cpp
/followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
/followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
/followers-app/node_modules/node-sass/src/libsass/src/context.hpp
/followers-app/node_modules/node-sass/src/sass_types/value.h
/followers-app/node_modules/node-sass/src/libsass/src/units.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.hpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
/followers-app/node_modules/node-sass/src/libsass/src/node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/followers-app/node_modules/node-sass/src/binding.cpp
/followers-app/node_modules/node-sass/src/sass_types/list.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
/followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
/followers-app/node_modules/node-sass/src/libsass/src/values.cpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
/followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
/followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/followers-app/node_modules/node-sass/src/sass_types/number.cpp
/followers-app/node_modules/node-sass/src/libsass/src/c99func.c
/followers-app/node_modules/node-sass/src/libsass/src/node.hpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
/followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/followers-app/node_modules/node-sass/src/sass_types/null.cpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
/followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
/followers-app/node_modules/node-sass/src/libsass/src/context.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
/followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
/followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
/followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.hpp
/followers-app/node_modules/node-sass/src/sass_types/map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/file.hpp
/followers-app/node_modules/node-sass/src/libsass/src/units.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
/followers-app/node_modules/node-sass/src/sass_types/color.h
/followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.hpp

Vulnerability Details

In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().

Publish Date: 2018-12-04

URL: CVE-2018-19838

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19838

Fix Resolution: 3.5.5

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19839 (Medium) detected in openalpr-v2.3.0

CVE-2018-19839 - Medium Severity Vulnerability

Vulnerable Library - openalprv2.3.0

Automatic License Plate Recognition library

Library home page: https://github.com/openalpr/openalpr.git

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Library Source Files (3)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/followers-app/node_modules/node-sass/src/libsass/src/utf8/core.h
/followers-app/node_modules/node-sass/src/libsass/src/utf8/checked.h
/followers-app/node_modules/node-sass/src/libsass/src/utf8/unchecked.h

Vulnerability Details

In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.

Publish Date: 2018-12-04

URL: CVE-2018-19839

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19839

Fix Resolution: 3.5.5

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11695 (High) detected in node-sass-v4.12.0

CVE-2018-11695 - High Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Library Source Files (121)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
/followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cencode.c
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/followers-app/node_modules/node-sass/src/libsass/src/file.cpp
/followers-app/node_modules/node-sass/src/callback_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
/followers-app/node_modules/node-sass/src/sass_types/list.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/json.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
/followers-app/node_modules/node-sass/src/sass_types/string.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.h
/followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
/followers-app/node_modules/node-sass/src/sass_types/factory.cpp
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
/followers-app/node_modules/node-sass/src/sass_types/color.cpp
/followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
/followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
/followers-app/node_modules/node-sass/src/libsass/src/context.hpp
/followers-app/node_modules/node-sass/src/sass_types/value.h
/followers-app/node_modules/node-sass/src/libsass/src/units.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.hpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
/followers-app/node_modules/node-sass/src/libsass/src/node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/followers-app/node_modules/node-sass/src/binding.cpp
/followers-app/node_modules/node-sass/src/sass_types/list.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
/followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
/followers-app/node_modules/node-sass/src/libsass/src/values.cpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
/followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
/followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/followers-app/node_modules/node-sass/src/sass_types/number.cpp
/followers-app/node_modules/node-sass/src/libsass/src/c99func.c
/followers-app/node_modules/node-sass/src/libsass/src/node.hpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
/followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/followers-app/node_modules/node-sass/src/sass_types/null.cpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
/followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
/followers-app/node_modules/node-sass/src/libsass/src/context.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
/followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
/followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
/followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.hpp
/followers-app/node_modules/node-sass/src/sass_types/map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/file.hpp
/followers-app/node_modules/node-sass/src/libsass/src/units.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
/followers-app/node_modules/node-sass/src/sass_types/color.h
/followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11695

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

WS-2018-0103 (Medium) detected in stringstream-0.0.5.tgz

WS-2018-0103 - Medium Severity Vulnerability

Vulnerable Library - stringstream-0.0.5.tgz

Encode and decode streams into string streams

Library home page: https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/stringstream/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- chokidar-1.7.0.tgz
  - fsevents-1.1.3.tgz
    - node-pre-gyp-0.6.39.tgz
      - request-2.81.0.tgz
        
        ❌ stringstream-0.0.5.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

All versions of stringstream are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below.

Publish Date: 2018-05-16

URL: WS-2018-0103

CVSS 2 Score Details (5.2)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

CVE-2018-13797 (High) detected in macaddress-0.2.8.tgz

CVE-2018-13797 - High Severity Vulnerability

Vulnerable Library - macaddress-0.2.8.tgz

Get the MAC addresses (hardware addresses) of the hosts network interfaces.

Library home page: https://registry.npmjs.org/macaddress/-/macaddress-0.2.8.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/macaddress/package.json

Dependency Hierarchy:

cli-1.6.6.tgz (Root Library)
- cssnano-3.10.0.tgz
  - postcss-filter-plugins-2.0.2.tgz
    - uniqid-4.1.1.tgz
      - ❌ macaddress-0.2.8.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.

Publish Date: 2018-07-10

URL: CVE-2018-13797

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-13797

Release Date: 2018-07-10

Fix Resolution: 0.2.9

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11694 (High) detected in node-sass-v4.12.0

CVE-2018-11694 - High Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Library Source Files (121)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
/followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cencode.c
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/followers-app/node_modules/node-sass/src/libsass/src/file.cpp
/followers-app/node_modules/node-sass/src/callback_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
/followers-app/node_modules/node-sass/src/sass_types/list.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/json.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
/followers-app/node_modules/node-sass/src/sass_types/string.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.h
/followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
/followers-app/node_modules/node-sass/src/sass_types/factory.cpp
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
/followers-app/node_modules/node-sass/src/sass_types/color.cpp
/followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
/followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
/followers-app/node_modules/node-sass/src/libsass/src/context.hpp
/followers-app/node_modules/node-sass/src/sass_types/value.h
/followers-app/node_modules/node-sass/src/libsass/src/units.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.hpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
/followers-app/node_modules/node-sass/src/libsass/src/node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/followers-app/node_modules/node-sass/src/binding.cpp
/followers-app/node_modules/node-sass/src/sass_types/list.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
/followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
/followers-app/node_modules/node-sass/src/libsass/src/values.cpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
/followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
/followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/followers-app/node_modules/node-sass/src/sass_types/number.cpp
/followers-app/node_modules/node-sass/src/libsass/src/c99func.c
/followers-app/node_modules/node-sass/src/libsass/src/node.hpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
/followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/followers-app/node_modules/node-sass/src/sass_types/null.cpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
/followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
/followers-app/node_modules/node-sass/src/libsass/src/context.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
/followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
/followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
/followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.hpp
/followers-app/node_modules/node-sass/src/sass_types/map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/file.hpp
/followers-app/node_modules/node-sass/src/libsass/src/units.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
/followers-app/node_modules/node-sass/src/sass_types/color.h
/followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11694

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

WS-2018-0072 (High) detected in https-proxy-agent-1.0.0.tgz

WS-2018-0072 - High Severity Vulnerability

Vulnerable Library - https-proxy-agent-1.0.0.tgz

An HTTP(s) proxy `http.Agent` implementation for HTTPS

Library home page: https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-1.0.0.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/https-proxy-agent/package.json

Dependency Hierarchy:

protractor-5.1.2.tgz (Root Library)
- saucelabs-1.3.0.tgz
  - ❌ https-proxy-agent-1.0.0.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

Versions of https-proxy-agent before 2.2.0 are vulnerable to a denial of service. This is due to unsanitized options (proxy.auth) being passed to Buffer().

Publish Date: 2018-04-25

URL: WS-2018-0072

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/593

Release Date: 2018-01-27

Fix Resolution: 2.2.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-14041 (Medium) detected in bootstrap-3.3.7.tgz

CVE-2018-14041 - Medium Severity Vulnerability

Vulnerable Library - bootstrap-3.3.7.tgz

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://registry.npmjs.org/bootstrap/-/bootstrap-3.3.7.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /followers-app/node_modules/bootstrap/package.json

Dependency Hierarchy:

❌ bootstrap-3.3.7.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.

Publish Date: 2018-07-13

URL: CVE-2018-14041

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: twbs/bootstrap@3229efc

Release Date: 2018-05-30

Fix Resolution: Replace or update the following file: scrollspy.js

Step up your Open Source Security Game with WhiteSource here

WS-2018-0113 (High) detected in macaddress-0.2.8.tgz

WS-2018-0113 - High Severity Vulnerability

Vulnerable Library - macaddress-0.2.8.tgz

Get the MAC addresses (hardware addresses) of the hosts network interfaces.

Library home page: https://registry.npmjs.org/macaddress/-/macaddress-0.2.8.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/macaddress/package.json

Dependency Hierarchy:

cli-1.6.6.tgz (Root Library)
- cssnano-3.10.0.tgz
  - postcss-filter-plugins-2.0.2.tgz
    - uniqid-4.1.1.tgz
      - ❌ macaddress-0.2.8.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

All versions of macaddress are vulnerable to command injection. For this vulnerability to be exploited an attacker needs to control the iface argument to the one method.

Publish Date: 2018-05-16

URL: WS-2018-0113

CVSS 2 Score Details (10.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/654

Release Date: 2018-05-16

Fix Resolution: No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is provided.

Step up your Open Source Security Game with WhiteSource here

WS-2019-0032 (Medium) detected in js-yaml-3.7.0.tgz

WS-2019-0032 - Medium Severity Vulnerability

Vulnerable Library - js-yaml-3.7.0.tgz

YAML 1.2 parser and serializer

Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.7.0.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/js-yaml/package.json

Dependency Hierarchy:

karma-coverage-istanbul-reporter-1.4.1.tgz (Root Library)
- istanbul-api-1.2.2.tgz
  - ❌ js-yaml-3.7.0.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

Versions js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

Publish Date: 2019-03-26

URL: WS-2019-0032

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/788/versions

Release Date: 2019-03-26

Fix Resolution: 3.13.0

Step up your Open Source Security Game with WhiteSource here

WS-2019-0047 (Medium) detected in tar-2.2.1.tgz

WS-2019-0047 - Medium Severity Vulnerability

Vulnerable Library - tar-2.2.1.tgz

tar for node

Library home page: https://registry.npmjs.org/tar/-/tar-2.2.1.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/tar/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- chokidar-1.7.0.tgz
  - fsevents-1.1.3.tgz
    - node-pre-gyp-0.6.39.tgz
      - ❌ tar-2.2.1.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

Versions of node-tar prior to 4.4.2 are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file.

Publish Date: 2019-04-05

URL: WS-2019-0047

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/803

Release Date: 2019-04-05

Fix Resolution: 4.4.2

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11697 (High) detected in node-sass-v4.12.0

CVE-2018-11697 - High Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Library Source Files (121)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
/followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cencode.c
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/followers-app/node_modules/node-sass/src/libsass/src/file.cpp
/followers-app/node_modules/node-sass/src/callback_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
/followers-app/node_modules/node-sass/src/sass_types/list.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/json.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
/followers-app/node_modules/node-sass/src/sass_types/string.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.h
/followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
/followers-app/node_modules/node-sass/src/sass_types/factory.cpp
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
/followers-app/node_modules/node-sass/src/sass_types/color.cpp
/followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
/followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
/followers-app/node_modules/node-sass/src/libsass/src/context.hpp
/followers-app/node_modules/node-sass/src/sass_types/value.h
/followers-app/node_modules/node-sass/src/libsass/src/units.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.hpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
/followers-app/node_modules/node-sass/src/libsass/src/node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/followers-app/node_modules/node-sass/src/binding.cpp
/followers-app/node_modules/node-sass/src/sass_types/list.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
/followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
/followers-app/node_modules/node-sass/src/libsass/src/values.cpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
/followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
/followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/followers-app/node_modules/node-sass/src/sass_types/number.cpp
/followers-app/node_modules/node-sass/src/libsass/src/c99func.c
/followers-app/node_modules/node-sass/src/libsass/src/node.hpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
/followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/followers-app/node_modules/node-sass/src/sass_types/null.cpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
/followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
/followers-app/node_modules/node-sass/src/libsass/src/context.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
/followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
/followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
/followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.hpp
/followers-app/node_modules/node-sass/src/sass_types/map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/file.hpp
/followers-app/node_modules/node-sass/src/libsass/src/units.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
/followers-app/node_modules/node-sass/src/sass_types/color.h
/followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11697

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11499 (High) detected in node-sass-v4.12.0

CVE-2018-11499 - High Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Library Source Files (121)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
/followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cencode.c
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/followers-app/node_modules/node-sass/src/libsass/src/file.cpp
/followers-app/node_modules/node-sass/src/callback_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
/followers-app/node_modules/node-sass/src/sass_types/list.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/json.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
/followers-app/node_modules/node-sass/src/sass_types/string.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.h
/followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
/followers-app/node_modules/node-sass/src/sass_types/factory.cpp
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
/followers-app/node_modules/node-sass/src/sass_types/color.cpp
/followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
/followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
/followers-app/node_modules/node-sass/src/libsass/src/context.hpp
/followers-app/node_modules/node-sass/src/sass_types/value.h
/followers-app/node_modules/node-sass/src/libsass/src/units.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.hpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
/followers-app/node_modules/node-sass/src/libsass/src/node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/followers-app/node_modules/node-sass/src/binding.cpp
/followers-app/node_modules/node-sass/src/sass_types/list.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
/followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
/followers-app/node_modules/node-sass/src/libsass/src/values.cpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
/followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
/followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/followers-app/node_modules/node-sass/src/sass_types/number.cpp
/followers-app/node_modules/node-sass/src/libsass/src/c99func.c
/followers-app/node_modules/node-sass/src/libsass/src/node.hpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
/followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/followers-app/node_modules/node-sass/src/sass_types/null.cpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
/followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
/followers-app/node_modules/node-sass/src/libsass/src/context.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
/followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
/followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
/followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.hpp
/followers-app/node_modules/node-sass/src/sass_types/map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/file.hpp
/followers-app/node_modules/node-sass/src/libsass/src/units.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
/followers-app/node_modules/node-sass/src/sass_types/color.h
/followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.hpp

Vulnerability Details

A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.

Publish Date: 2018-05-26

URL: CVE-2018-11499

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-3728 (High) detected in hoek-2.16.3.tgz

CVE-2018-3728 - High Severity Vulnerability

Vulnerable Library - hoek-2.16.3.tgz

General purpose node utilities

Library home page: https://registry.npmjs.org/hoek/-/hoek-2.16.3.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/hoek/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- chokidar-1.7.0.tgz
  - fsevents-1.1.3.tgz
    - node-pre-gyp-0.6.39.tgz
      - hawk-3.1.3.tgz
        
        sntp-1.0.9.tgz
        
        ❌ hoek-2.16.3.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.

Publish Date: 2018-03-30

URL: CVE-2018-3728

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: hapijs/hoek@623667e

Release Date: 2018-02-15

Fix Resolution: Replace or update the following files: index.js, index.js

Step up your Open Source Security Game with WhiteSource here

WS-2017-0421 (High) detected in ws-1.1.2.tgz

WS-2017-0421 - High Severity Vulnerability

Vulnerable Library - ws-1.1.2.tgz

simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455

Library home page: https://registry.npmjs.org/ws/-/ws-1.1.2.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/ws/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- socket.io-1.7.3.tgz
  - engine.io-1.8.3.tgz
    - ❌ ws-1.1.2.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

Affected version of ws (0.2.6--3.3.0) are vulnerable to A specially crafted value of the Sec-WebSocket-Extensions header that used Object.prototype property names as extension or parameter names could be used to make a ws server crash.

Publish Date: 2017-11-08

URL: WS-2017-0421

CVSS 2 Score Details (7.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/550/versions

Release Date: 2019-01-24

Fix Resolution: 3.3.1

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11698 (High) detected in node-sass-v4.12.0

CVE-2018-11698 - High Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Library Source Files (121)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
/followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cencode.c
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/followers-app/node_modules/node-sass/src/libsass/src/file.cpp
/followers-app/node_modules/node-sass/src/callback_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
/followers-app/node_modules/node-sass/src/sass_types/list.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/json.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
/followers-app/node_modules/node-sass/src/sass_types/string.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.h
/followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
/followers-app/node_modules/node-sass/src/sass_types/factory.cpp
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
/followers-app/node_modules/node-sass/src/sass_types/color.cpp
/followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
/followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
/followers-app/node_modules/node-sass/src/libsass/src/context.hpp
/followers-app/node_modules/node-sass/src/sass_types/value.h
/followers-app/node_modules/node-sass/src/libsass/src/units.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.hpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
/followers-app/node_modules/node-sass/src/libsass/src/node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/followers-app/node_modules/node-sass/src/binding.cpp
/followers-app/node_modules/node-sass/src/sass_types/list.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
/followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
/followers-app/node_modules/node-sass/src/libsass/src/values.cpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
/followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
/followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/followers-app/node_modules/node-sass/src/sass_types/number.cpp
/followers-app/node_modules/node-sass/src/libsass/src/c99func.c
/followers-app/node_modules/node-sass/src/libsass/src/node.hpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
/followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/followers-app/node_modules/node-sass/src/sass_types/null.cpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
/followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
/followers-app/node_modules/node-sass/src/libsass/src/context.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
/followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
/followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
/followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.hpp
/followers-app/node_modules/node-sass/src/sass_types/map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/file.hpp
/followers-app/node_modules/node-sass/src/libsass/src/units.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
/followers-app/node_modules/node-sass/src/sass_types/color.h
/followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11698

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-3721 (Medium) detected in lodash-3.10.1.tgz

CVE-2018-3721 - Medium Severity Vulnerability

Vulnerable Library - lodash-3.10.1.tgz

The modern build of lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/karma/node_modules/lodash/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- ❌ lodash-3.10.1.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.

Publish Date: 2018-06-07

URL: CVE-2018-3721

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-3721

Release Date: 2018-06-07

Fix Resolution: 4.17.5

Step up your Open Source Security Game with WhiteSource here

CVE-2018-14040 (Medium) detected in bootstrap-3.3.7.tgz

CVE-2018-14040 - Medium Severity Vulnerability

Vulnerable Library - bootstrap-3.3.7.tgz

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://registry.npmjs.org/bootstrap/-/bootstrap-3.3.7.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /followers-app/node_modules/bootstrap/package.json

Dependency Hierarchy:

❌ bootstrap-3.3.7.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

Publish Date: 2018-07-13

URL: CVE-2018-14040

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14040

Release Date: 2018-07-13

Fix Resolution: 4.1.2

Step up your Open Source Security Game with WhiteSource here

CVE-2017-16113 (High) detected in parsejson-0.0.3.tgz

CVE-2017-16113 - High Severity Vulnerability

Vulnerable Library - parsejson-0.0.3.tgz

Method that parses a JSON string and returns a JSON object

Library home page: https://registry.npmjs.org/parsejson/-/parsejson-0.0.3.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/parsejson/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- socket.io-1.7.3.tgz
  - socket.io-client-1.7.3.tgz
    - engine.io-client-1.8.3.tgz
      - ❌ parsejson-0.0.3.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.

Publish Date: 2018-06-07

URL: CVE-2017-16113

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19837 (Medium) detected in node-sass-v4.12.0

CVE-2018-19837 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Library Source Files (121)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
/followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cencode.c
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/followers-app/node_modules/node-sass/src/libsass/src/file.cpp
/followers-app/node_modules/node-sass/src/callback_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
/followers-app/node_modules/node-sass/src/sass_types/list.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/json.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
/followers-app/node_modules/node-sass/src/sass_types/string.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.h
/followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
/followers-app/node_modules/node-sass/src/sass_types/factory.cpp
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
/followers-app/node_modules/node-sass/src/sass_types/color.cpp
/followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
/followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
/followers-app/node_modules/node-sass/src/libsass/src/context.hpp
/followers-app/node_modules/node-sass/src/sass_types/value.h
/followers-app/node_modules/node-sass/src/libsass/src/units.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.hpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
/followers-app/node_modules/node-sass/src/libsass/src/node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/followers-app/node_modules/node-sass/src/binding.cpp
/followers-app/node_modules/node-sass/src/sass_types/list.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
/followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
/followers-app/node_modules/node-sass/src/libsass/src/values.cpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
/followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
/followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/followers-app/node_modules/node-sass/src/sass_types/number.cpp
/followers-app/node_modules/node-sass/src/libsass/src/c99func.c
/followers-app/node_modules/node-sass/src/libsass/src/node.hpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
/followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/followers-app/node_modules/node-sass/src/sass_types/null.cpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
/followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
/followers-app/node_modules/node-sass/src/libsass/src/context.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
/followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
/followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
/followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.hpp
/followers-app/node_modules/node-sass/src/sass_types/map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/file.hpp
/followers-app/node_modules/node-sass/src/libsass/src/units.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
/followers-app/node_modules/node-sass/src/sass_types/color.h
/followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.hpp

Vulnerability Details

In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp.

Publish Date: 2018-12-04

URL: CVE-2018-19837

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19837

Fix Resolution: 3.5.5

Step up your Open Source Security Game with WhiteSource here

CVE-2018-16492 (High) detected in extend-3.0.1.tgz

CVE-2018-16492 - High Severity Vulnerability

Vulnerable Library - extend-3.0.1.tgz

Port of jQuery.extend for node.js and the browser

Library home page: https://registry.npmjs.org/extend/-/extend-3.0.1.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/extend/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- dom-serialize-2.2.1.tgz
  - ❌ extend-3.0.1.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.

Publish Date: 2019-02-01

URL: CVE-2018-16492

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://hackerone.com/reports/381185

Release Date: 2019-02-01

Fix Resolution: v3.0.2,v2.0.2

Step up your Open Source Security Game with WhiteSource here

CVE-2018-1002204 (Medium) detected in adm-zip-0.4.7.tgz, adm-zip-0.4.4.tgz

CVE-2018-1002204 - Medium Severity Vulnerability

Vulnerable Libraries - adm-zip-0.4.7.tgz, adm-zip-0.4.4.tgz

adm-zip-0.4.7.tgz

A Javascript implementation of zip for nodejs. Allows user to create or extract zip files both in memory or to/from disk

Library home page: https://registry.npmjs.org/adm-zip/-/adm-zip-0.4.7.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/adm-zip/package.json

Dependency Hierarchy:

protractor-5.1.2.tgz (Root Library)
- webdriver-manager-12.0.6.tgz
  - ❌ adm-zip-0.4.7.tgz (Vulnerable Library)

adm-zip-0.4.4.tgz

A Javascript implementation of zip for nodejs. Allows user to create or extract zip files both in memory or to/from disk

Library home page: https://registry.npmjs.org/adm-zip/-/adm-zip-0.4.4.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/webdriver-js-extender/node_modules/adm-zip/package.json

Dependency Hierarchy:

protractor-5.1.2.tgz (Root Library)
- webdriver-js-extender-1.0.0.tgz
  - selenium-webdriver-2.53.3.tgz
    - ❌ adm-zip-0.4.4.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

Publish Date: 2018-07-25

URL: CVE-2018-1002204

CVSS 3 Score Details (5.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-1002204

Release Date: 2018-07-25

Fix Resolution: 0.4.9

Step up your Open Source Security Game with WhiteSource here

CVE-2018-3774 (High) detected in url-parse-1.0.5.tgz, url-parse-1.2.0.tgz

CVE-2018-3774 - High Severity Vulnerability

Vulnerable Libraries - url-parse-1.0.5.tgz, url-parse-1.2.0.tgz

url-parse-1.0.5.tgz

Small footprint URL parser that works seamlessly across Node.js and browser environments

Library home page: https://registry.npmjs.org/url-parse/-/url-parse-1.0.5.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/original/node_modules/url-parse/package.json

Dependency Hierarchy:

cli-1.6.6.tgz (Root Library)
- webpack-dev-server-2.11.1.tgz
  - sockjs-client-1.1.4.tgz
    - eventsource-0.1.6.tgz
      - original-1.0.0.tgz
        
        ❌ url-parse-1.0.5.tgz (Vulnerable Library)

url-parse-1.2.0.tgz

Small footprint URL parser that works seamlessly across Node.js and browser environments

Library home page: https://registry.npmjs.org/url-parse/-/url-parse-1.2.0.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/url-parse/package.json

Dependency Hierarchy:

cli-1.6.6.tgz (Root Library)
- webpack-dev-server-2.11.1.tgz
  - sockjs-client-1.1.4.tgz
    - ❌ url-parse-1.2.0.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

Publish Date: 2018-08-12

URL: CVE-2018-3774

CVSS 3 Score Details (10.0)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-3774

Release Date: 2018-08-12

Fix Resolution: 1.4.3

Step up your Open Source Security Game with WhiteSource here

WS-2017-0247 (Low) detected in ms-0.7.1.tgz, ms-0.7.2.tgz

WS-2017-0247 - Low Severity Vulnerability

Vulnerable Libraries - ms-0.7.1.tgz, ms-0.7.2.tgz

ms-0.7.1.tgz

Tiny ms conversion utility

Library home page: https://registry.npmjs.org/ms/-/ms-0.7.1.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/socket.io-parser/node_modules/ms/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- socket.io-1.7.3.tgz
  - socket.io-parser-2.3.1.tgz
    - debug-2.2.0.tgz
      - ❌ ms-0.7.1.tgz (Vulnerable Library)

ms-0.7.2.tgz

Tiny milisecond conversion utility

Library home page: https://registry.npmjs.org/ms/-/ms-0.7.2.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/engine.io-client/node_modules/ms/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- socket.io-1.7.3.tgz
  - engine.io-1.8.3.tgz
    - debug-2.3.3.tgz
      - ❌ ms-0.7.2.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS).

Publish Date: 2017-05-15

URL: WS-2017-0247

CVSS 2 Score Details (3.4)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: vercel/ms@305f2dd

Release Date: 2017-04-12

Fix Resolution: Replace or update the following file: index.js

Step up your Open Source Security Game with WhiteSource here

CVE-2018-14042 (Medium) detected in bootstrap-3.3.7.tgz

CVE-2018-14042 - Medium Severity Vulnerability

Vulnerable Library - bootstrap-3.3.7.tgz

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://registry.npmjs.org/bootstrap/-/bootstrap-3.3.7.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /followers-app/node_modules/bootstrap/package.json

Dependency Hierarchy:

❌ bootstrap-3.3.7.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

Publish Date: 2018-07-13

URL: CVE-2018-14042

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14042

Release Date: 2018-07-13

Fix Resolution: 4.1.2

Step up your Open Source Security Game with WhiteSource here

WS-2018-0076 (Medium) detected in tunnel-agent-0.4.3.tgz

WS-2018-0076 - Medium Severity Vulnerability

Vulnerable Library - tunnel-agent-0.4.3.tgz

HTTP proxy tunneling agent. Formerly part of mikeal/request, now a standalone module.

Library home page: https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.4.3.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/node-sass/node_modules/tunnel-agent/package.json

Dependency Hierarchy:

cli-1.6.6.tgz (Root Library)
- node-sass-4.7.2.tgz
  - request-2.79.0.tgz
    - ❌ tunnel-agent-0.4.3.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

Versions of tunnel-agent before 0.6.0 are vulnerable to memory exposure.

This is exploitable if user supplied input is provided to the auth value and is a number.

Publish Date: 2018-04-25

URL: WS-2018-0076

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/598

Release Date: 2018-01-27

Fix Resolution: 0.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20190 (Medium) detected in node-sass-v4.12.0

CVE-2018-20190 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Library Source Files (121)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
/followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cencode.c
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/followers-app/node_modules/node-sass/src/libsass/src/file.cpp
/followers-app/node_modules/node-sass/src/callback_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
/followers-app/node_modules/node-sass/src/sass_types/list.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/json.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
/followers-app/node_modules/node-sass/src/sass_types/string.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.h
/followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
/followers-app/node_modules/node-sass/src/sass_types/factory.cpp
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
/followers-app/node_modules/node-sass/src/sass_types/color.cpp
/followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
/followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
/followers-app/node_modules/node-sass/src/libsass/src/context.hpp
/followers-app/node_modules/node-sass/src/sass_types/value.h
/followers-app/node_modules/node-sass/src/libsass/src/units.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.hpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
/followers-app/node_modules/node-sass/src/libsass/src/node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/followers-app/node_modules/node-sass/src/binding.cpp
/followers-app/node_modules/node-sass/src/sass_types/list.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
/followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
/followers-app/node_modules/node-sass/src/libsass/src/values.cpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
/followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
/followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/followers-app/node_modules/node-sass/src/sass_types/number.cpp
/followers-app/node_modules/node-sass/src/libsass/src/c99func.c
/followers-app/node_modules/node-sass/src/libsass/src/node.hpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
/followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/followers-app/node_modules/node-sass/src/sass_types/null.cpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
/followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
/followers-app/node_modules/node-sass/src/libsass/src/context.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
/followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
/followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
/followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.hpp
/followers-app/node_modules/node-sass/src/sass_types/map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/file.hpp
/followers-app/node_modules/node-sass/src/libsass/src/units.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
/followers-app/node_modules/node-sass/src/sass_types/color.h
/followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.hpp

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-17

URL: CVE-2018-20190

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-3745 (High) detected in atob-2.0.3.tgz

CVE-2018-3745 - High Severity Vulnerability

Vulnerable Library - atob-2.0.3.tgz

atob for Node.JS and Linux / Mac / Windows CLI (it's a one-liner)

Library home page: https://registry.npmjs.org/atob/-/atob-2.0.3.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/atob/package.json

Dependency Hierarchy:

cli-1.6.6.tgz (Root Library)
- webpack-dev-server-2.11.1.tgz
  - chokidar-2.0.2.tgz
    - braces-2.3.0.tgz
      - snapdragon-0.8.1.tgz
        
        source-map-resolve-0.5.1.tgz
        
        ❌ atob-2.0.3.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below.

Publish Date: 2018-05-29

URL: CVE-2018-3745

CVSS 3 Score Details (9.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: RetireJS/retire.js@6a71696

Release Date: 2018-05-09

Fix Resolution: Replace or update the following file: npmrepository.json

Step up your Open Source Security Game with WhiteSource here

CVE-2017-16028 (Medium) detected in randomatic-1.1.7.tgz

CVE-2017-16028 - Medium Severity Vulnerability

Vulnerable Library - randomatic-1.1.7.tgz

Generate randomized strings of a specified length, fast. Only the length is necessary, but you can optionally generate patterns using any combination of numeric, alpha-numeric, alphabetical, special or custom characters.

Library home page: https://registry.npmjs.org/randomatic/-/randomatic-1.1.7.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/randomatic/package.json

Dependency Hierarchy:

cli-1.6.6.tgz (Root Library)
- webpack-dev-server-2.11.1.tgz
  - http-proxy-middleware-0.17.4.tgz
    - micromatch-2.3.11.tgz
      - braces-1.8.5.tgz
        
        expand-range-1.8.2.tgz
        
        fill-range-2.2.3.tgz
        
        ❌ randomatic-1.1.7.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).

Publish Date: 2018-06-04

URL: CVE-2017-16028

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/157

Release Date: 2017-04-14

Fix Resolution: Update to version 3.0.0 or later.

Step up your Open Source Security Game with WhiteSource here

WS-2019-0100 (Medium) detected in fstream-1.0.11.tgz

WS-2019-0100 - Medium Severity Vulnerability

Vulnerable Library - fstream-1.0.11.tgz

Advanced file system stream things

Library home page: https://registry.npmjs.org/fstream/-/fstream-1.0.11.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/fstream/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- chokidar-1.7.0.tgz
  - fsevents-1.1.3.tgz
    - node-pre-gyp-0.6.39.tgz
      - tar-2.2.1.tgz
        
        ❌ fstream-1.0.11.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

Versions of fstream prior to 1.0.12 are vulnerable to Arbitrary File Overwrite.

Publish Date: 2019-05-23

URL: WS-2019-0100

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/886

Release Date: 2019-05-23

Fix Resolution: 1.0.12

Step up your Open Source Security Game with WhiteSource here

CVE-2018-1000620 (High) detected in cryptiles-2.0.5.tgz

CVE-2018-1000620 - High Severity Vulnerability

Vulnerable Library - cryptiles-2.0.5.tgz

General purpose crypto utilities

Library home page: https://registry.npmjs.org/cryptiles/-/cryptiles-2.0.5.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/cryptiles/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- chokidar-1.7.0.tgz
  - fsevents-1.1.3.tgz
    - node-pre-gyp-0.6.39.tgz
      - hawk-3.1.3.tgz
        
        ❌ cryptiles-2.0.5.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.

Publish Date: 2018-07-09

URL: CVE-2018-1000620

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-1000620

Release Date: 2019-04-08

Fix Resolution: 4.1.2

Step up your Open Source Security Game with WhiteSource here

CVE-2019-8331 (Medium) detected in bootstrap-3.3.7.tgz

CVE-2019-8331 - Medium Severity Vulnerability

Vulnerable Library - bootstrap-3.3.7.tgz

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://registry.npmjs.org/bootstrap/-/bootstrap-3.3.7.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /followers-app/node_modules/bootstrap/package.json

Dependency Hierarchy:

❌ bootstrap-3.3.7.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

Publish Date: 2019-02-20

URL: CVE-2019-8331

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: twbs/bootstrap#28236

Release Date: 2019-02-20

Fix Resolution: 3.4.1, 4.3.1

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19797 (Medium) detected in node-sass-v4.12.0

CVE-2018-19797 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Library Source Files (121)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
/followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cencode.c
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/followers-app/node_modules/node-sass/src/libsass/src/file.cpp
/followers-app/node_modules/node-sass/src/callback_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
/followers-app/node_modules/node-sass/src/sass_types/list.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/json.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
/followers-app/node_modules/node-sass/src/sass_types/string.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.h
/followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
/followers-app/node_modules/node-sass/src/sass_types/factory.cpp
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
/followers-app/node_modules/node-sass/src/sass_types/color.cpp
/followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
/followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
/followers-app/node_modules/node-sass/src/libsass/src/context.hpp
/followers-app/node_modules/node-sass/src/sass_types/value.h
/followers-app/node_modules/node-sass/src/libsass/src/units.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.hpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
/followers-app/node_modules/node-sass/src/libsass/src/node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/followers-app/node_modules/node-sass/src/binding.cpp
/followers-app/node_modules/node-sass/src/sass_types/list.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
/followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
/followers-app/node_modules/node-sass/src/libsass/src/values.cpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
/followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
/followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/followers-app/node_modules/node-sass/src/sass_types/number.cpp
/followers-app/node_modules/node-sass/src/libsass/src/c99func.c
/followers-app/node_modules/node-sass/src/libsass/src/node.hpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
/followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/followers-app/node_modules/node-sass/src/sass_types/null.cpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
/followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
/followers-app/node_modules/node-sass/src/libsass/src/context.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
/followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
/followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
/followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.hpp
/followers-app/node_modules/node-sass/src/sass_types/map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/file.hpp
/followers-app/node_modules/node-sass/src/libsass/src/units.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
/followers-app/node_modules/node-sass/src/sass_types/color.h
/followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.hpp

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-03

URL: CVE-2018-19797

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6283 (Medium) detected in node-sass-v4.12.0

CVE-2019-6283 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Library Source Files (121)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
/followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cencode.c
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/followers-app/node_modules/node-sass/src/libsass/src/file.cpp
/followers-app/node_modules/node-sass/src/callback_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
/followers-app/node_modules/node-sass/src/sass_types/list.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/json.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
/followers-app/node_modules/node-sass/src/sass_types/string.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.h
/followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
/followers-app/node_modules/node-sass/src/sass_types/factory.cpp
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
/followers-app/node_modules/node-sass/src/sass_types/color.cpp
/followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
/followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
/followers-app/node_modules/node-sass/src/libsass/src/context.hpp
/followers-app/node_modules/node-sass/src/sass_types/value.h
/followers-app/node_modules/node-sass/src/libsass/src/units.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.hpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
/followers-app/node_modules/node-sass/src/libsass/src/node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/followers-app/node_modules/node-sass/src/binding.cpp
/followers-app/node_modules/node-sass/src/sass_types/list.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
/followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
/followers-app/node_modules/node-sass/src/libsass/src/values.cpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
/followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
/followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/followers-app/node_modules/node-sass/src/sass_types/number.cpp
/followers-app/node_modules/node-sass/src/libsass/src/c99func.c
/followers-app/node_modules/node-sass/src/libsass/src/node.hpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
/followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/followers-app/node_modules/node-sass/src/sass_types/null.cpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
/followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
/followers-app/node_modules/node-sass/src/libsass/src/context.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
/followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
/followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
/followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.hpp
/followers-app/node_modules/node-sass/src/sass_types/map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/file.hpp
/followers-app/node_modules/node-sass/src/libsass/src/units.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
/followers-app/node_modules/node-sass/src/sass_types/color.h
/followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.hpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6283

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

WS-2018-0084 (High) detected in sshpk-1.13.0.tgz, sshpk-1.13.1.tgz

WS-2018-0084 - High Severity Vulnerability

Vulnerable Libraries - sshpk-1.13.0.tgz, sshpk-1.13.1.tgz

sshpk-1.13.0.tgz

A library for finding and using SSH public keys

Library home page: https://registry.npmjs.org/sshpk/-/sshpk-1.13.0.tgz

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- chokidar-1.7.0.tgz
  - fsevents-1.1.3.tgz
    - node-pre-gyp-0.6.39.tgz
      - request-2.81.0.tgz
        
        http-signature-1.1.1.tgz
        
        ❌ sshpk-1.13.0.tgz (Vulnerable Library)

sshpk-1.13.1.tgz

A library for finding and using SSH public keys

Library home page: https://registry.npmjs.org/sshpk/-/sshpk-1.13.1.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/sshpk/package.json

Dependency Hierarchy:

cli-1.6.6.tgz (Root Library)
- less-2.7.3.tgz
  - request-2.81.0.tgz
    - http-signature-1.1.1.tgz
      - ❌ sshpk-1.13.1.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

Versions of sshpk before 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys.

Publish Date: 2018-04-25

URL: WS-2018-0084

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/606

Release Date: 2018-01-27

Fix Resolution: 1.14.1

Step up your Open Source Security Game with WhiteSource here

WS-2019-0063 (High) detected in js-yaml-3.7.0.tgz

WS-2019-0063 - High Severity Vulnerability

Vulnerable Library - js-yaml-3.7.0.tgz

YAML 1.2 parser and serializer

Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.7.0.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/js-yaml/package.json

Dependency Hierarchy:

karma-coverage-istanbul-reporter-1.4.1.tgz (Root Library)
- istanbul-api-1.2.2.tgz
  - ❌ js-yaml-3.7.0.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

Js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file.

Publish Date: 2019-04-30

URL: WS-2019-0063

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/813

Release Date: 2019-04-30

Fix Resolution: 3.13.1

Step up your Open Source Security Game with WhiteSource here

CVE-2017-16137 (Medium) detected in multiple libraries

CVE-2017-16137 - Medium Severity Vulnerability

Vulnerable Libraries - debug-2.6.8.tgz, debug-2.3.3.tgz, debug-2.2.0.tgz

debug-2.6.8.tgz

small debugging utility

Library home page: https://registry.npmjs.org/debug/-/debug-2.6.8.tgz

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- chokidar-1.7.0.tgz
  - fsevents-1.1.3.tgz
    - node-pre-gyp-0.6.39.tgz
      - tar-pack-3.4.0.tgz
        
        ❌ debug-2.6.8.tgz (Vulnerable Library)

debug-2.3.3.tgz

small debugging utility

Library home page: https://registry.npmjs.org/debug/-/debug-2.3.3.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/engine.io-client/node_modules/debug/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- socket.io-1.7.3.tgz
  - engine.io-1.8.3.tgz
    - ❌ debug-2.3.3.tgz (Vulnerable Library)

debug-2.2.0.tgz

small debugging utility

Library home page: https://registry.npmjs.org/debug/-/debug-2.2.0.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/socket.io-parser/node_modules/debug/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- socket.io-1.7.3.tgz
  - socket.io-parser-2.3.1.tgz
    - ❌ debug-2.2.0.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.

Publish Date: 2018-06-07

URL: CVE-2017-16137

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: debug-js/debug@42a6ae0

Release Date: 2017-09-21

Fix Resolution: Replace or update the following file: node.js

Step up your Open Source Security Game with WhiteSource here

WS-2019-0019 (Medium) detected in multiple libraries

WS-2019-0019 - Medium Severity Vulnerability

Vulnerable Libraries - braces-1.8.5.tgz, braces-0.1.5.tgz, braces-2.3.0.tgz

braces-1.8.5.tgz

Fastest brace expansion for node.js, with the most complete support for the Bash 4.3 braces specification.

Library home page: https://registry.npmjs.org/braces/-/braces-1.8.5.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/braces/package.json

Dependency Hierarchy:

cli-1.6.6.tgz (Root Library)
- webpack-dev-server-2.11.1.tgz
  - http-proxy-middleware-0.17.4.tgz
    - micromatch-2.3.11.tgz
      - ❌ braces-1.8.5.tgz (Vulnerable Library)

braces-0.1.5.tgz

Fastest brace expansion lib. Typically used with file paths, but can be used with any string. Expands comma-separated values (e.g. `foo/{a,b,c}/bar`) and alphabetical or numerical ranges (e.g. `{1..9}`)

Library home page: https://registry.npmjs.org/braces/-/braces-0.1.5.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/expand-braces/node_modules/braces/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- expand-braces-0.1.2.tgz
  - ❌ braces-0.1.5.tgz (Vulnerable Library)

braces-2.3.0.tgz

Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support for the Bash 4.3 braces specification, without sacrificing speed.

Library home page: https://registry.npmjs.org/braces/-/braces-2.3.0.tgz

Path to dependency file: /followers-app/package.json

Path to vulnerable library: /tmp/git/followers-app/node_modules/webpack-dev-server/node_modules/braces/package.json

Dependency Hierarchy:

cli-1.6.6.tgz (Root Library)
- webpack-dev-server-2.11.1.tgz
  - chokidar-2.0.2.tgz
    - ❌ braces-2.3.0.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

Version of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.

Publish Date: 2019-03-25

URL: WS-2019-0019

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/786

Release Date: 2019-02-21

Fix Resolution: 2.3.1

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19827 (High) detected in node-sass-v4.12.0

CVE-2018-19827 - High Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Library Source Files (121)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
/followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cencode.c
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/followers-app/node_modules/node-sass/src/libsass/src/file.cpp
/followers-app/node_modules/node-sass/src/callback_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
/followers-app/node_modules/node-sass/src/sass_types/list.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/json.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
/followers-app/node_modules/node-sass/src/sass_types/string.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.h
/followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
/followers-app/node_modules/node-sass/src/sass_types/factory.cpp
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
/followers-app/node_modules/node-sass/src/sass_types/color.cpp
/followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
/followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
/followers-app/node_modules/node-sass/src/libsass/src/context.hpp
/followers-app/node_modules/node-sass/src/sass_types/value.h
/followers-app/node_modules/node-sass/src/libsass/src/units.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.hpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
/followers-app/node_modules/node-sass/src/libsass/src/node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/followers-app/node_modules/node-sass/src/binding.cpp
/followers-app/node_modules/node-sass/src/sass_types/list.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
/followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
/followers-app/node_modules/node-sass/src/libsass/src/values.cpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
/followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
/followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/followers-app/node_modules/node-sass/src/sass_types/number.cpp
/followers-app/node_modules/node-sass/src/libsass/src/c99func.c
/followers-app/node_modules/node-sass/src/libsass/src/node.hpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
/followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/followers-app/node_modules/node-sass/src/sass_types/null.cpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
/followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
/followers-app/node_modules/node-sass/src/libsass/src/context.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
/followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
/followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
/followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.hpp
/followers-app/node_modules/node-sass/src/sass_types/map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/file.hpp
/followers-app/node_modules/node-sass/src/libsass/src/units.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
/followers-app/node_modules/node-sass/src/sass_types/color.h
/followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.hpp

Vulnerability Details

In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-12-03

URL: CVE-2018-19827

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-3750 (High) detected in deep-extend-0.4.2.tgz

CVE-2018-3750 - High Severity Vulnerability

Vulnerable Library - deep-extend-0.4.2.tgz

Recursive object extending

Library home page: https://registry.npmjs.org/deep-extend/-/deep-extend-0.4.2.tgz

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- chokidar-1.7.0.tgz
  - fsevents-1.1.3.tgz
    - node-pre-gyp-0.6.39.tgz
      - rc-1.2.1.tgz
        
        ❌ deep-extend-0.4.2.tgz (Vulnerable Library)

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Vulnerability Details

The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.

Publish Date: 2018-07-03

URL: CVE-2018-3750

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: RetireJS/retire.js@6a71696

Release Date: 2018-05-09

Fix Resolution: Replace or update the following file: npmrepository.json

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11693 (High) detected in node-sass-v4.12.0

CVE-2018-11693 - High Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 612167f00a75c15d918d67d9e8c2c9ada07b0632

Library Source Files (121)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/followers-app/node_modules/node-sass/src/libsass/src/error_handling.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.cpp
/followers-app/node_modules/node-sass/src/libsass/src/output.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.hpp
/followers-app/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/followers-app/node_modules/node-sass/src/libsass/src/bind.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/base.h
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.cpp
/followers-app/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.hpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cencode.c
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/followers-app/node_modules/node-sass/src/libsass/src/file.cpp
/followers-app/node_modules/node-sass/src/callback_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass2scss.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/emitter.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/followers-app/node_modules/node-sass/src/libsass/src/paths.hpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.cpp
/followers-app/node_modules/node-sass/src/libsass/test/test_unification.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.cpp
/followers-app/node_modules/node-sass/src/libsass/src/source_map.hpp
/followers-app/node_modules/node-sass/src/sass_types/list.h
/followers-app/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/json.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_util.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.cpp
/followers-app/node_modules/node-sass/src/libsass/src/listize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/error_handling.hpp
/followers-app/node_modules/node-sass/src/sass_types/string.cpp
/followers-app/node_modules/node-sass/src/libsass/src/eval.cpp
/followers-app/node_modules/node-sass/src/libsass/src/environment.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.h
/followers-app/node_modules/node-sass/src/libsass/src/emitter.hpp
/followers-app/node_modules/node-sass/src/libsass/src/extend.hpp
/followers-app/node_modules/node-sass/src/libsass/src/lexer.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debugger.hpp
/followers-app/node_modules/node-sass/src/sass_types/factory.cpp
/followers-app/node_modules/node-sass/src/libsass/src/prelexer.cpp
/followers-app/node_modules/node-sass/src/sass_types/color.cpp
/followers-app/node_modules/node-sass/src/libsass/src/operation.hpp
/followers-app/node_modules/node-sass/src/libsass/src/ast.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass.hpp
/followers-app/node_modules/node-sass/src/libsass/src/constants.hpp
/followers-app/node_modules/node-sass/src/sass_types/boolean.cpp
/followers-app/node_modules/node-sass/src/libsass/src/context.hpp
/followers-app/node_modules/node-sass/src/sass_types/value.h
/followers-app/node_modules/node-sass/src/libsass/src/units.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.cpp
/followers-app/node_modules/node-sass/src/libsass/src/functions.hpp
/followers-app/node_modules/node-sass/src/libsass/src/position.hpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.hpp
/followers-app/node_modules/node-sass/src/libsass/src/node.cpp
/followers-app/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/followers-app/node_modules/node-sass/src/libsass/src/cssize.cpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/followers-app/node_modules/node-sass/src/binding.cpp
/followers-app/node_modules/node-sass/src/sass_types/list.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/functions.h
/followers-app/node_modules/node-sass/src/custom_function_bridge.cpp
/followers-app/node_modules/node-sass/src/custom_importer_bridge.h
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.cpp
/followers-app/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/followers-app/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/ast.hpp
/followers-app/node_modules/node-sass/src/libsass/src/values.cpp
/followers-app/node_modules/node-sass/src/sass_context_wrapper.h
/followers-app/node_modules/node-sass/src/libsass/src/b64/encode.h
/followers-app/node_modules/node-sass/src/libsass/src/sass.cpp
/followers-app/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/followers-app/node_modules/node-sass/src/sass_types/number.cpp
/followers-app/node_modules/node-sass/src/libsass/src/c99func.c
/followers-app/node_modules/node-sass/src/libsass/src/node.hpp
/followers-app/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/followers-app/node_modules/node-sass/src/libsass/src/backtrace.hpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/values.h
/followers-app/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_context.cpp
/followers-app/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/followers-app/node_modules/node-sass/src/sass_types/null.cpp
/followers-app/node_modules/node-sass/src/libsass/src/expand.hpp
/followers-app/node_modules/node-sass/src/libsass/src/to_value.hpp
/followers-app/node_modules/node-sass/src/libsass/src/context.cpp
/followers-app/node_modules/node-sass/src/libsass/include/sass/context.h
/followers-app/node_modules/node-sass/src/libsass/src/to_c.cpp
/followers-app/node_modules/node-sass/src/libsass/src/sass_values.cpp
/followers-app/node_modules/node-sass/src/libsass/src/color_maps.hpp
/followers-app/node_modules/node-sass/src/libsass/src/inspect.hpp
/followers-app/node_modules/node-sass/src/libsass/script/test-leaks.pl
/followers-app/node_modules/node-sass/src/libsass/src/to_c.hpp
/followers-app/node_modules/node-sass/src/libsass/src/util.hpp
/followers-app/node_modules/node-sass/src/sass_types/map.cpp
/followers-app/node_modules/node-sass/src/libsass/src/file.hpp
/followers-app/node_modules/node-sass/src/libsass/src/units.hpp
/followers-app/node_modules/node-sass/src/libsass/src/plugins.hpp
/followers-app/node_modules/node-sass/src/sass_types/color.h
/followers-app/node_modules/node-sass/src/libsass/src/to_value.cpp
/followers-app/node_modules/node-sass/src/libsass/src/debug.hpp
/followers-app/node_modules/node-sass/src/libsass/src/parser.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11693

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

ilkeraltin / followers-app Goto Github PK

followers-app's People

Contributors

Stargazers

Watchers

followers-app's Issues

CVE-2018-19826 - Medium Severity Vulnerability

WS-2019-0017 - Medium Severity Vulnerability

WS-2019-0064 - High Severity Vulnerability

CVE-2018-20821 - Medium Severity Vulnerability

WS-2018-0021 - Medium Severity Vulnerability

CVE-2018-16487 - High Severity Vulnerability

CVE-2018-3739 - High Severity Vulnerability

CVE-2017-15010 - High Severity Vulnerability

CVE-2018-11696 - High Severity Vulnerability

CVE-2018-19838 - Medium Severity Vulnerability

CVE-2018-19839 - Medium Severity Vulnerability

CVE-2018-11695 - High Severity Vulnerability

WS-2018-0103 - Medium Severity Vulnerability

CVE-2018-13797 - High Severity Vulnerability

CVE-2018-11694 - High Severity Vulnerability

WS-2018-0072 - High Severity Vulnerability

CVE-2018-14041 - Medium Severity Vulnerability

WS-2018-0113 - High Severity Vulnerability

WS-2019-0032 - Medium Severity Vulnerability

WS-2019-0047 - Medium Severity Vulnerability

CVE-2018-11697 - High Severity Vulnerability

CVE-2018-11499 - High Severity Vulnerability

CVE-2018-3728 - High Severity Vulnerability

WS-2017-0421 - High Severity Vulnerability

CVE-2018-11698 - High Severity Vulnerability

CVE-2018-3721 - Medium Severity Vulnerability

CVE-2018-14040 - Medium Severity Vulnerability

CVE-2017-16113 - High Severity Vulnerability

CVE-2018-19837 - Medium Severity Vulnerability

CVE-2018-16492 - High Severity Vulnerability

CVE-2018-1002204 - Medium Severity Vulnerability

CVE-2018-3774 - High Severity Vulnerability

WS-2017-0247 - Low Severity Vulnerability

CVE-2018-14042 - Medium Severity Vulnerability

WS-2018-0076 - Medium Severity Vulnerability

CVE-2018-20190 - Medium Severity Vulnerability

CVE-2018-3745 - High Severity Vulnerability

CVE-2017-16028 - Medium Severity Vulnerability

WS-2019-0100 - Medium Severity Vulnerability

CVE-2018-1000620 - High Severity Vulnerability

CVE-2019-8331 - Medium Severity Vulnerability

CVE-2018-19797 - Medium Severity Vulnerability

CVE-2019-6283 - Medium Severity Vulnerability

WS-2018-0084 - High Severity Vulnerability

WS-2019-0063 - High Severity Vulnerability

CVE-2017-16137 - Medium Severity Vulnerability

WS-2019-0019 - Medium Severity Vulnerability

CVE-2018-19827 - High Severity Vulnerability

CVE-2018-3750 - High Severity Vulnerability

CVE-2018-11693 - High Severity Vulnerability

Recommend Projects

Recommend Topics

Recommend Org

Jobs