View Code? Open in Web Editor
NEW
High-End customizable Splitting-App (Multiplatform)
License: MIT License
JavaScript 1.55%
HTML 0.14%
Vue 18.49%
TypeScript 78.36%
CSS 1.46%
splitterino's People
Watchers
splitterino's Issues
CVE-2018-19839 - Medium Severity Vulnerability
Vulnerable Library - CSS::Sassv3.4.11
Library home page: https://metacpan.org/pod/CSS::Sass
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Library Source Files (60)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
/splitterino/node_modules/node-sass/src/libsass/src/color_maps.cpp
/splitterino/node_modules/node-sass/src/libsass/src/sass_util.hpp
/splitterino/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/splitterino/node_modules/node-sass/src/libsass/src/output.hpp
/splitterino/node_modules/node-sass/src/libsass/src/b64/cencode.h
/splitterino/node_modules/node-sass/src/libsass/src/source_map.cpp
/splitterino/node_modules/node-sass/src/libsass/src/lexer.cpp
/splitterino/node_modules/node-sass/src/libsass/src/utf8.h
/splitterino/node_modules/node-sass/src/libsass/test/test_node.cpp
/splitterino/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/splitterino/node_modules/node-sass/src/libsass/src/plugins.cpp
/splitterino/node_modules/node-sass/src/libsass/src/node.hpp
/splitterino/node_modules/node-sass/src/libsass/include/sass/base.h
/splitterino/node_modules/node-sass/src/libsass/src/json.hpp
/splitterino/node_modules/node-sass/src/libsass/src/environment.cpp
/splitterino/node_modules/node-sass/src/libsass/src/position.hpp
/splitterino/node_modules/node-sass/src/libsass/src/extend.hpp
/splitterino/node_modules/node-sass/src/libsass/src/subset_map.hpp
/splitterino/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/splitterino/node_modules/node-sass/src/libsass/src/sass_context.hpp
/splitterino/node_modules/node-sass/src/libsass/src/sass.hpp
/splitterino/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/splitterino/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/splitterino/node_modules/node-sass/src/libsass/src/utf8/core.h
/splitterino/node_modules/node-sass/src/libsass/include/sass/functions.h
/splitterino/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/splitterino/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/splitterino/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/splitterino/node_modules/node-sass/src/libsass/src/node.cpp
/splitterino/node_modules/node-sass/src/libsass/src/subset_map.cpp
/splitterino/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/splitterino/node_modules/node-sass/src/libsass/src/listize.cpp
/splitterino/node_modules/node-sass/src/libsass/src/c99func.c
/splitterino/node_modules/node-sass/src/libsass/src/position.cpp
/splitterino/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/splitterino/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/splitterino/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/splitterino/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/splitterino/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/splitterino/node_modules/node-sass/src/libsass/src/paths.hpp
/splitterino/node_modules/node-sass/src/libsass/include/sass/context.h
/splitterino/node_modules/node-sass/src/libsass/src/color_maps.hpp
/splitterino/node_modules/node-sass/src/libsass/test/test_unification.cpp
/splitterino/node_modules/node-sass/src/libsass/src/sass_util.cpp
/splitterino/node_modules/node-sass/src/libsass/script/test-leaks.pl
/splitterino/node_modules/node-sass/src/libsass/src/source_map.hpp
/splitterino/node_modules/node-sass/src/libsass/src/lexer.hpp
/splitterino/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/splitterino/node_modules/node-sass/src/libsass/src/json.cpp
/splitterino/node_modules/node-sass/src/libsass/src/units.cpp
/splitterino/node_modules/node-sass/src/libsass/src/to_c.hpp
/splitterino/node_modules/node-sass/src/libsass/src/units.hpp
/splitterino/node_modules/node-sass/src/libsass/src/b64/encode.h
/splitterino/node_modules/node-sass/src/libsass/src/file.hpp
/splitterino/node_modules/node-sass/src/libsass/src/environment.hpp
/splitterino/node_modules/node-sass/src/libsass/src/utf8/checked.h
/splitterino/node_modules/node-sass/src/libsass/src/plugins.hpp
/splitterino/node_modules/node-sass/src/libsass/src/listize.hpp
/splitterino/node_modules/node-sass/src/libsass/src/debug.hpp
/splitterino/node_modules/node-sass/src/libsass/include/sass2scss.h
Vulnerability Details
In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.
Publish Date: 2018-12-04
URL: CVE-2018-19839
CVSS 3 Score Details (6.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19839
Release Date: 2020-03-20
Fix Resolution: LibSass - 3.5.5
Step up your Open Source Security Game with WhiteSource here
Add option to use a custom target time
CVE-2019-6284 - Medium Severity Vulnerability
Vulnerable Libraries - node-sass-4.14.1.tgz
node-sass-4.14.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz
Path to dependency file: /tmp/ws-scm/splitterino/package.json
Path to vulnerable library: /splitterino/node_modules/node-sass/package.json
Dependency Hierarchy:
❌ node-sass-4.14.1.tgz (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.
Publish Date: 2019-01-14
URL: CVE-2019-6284
CVSS 3 Score Details (6.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6284
Release Date: 2019-08-06
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
CVE-2018-19838 - Medium Severity Vulnerability
Vulnerable Library - opennmsopennms-source-22.0.1-1
A Java based fault and performance management system
Library home page: https://sourceforge.net/projects/opennms/
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Library Source Files (64)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
/splitterino/node_modules/console-browserify/test/static/test-adapter.js
/splitterino/node_modules/nan/nan_callbacks_pre_12_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/expand.hpp
/splitterino/node_modules/node-sass/src/sass_types/factory.cpp
/splitterino/node_modules/js-base64/.attic/test-moment/./yoshinoya.js
/splitterino/node_modules/node-sass/src/sass_types/boolean.cpp
/splitterino/node_modules/node-sass/src/sass_types/value.h
/splitterino/node_modules/node-sass/src/libsass/src/emitter.hpp
/splitterino/node_modules/nan/nan_converters_pre_43_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/file.cpp
/splitterino/node_modules/nan/nan_persistent_12_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/operation.hpp
/splitterino/node_modules/nan/nan_persistent_pre_12_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/operators.hpp
/splitterino/node_modules/node-sass/src/libsass/src/constants.hpp
/splitterino/node_modules/node-sass/src/libsass/src/error_handling.hpp
/splitterino/node_modules/nan/nan_implementation_pre_12_inl.h
/splitterino/node_modules/js-base64/.attic/test-moment/./dankogai.js
/splitterino/node_modules/node-sass/src/libsass/src/constants.cpp
/splitterino/node_modules/node-sass/src/sass_types/list.cpp
/splitterino/node_modules/node-sass/src/libsass/src/functions.hpp
/splitterino/node_modules/node-sass/src/libsass/src/util.cpp
/splitterino/node_modules/node-sass/src/custom_function_bridge.cpp
/splitterino/node_modules/node-sass/src/custom_importer_bridge.h
/splitterino/node_modules/node-sass/src/libsass/src/bind.cpp
/splitterino/node_modules/nan/nan_json.h
/splitterino/node_modules/node-sass/src/libsass/src/eval.hpp
/splitterino/node_modules/nan/nan_converters.h
/splitterino/node_modules/node-sass/src/libsass/src/backtrace.cpp
/splitterino/node_modules/node-sass/src/libsass/src/extend.cpp
/splitterino/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/splitterino/node_modules/node-sass/src/libsass/src/error_handling.cpp
/splitterino/node_modules/node-sass/src/libsass/src/emitter.cpp
/splitterino/node_modules/node-sass/src/sass_types/number.cpp
/splitterino/node_modules/node-sass/src/sass_types/color.h
/splitterino/node_modules/nan/nan_new.h
/splitterino/node_modules/node-sass/src/libsass/src/sass_values.cpp
/splitterino/node_modules/node-sass/src/libsass/src/ast.hpp
/splitterino/node_modules/node-sass/src/libsass/src/output.cpp
/splitterino/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/splitterino/node_modules/node-sass/src/sass_types/null.cpp
/splitterino/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/splitterino/node_modules/node-sass/src/libsass/src/cssize.hpp
/splitterino/node_modules/node-sass/src/libsass/src/ast.cpp
/splitterino/node_modules/node-sass/src/libsass/src/to_c.cpp
/splitterino/node_modules/node-sass/src/libsass/src/to_value.hpp
/splitterino/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/splitterino/node_modules/nan/nan_callbacks.h
/splitterino/node_modules/node-sass/src/libsass/src/inspect.hpp
/splitterino/node_modules/node-sass/src/sass_types/color.cpp
/splitterino/node_modules/node-sass/src/libsass/src/values.cpp
/splitterino/node_modules/node-sass/src/sass_types/list.h
/splitterino/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/splitterino/node_modules/nan/nan_define_own_property_helper.h
/splitterino/node_modules/js-base64/test/./es5.js
/splitterino/node_modules/node-sass/src/sass_types/map.cpp
/splitterino/node_modules/node-sass/src/libsass/src/to_value.cpp
/splitterino/node_modules/node-sass/src/libsass/src/context.cpp
/splitterino/node_modules/node-sass/src/sass_types/string.cpp
/splitterino/node_modules/node-sass/src/libsass/src/sass_context.cpp
/splitterino/node_modules/node-sass/src/libsass/src/prelexer.hpp
/splitterino/node_modules/node-sass/src/libsass/src/context.hpp
/splitterino/node_modules/node-sass/src/sass_types/boolean.h
/splitterino/node_modules/nan/nan_private.h
Vulnerability Details
In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().
Publish Date: 2018-12-04
URL: CVE-2018-19838
CVSS 3 Score Details (6.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://github.com/sass/libsass/blob/3.6.0/src/ast.cpp
Release Date: 2019-07-01
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
CVE-2018-20822 - Medium Severity Vulnerability
Vulnerable Library - opennmsopennms-source-22.0.1-1
A Java based fault and performance management system
Library home page: https://sourceforge.net/projects/opennms/
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Library Source Files (64)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
/splitterino/node_modules/console-browserify/test/static/test-adapter.js
/splitterino/node_modules/nan/nan_callbacks_pre_12_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/expand.hpp
/splitterino/node_modules/node-sass/src/sass_types/factory.cpp
/splitterino/node_modules/js-base64/.attic/test-moment/./yoshinoya.js
/splitterino/node_modules/node-sass/src/sass_types/boolean.cpp
/splitterino/node_modules/node-sass/src/sass_types/value.h
/splitterino/node_modules/node-sass/src/libsass/src/emitter.hpp
/splitterino/node_modules/nan/nan_converters_pre_43_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/file.cpp
/splitterino/node_modules/nan/nan_persistent_12_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/operation.hpp
/splitterino/node_modules/nan/nan_persistent_pre_12_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/operators.hpp
/splitterino/node_modules/node-sass/src/libsass/src/constants.hpp
/splitterino/node_modules/node-sass/src/libsass/src/error_handling.hpp
/splitterino/node_modules/nan/nan_implementation_pre_12_inl.h
/splitterino/node_modules/js-base64/.attic/test-moment/./dankogai.js
/splitterino/node_modules/node-sass/src/libsass/src/constants.cpp
/splitterino/node_modules/node-sass/src/sass_types/list.cpp
/splitterino/node_modules/node-sass/src/libsass/src/functions.hpp
/splitterino/node_modules/node-sass/src/libsass/src/util.cpp
/splitterino/node_modules/node-sass/src/custom_function_bridge.cpp
/splitterino/node_modules/node-sass/src/custom_importer_bridge.h
/splitterino/node_modules/node-sass/src/libsass/src/bind.cpp
/splitterino/node_modules/nan/nan_json.h
/splitterino/node_modules/node-sass/src/libsass/src/eval.hpp
/splitterino/node_modules/nan/nan_converters.h
/splitterino/node_modules/node-sass/src/libsass/src/backtrace.cpp
/splitterino/node_modules/node-sass/src/libsass/src/extend.cpp
/splitterino/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/splitterino/node_modules/node-sass/src/libsass/src/error_handling.cpp
/splitterino/node_modules/node-sass/src/libsass/src/emitter.cpp
/splitterino/node_modules/node-sass/src/sass_types/number.cpp
/splitterino/node_modules/node-sass/src/sass_types/color.h
/splitterino/node_modules/nan/nan_new.h
/splitterino/node_modules/node-sass/src/libsass/src/sass_values.cpp
/splitterino/node_modules/node-sass/src/libsass/src/ast.hpp
/splitterino/node_modules/node-sass/src/libsass/src/output.cpp
/splitterino/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/splitterino/node_modules/node-sass/src/sass_types/null.cpp
/splitterino/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/splitterino/node_modules/node-sass/src/libsass/src/cssize.hpp
/splitterino/node_modules/node-sass/src/libsass/src/ast.cpp
/splitterino/node_modules/node-sass/src/libsass/src/to_c.cpp
/splitterino/node_modules/node-sass/src/libsass/src/to_value.hpp
/splitterino/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/splitterino/node_modules/nan/nan_callbacks.h
/splitterino/node_modules/node-sass/src/libsass/src/inspect.hpp
/splitterino/node_modules/node-sass/src/sass_types/color.cpp
/splitterino/node_modules/node-sass/src/libsass/src/values.cpp
/splitterino/node_modules/node-sass/src/sass_types/list.h
/splitterino/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/splitterino/node_modules/nan/nan_define_own_property_helper.h
/splitterino/node_modules/js-base64/test/./es5.js
/splitterino/node_modules/node-sass/src/sass_types/map.cpp
/splitterino/node_modules/node-sass/src/libsass/src/to_value.cpp
/splitterino/node_modules/node-sass/src/libsass/src/context.cpp
/splitterino/node_modules/node-sass/src/sass_types/string.cpp
/splitterino/node_modules/node-sass/src/libsass/src/sass_context.cpp
/splitterino/node_modules/node-sass/src/libsass/src/prelexer.hpp
/splitterino/node_modules/node-sass/src/libsass/src/context.hpp
/splitterino/node_modules/node-sass/src/sass_types/boolean.h
/splitterino/node_modules/nan/nan_private.h
Vulnerability Details
LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).
Publish Date: 2019-04-23
URL: CVE-2018-20822
CVSS 3 Score Details (6.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20822
Release Date: 2019-08-06
Fix Resolution: LibSass - 3.6.0;node-sass - 4.13.1
Step up your Open Source Security Game with WhiteSource here
CVE-2020-7598 - Medium Severity Vulnerability
Vulnerable Library - minimist-0.0.10.tgz
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.10.tgz
Path to dependency file: /tmp/ws-scm/splitterino/package.json
Path to vulnerable library: /tmp/ws-scm/splitterino/node_modules/optimist/node_modules/minimist/package.json
Dependency Hierarchy:
optimist-0.6.1.tgz (Root Library)
❌ minimist-0.0.10.tgz (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto " payload.
Publish Date: 2020-03-11
URL: CVE-2020-7598
CVSS 3 Score Details (5.6 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: None
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: Low
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94
Release Date: 2020-03-11
Fix Resolution: minimist - 0.2.1,1.2.3
Step up your Open Source Security Game with WhiteSource here
CVE-2019-11358 - Medium Severity Vulnerability
Vulnerable Library - jquery-2.1.4.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/splitterino/node_modules/js-base64/.attic/test-moment/index.html
Path to vulnerable library: /splitterino/node_modules/js-base64/.attic/test-moment/index.html
Dependency Hierarchy:
❌ jquery-2.1.4.min.js (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
CVSS 3 Score Details (6.1 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Impact Metrics:
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: 3.4.0
Step up your Open Source Security Game with WhiteSource here
CVE-2018-20190 - Medium Severity Vulnerability
Vulnerable Libraries -
Vulnerability Details
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.
Publish Date: 2018-12-17
URL: CVE-2018-20190
CVSS 3 Score Details (6.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20190
Release Date: 2018-12-17
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
CVE-2019-6286 - Medium Severity Vulnerability
Vulnerable Libraries - node-sass-4.14.1.tgz
node-sass-4.14.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz
Path to dependency file: /tmp/ws-scm/splitterino/package.json
Path to vulnerable library: /splitterino/node_modules/node-sass/package.json
Dependency Hierarchy:
❌ node-sass-4.14.1.tgz (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693 .
Publish Date: 2019-01-14
URL: CVE-2019-6286
CVSS 3 Score Details (6.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6286
Release Date: 2019-08-06
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
WS-2020-0070 - High Severity Vulnerability
Vulnerable Library - lodash-4.17.15.tgz
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Path to dependency file: /tmp/ws-scm/splitterino/package.json
Path to vulnerable library: /splitterino/node_modules/lodash/package.json
Dependency Hierarchy:
❌ lodash-4.17.15.tgz (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype
Publish Date: 2020-04-28
URL: WS-2020-0070
CVSS 3 Score Details (8.1 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: None
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High
For more information on CVSS3 Scores, click here .
Step up your Open Source Security Game with WhiteSource here
CVE-2020-7660 - Medium Severity Vulnerability
Vulnerable Library - serialize-javascript-2.1.2.tgz
Serialize JavaScript to a superset of JSON that includes regular expressions and functions.
Library home page: https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-2.1.2.tgz
Path to dependency file: /tmp/ws-scm/splitterino/package.json
Path to vulnerable library: /tmp/ws-scm/splitterino/node_modules/copy-webpack-plugin/node_modules/serialize-javascript/package.json
Dependency Hierarchy:
cli-service-4.4.1.tgz (Root Library)
copy-webpack-plugin-5.1.1.tgz
❌ serialize-javascript-2.1.2.tgz (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".
Publish Date: 2020-06-01
URL: CVE-2020-7660
CVSS 3 Score Details (5.0 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: N/A
Attack Complexity: N/A
Privileges Required: N/A
User Interaction: N/A
Scope: N/A
Impact Metrics:
Confidentiality Impact: N/A
Integrity Impact: N/A
Availability Impact: N/A
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7660
Release Date: 2020-06-01
Fix Resolution: serialize-javascript - 3.1.0
Step up your Open Source Security Game with WhiteSource here
General Styles for everything
Add support for start delay
CVE-2020-11022 - Medium Severity Vulnerability
Vulnerable Libraries - jquery-3.4.0.min.js , jquery-1.7.2.min.js , jquery-2.1.4.min.js
jquery-3.4.0.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.0/jquery.min.js
Path to dependency file: /tmp/ws-scm/splitterino/node_modules/js-base64/test/index.html
Path to vulnerable library: /splitterino/node_modules/js-base64/test/index.html
Dependency Hierarchy:
❌ jquery-3.4.0.min.js (Vulnerable Library)
jquery-1.7.2.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to dependency file: /tmp/ws-scm/splitterino/node_modules/jmespath/index.html
Path to vulnerable library: /splitterino/node_modules/jmespath/index.html
Dependency Hierarchy:
❌ jquery-1.7.2.min.js (Vulnerable Library)
jquery-2.1.4.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/splitterino/node_modules/js-base64/.attic/test-moment/index.html
Path to vulnerable library: /splitterino/node_modules/js-base64/.attic/test-moment/index.html
Dependency Hierarchy:
❌ jquery-2.1.4.min.js (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
CVSS 3 Score Details (6.1 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Impact Metrics:
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
CVE-2018-11499 - High Severity Vulnerability
Vulnerable Libraries -
Vulnerability Details
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.
Publish Date: 2018-05-26
URL: CVE-2018-11499
CVSS 3 Score Details (9.8 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11499
Release Date: 2018-05-26
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
CVE-2015-9251 - Medium Severity Vulnerability
Vulnerable Libraries - jquery-1.7.2.min.js , jquery-2.1.4.min.js
jquery-1.7.2.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to dependency file: /tmp/ws-scm/splitterino/node_modules/jmespath/index.html
Path to vulnerable library: /splitterino/node_modules/jmespath/index.html
Dependency Hierarchy:
❌ jquery-1.7.2.min.js (Vulnerable Library)
jquery-2.1.4.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/splitterino/node_modules/js-base64/.attic/test-moment/index.html
Path to vulnerable library: /splitterino/node_modules/js-base64/.attic/test-moment/index.html
Dependency Hierarchy:
❌ jquery-2.1.4.min.js (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
CVSS 3 Score Details (6.1 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Impact Metrics:
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - v3.0.0
Step up your Open Source Security Game with WhiteSource here
CVE-2018-11697 - High Severity Vulnerability
Vulnerable Libraries -
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11697
CVSS 3 Score Details (8.1 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11697
Release Date: 2019-09-01
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
CVE-2020-8116 - High Severity Vulnerability
Vulnerable Library - dot-prop-4.2.0.tgz
Get, set, or delete a property from a nested object using a dot path
Library home page: https://registry.npmjs.org/dot-prop/-/dot-prop-4.2.0.tgz
Path to dependency file: /tmp/ws-scm/splitterino/package.json
Path to vulnerable library: /tmp/ws-scm/splitterino/node_modules/configstore/node_modules/dot-prop/package.json
Dependency Hierarchy:
vue-cli-plugin-electron-builder-1.4.6.tgz (Root Library)
electron-builder-21.2.0.tgz
update-notifier-3.0.1.tgz
configstore-4.0.0.tgz
❌ dot-prop-4.2.0.tgz (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
Publish Date: 2020-02-04
URL: CVE-2020-8116
CVSS 3 Score Details (9.8 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8116
Release Date: 2020-02-04
Fix Resolution: dot-prop - 5.1.1
Step up your Open Source Security Game with WhiteSource here
CVE-2018-11694 - High Severity Vulnerability
Vulnerable Library - opennmsopennms-source-24.1.2-1
A Java based fault and performance management system
Library home page: https://sourceforge.net/projects/opennms/
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Library Source Files (12)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
/splitterino/node_modules/node-sass/src/libsass/src/util.hpp
/splitterino/node_modules/node-sass/src/libsass/src/cssize.cpp
/splitterino/node_modules/node-sass/src/sass_context_wrapper.cpp
/splitterino/node_modules/node-sass/src/libsass/src/functions.cpp
/splitterino/node_modules/node-sass/src/libsass/src/expand.cpp
/splitterino/node_modules/node-sass/src/libsass/src/prelexer.cpp
/splitterino/node_modules/node-sass/src/callback_bridge.h
/splitterino/node_modules/node-sass/src/libsass/src/sass.cpp
/splitterino/node_modules/node-sass/src/sass_context_wrapper.h
/splitterino/node_modules/node-sass/src/libsass/src/parser.hpp
/splitterino/node_modules/node-sass/src/libsass/src/eval.cpp
/splitterino/node_modules/node-sass/src/libsass/src/debugger.hpp
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11694
CVSS 3 Score Details (8.8 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11694
Release Date: 2018-06-04
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
CVE-2018-11698 - High Severity Vulnerability
Vulnerable Library - opennmsopennms-source-22.0.1-1
A Java based fault and performance management system
Library home page: https://sourceforge.net/projects/opennms/
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Library Source Files (64)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
/splitterino/node_modules/console-browserify/test/static/test-adapter.js
/splitterino/node_modules/nan/nan_callbacks_pre_12_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/expand.hpp
/splitterino/node_modules/node-sass/src/sass_types/factory.cpp
/splitterino/node_modules/js-base64/.attic/test-moment/./yoshinoya.js
/splitterino/node_modules/node-sass/src/sass_types/boolean.cpp
/splitterino/node_modules/node-sass/src/sass_types/value.h
/splitterino/node_modules/node-sass/src/libsass/src/emitter.hpp
/splitterino/node_modules/nan/nan_converters_pre_43_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/file.cpp
/splitterino/node_modules/nan/nan_persistent_12_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/operation.hpp
/splitterino/node_modules/nan/nan_persistent_pre_12_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/operators.hpp
/splitterino/node_modules/node-sass/src/libsass/src/constants.hpp
/splitterino/node_modules/node-sass/src/libsass/src/error_handling.hpp
/splitterino/node_modules/nan/nan_implementation_pre_12_inl.h
/splitterino/node_modules/js-base64/.attic/test-moment/./dankogai.js
/splitterino/node_modules/node-sass/src/libsass/src/constants.cpp
/splitterino/node_modules/node-sass/src/sass_types/list.cpp
/splitterino/node_modules/node-sass/src/libsass/src/functions.hpp
/splitterino/node_modules/node-sass/src/libsass/src/util.cpp
/splitterino/node_modules/node-sass/src/custom_function_bridge.cpp
/splitterino/node_modules/node-sass/src/custom_importer_bridge.h
/splitterino/node_modules/node-sass/src/libsass/src/bind.cpp
/splitterino/node_modules/nan/nan_json.h
/splitterino/node_modules/node-sass/src/libsass/src/eval.hpp
/splitterino/node_modules/nan/nan_converters.h
/splitterino/node_modules/node-sass/src/libsass/src/backtrace.cpp
/splitterino/node_modules/node-sass/src/libsass/src/extend.cpp
/splitterino/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/splitterino/node_modules/node-sass/src/libsass/src/error_handling.cpp
/splitterino/node_modules/node-sass/src/libsass/src/emitter.cpp
/splitterino/node_modules/node-sass/src/sass_types/number.cpp
/splitterino/node_modules/node-sass/src/sass_types/color.h
/splitterino/node_modules/nan/nan_new.h
/splitterino/node_modules/node-sass/src/libsass/src/sass_values.cpp
/splitterino/node_modules/node-sass/src/libsass/src/ast.hpp
/splitterino/node_modules/node-sass/src/libsass/src/output.cpp
/splitterino/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/splitterino/node_modules/node-sass/src/sass_types/null.cpp
/splitterino/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/splitterino/node_modules/node-sass/src/libsass/src/cssize.hpp
/splitterino/node_modules/node-sass/src/libsass/src/ast.cpp
/splitterino/node_modules/node-sass/src/libsass/src/to_c.cpp
/splitterino/node_modules/node-sass/src/libsass/src/to_value.hpp
/splitterino/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/splitterino/node_modules/nan/nan_callbacks.h
/splitterino/node_modules/node-sass/src/libsass/src/inspect.hpp
/splitterino/node_modules/node-sass/src/sass_types/color.cpp
/splitterino/node_modules/node-sass/src/libsass/src/values.cpp
/splitterino/node_modules/node-sass/src/sass_types/list.h
/splitterino/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/splitterino/node_modules/nan/nan_define_own_property_helper.h
/splitterino/node_modules/js-base64/test/./es5.js
/splitterino/node_modules/node-sass/src/sass_types/map.cpp
/splitterino/node_modules/node-sass/src/libsass/src/to_value.cpp
/splitterino/node_modules/node-sass/src/libsass/src/context.cpp
/splitterino/node_modules/node-sass/src/sass_types/string.cpp
/splitterino/node_modules/node-sass/src/libsass/src/sass_context.cpp
/splitterino/node_modules/node-sass/src/libsass/src/prelexer.hpp
/splitterino/node_modules/node-sass/src/libsass/src/context.hpp
/splitterino/node_modules/node-sass/src/sass_types/boolean.h
/splitterino/node_modules/nan/nan_private.h
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11698
CVSS 3 Score Details (8.1 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11698
Release Date: 2019-08-06
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
Fix current Splitting
Fix Split pausing and timing issues
CVE-2020-7656 - Medium Severity Vulnerability
Vulnerable Library - jquery-1.7.2.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to dependency file: /tmp/ws-scm/splitterino/node_modules/jmespath/index.html
Path to vulnerable library: /splitterino/node_modules/jmespath/index.html
Dependency Hierarchy:
❌ jquery-1.7.2.min.js (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
Publish Date: 2020-05-19
URL: CVE-2020-7656
CVSS 3 Score Details (6.1 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Impact Metrics:
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7656
Release Date: 2020-05-19
Fix Resolution: 1.9.0b1
Step up your Open Source Security Game with WhiteSource here
WS-2019-0424 - Medium Severity Vulnerability
Vulnerable Library - elliptic-6.5.2.tgz
EC cryptography
Library home page: https://registry.npmjs.org/elliptic/-/elliptic-6.5.2.tgz
Path to dependency file: /tmp/ws-scm/splitterino/package.json
Path to vulnerable library: /tmp/ws-scm/splitterino/node_modules/elliptic/package.json
Dependency Hierarchy:
cli-plugin-babel-4.4.1.tgz (Root Library)
webpack-4.43.0.tgz
node-libs-browser-2.2.1.tgz
crypto-browserify-3.12.0.tgz
browserify-sign-4.2.0.tgz
❌ elliptic-6.5.2.tgz (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
all versions of elliptic are vulnerable to Timing Attack through side-channels.
Publish Date: 2019-11-13
URL: WS-2019-0424
CVSS 3 Score Details (5.9 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Adjacent
Attack Complexity: High
Privileges Required: None
User Interaction: None
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: Low
Integrity Impact: High
Availability Impact: None
For more information on CVSS3 Scores, click here .
Step up your Open Source Security Game with WhiteSource here
CVE-2018-19797 - Medium Severity Vulnerability
Vulnerable Libraries -
Vulnerability Details
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.
Publish Date: 2018-12-03
URL: CVE-2018-19797
CVSS 3 Score Details (6.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19797
Release Date: 2019-09-01
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
Move away from Electron as the app is getting too complicated with electron while it can be easily solved via nwjs.
Should save up a lot of issues and clear some of the current one.
CVE-2018-11695 - High Severity Vulnerability
Vulnerable Library - opennmsopennms-source-24.1.2-1
A Java based fault and performance management system
Library home page: https://sourceforge.net/projects/opennms/
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Library Source Files (12)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
/splitterino/node_modules/node-sass/src/libsass/src/util.hpp
/splitterino/node_modules/node-sass/src/libsass/src/cssize.cpp
/splitterino/node_modules/node-sass/src/sass_context_wrapper.cpp
/splitterino/node_modules/node-sass/src/libsass/src/functions.cpp
/splitterino/node_modules/node-sass/src/libsass/src/expand.cpp
/splitterino/node_modules/node-sass/src/libsass/src/prelexer.cpp
/splitterino/node_modules/node-sass/src/callback_bridge.h
/splitterino/node_modules/node-sass/src/libsass/src/sass.cpp
/splitterino/node_modules/node-sass/src/sass_context_wrapper.h
/splitterino/node_modules/node-sass/src/libsass/src/parser.hpp
/splitterino/node_modules/node-sass/src/libsass/src/eval.cpp
/splitterino/node_modules/node-sass/src/libsass/src/debugger.hpp
Vulnerability Details
An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11695
CVSS 3 Score Details (8.8 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11695
Release Date: 2018-06-04
Fix Resolution: LibSass - 3.6.0;node-sass - 4.13.1
Step up your Open Source Security Game with WhiteSource here
CVE-2012-6708 - Medium Severity Vulnerability
Vulnerable Library - jquery-1.7.2.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to dependency file: /tmp/ws-scm/splitterino/node_modules/jmespath/index.html
Path to vulnerable library: /splitterino/node_modules/jmespath/index.html
Dependency Hierarchy:
❌ jquery-1.7.2.min.js (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
Publish Date: 2018-01-18
URL: CVE-2012-6708
CVSS 3 Score Details (6.1 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Impact Metrics:
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6708
Release Date: 2018-01-18
Fix Resolution: jQuery - v1.9.0
Step up your Open Source Security Game with WhiteSource here
Extract the Vue-Part and put it into own repository.
This repository will then be used for the desktop-wrapper.
CVE-2019-6283 - Medium Severity Vulnerability
Vulnerable Libraries - node-sass-4.14.1.tgz
node-sass-4.14.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz
Path to dependency file: /tmp/ws-scm/splitterino/package.json
Path to vulnerable library: /splitterino/node_modules/node-sass/package.json
Dependency Hierarchy:
❌ node-sass-4.14.1.tgz (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.
Publish Date: 2019-01-14
URL: CVE-2019-6283
CVSS 3 Score Details (6.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6284
Release Date: 2019-08-06
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
CVE-2018-20821 - Medium Severity Vulnerability
Vulnerable Libraries - node-sass-4.14.1.tgz
node-sass-4.14.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz
Path to dependency file: /tmp/ws-scm/splitterino/package.json
Path to vulnerable library: /splitterino/node_modules/node-sass/package.json
Dependency Hierarchy:
❌ node-sass-4.14.1.tgz (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).
Publish Date: 2019-04-23
URL: CVE-2018-20821
CVSS 3 Score Details (6.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20821
Release Date: 2019-04-23
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
Modal/Popup for settings and configuration
CVE-2018-19827 - High Severity Vulnerability
Vulnerable Libraries -
Vulnerability Details
In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-12-03
URL: CVE-2018-19827
CVSS 3 Score Details (8.8 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: sass/libsass#2784
Release Date: 2019-08-29
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
CVE-2019-18797 - Medium Severity Vulnerability
Vulnerable Library - opennmsopennms-source-24.1.2-1
A Java based fault and performance management system
Library home page: https://sourceforge.net/projects/opennms/
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Library Source Files (12)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
/splitterino/node_modules/node-sass/src/libsass/src/util.hpp
/splitterino/node_modules/node-sass/src/libsass/src/cssize.cpp
/splitterino/node_modules/node-sass/src/sass_context_wrapper.cpp
/splitterino/node_modules/node-sass/src/libsass/src/functions.cpp
/splitterino/node_modules/node-sass/src/libsass/src/expand.cpp
/splitterino/node_modules/node-sass/src/libsass/src/prelexer.cpp
/splitterino/node_modules/node-sass/src/callback_bridge.h
/splitterino/node_modules/node-sass/src/libsass/src/sass.cpp
/splitterino/node_modules/node-sass/src/sass_context_wrapper.h
/splitterino/node_modules/node-sass/src/libsass/src/parser.hpp
/splitterino/node_modules/node-sass/src/libsass/src/eval.cpp
/splitterino/node_modules/node-sass/src/libsass/src/debugger.hpp
Vulnerability Details
LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.
Publish Date: 2019-11-06
URL: CVE-2019-18797
CVSS 3 Score Details (6.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18797
Release Date: 2019-11-06
Fix Resolution: LibSass - 3.6.3
Step up your Open Source Security Game with WhiteSource here