View Code? Open in Web Editor
NEW
High-End customizable Splitting-App (Multiplatform)
License: MIT License
JavaScript 1.55%
HTML 0.14%
Vue 18.49%
TypeScript 78.36%
CSS 1.46%
splitterino's Issues
CVE-2012-6708 - Medium Severity Vulnerability
Vulnerable Library - jquery-1.7.2.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to dependency file: /tmp/ws-scm/splitterino/node_modules/jmespath/index.html
Path to vulnerable library: /splitterino/node_modules/jmespath/index.html
Dependency Hierarchy:
❌ jquery-1.7.2.min.js (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
Publish Date: 2018-01-18
URL: CVE-2012-6708
CVSS 3 Score Details (6.1 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Impact Metrics:
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6708
Release Date: 2018-01-18
Fix Resolution: jQuery - v1.9.0
Step up your Open Source Security Game with WhiteSource here
CVE-2018-11697 - High Severity Vulnerability
Vulnerable Libraries -
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11697
CVSS 3 Score Details (8.1 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11697
Release Date: 2019-09-01
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
WS-2020-0070 - High Severity Vulnerability
Vulnerable Library - lodash-4.17.15.tgz
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Path to dependency file: /tmp/ws-scm/splitterino/package.json
Path to vulnerable library: /splitterino/node_modules/lodash/package.json
Dependency Hierarchy:
❌ lodash-4.17.15.tgz (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype
Publish Date: 2020-04-28
URL: WS-2020-0070
CVSS 3 Score Details (8.1 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: None
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High
For more information on CVSS3 Scores, click here .
Step up your Open Source Security Game with WhiteSource here
CVE-2020-8116 - High Severity Vulnerability
Vulnerable Library - dot-prop-4.2.0.tgz
Get, set, or delete a property from a nested object using a dot path
Library home page: https://registry.npmjs.org/dot-prop/-/dot-prop-4.2.0.tgz
Path to dependency file: /tmp/ws-scm/splitterino/package.json
Path to vulnerable library: /tmp/ws-scm/splitterino/node_modules/configstore/node_modules/dot-prop/package.json
Dependency Hierarchy:
vue-cli-plugin-electron-builder-1.4.6.tgz (Root Library)
electron-builder-21.2.0.tgz
update-notifier-3.0.1.tgz
configstore-4.0.0.tgz
❌ dot-prop-4.2.0.tgz (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
Publish Date: 2020-02-04
URL: CVE-2020-8116
CVSS 3 Score Details (9.8 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8116
Release Date: 2020-02-04
Fix Resolution: dot-prop - 5.1.1
Step up your Open Source Security Game with WhiteSource here
CVE-2020-7660 - Medium Severity Vulnerability
Vulnerable Library - serialize-javascript-2.1.2.tgz
Serialize JavaScript to a superset of JSON that includes regular expressions and functions.
Library home page: https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-2.1.2.tgz
Path to dependency file: /tmp/ws-scm/splitterino/package.json
Path to vulnerable library: /tmp/ws-scm/splitterino/node_modules/copy-webpack-plugin/node_modules/serialize-javascript/package.json
Dependency Hierarchy:
cli-service-4.4.1.tgz (Root Library)
copy-webpack-plugin-5.1.1.tgz
❌ serialize-javascript-2.1.2.tgz (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".
Publish Date: 2020-06-01
URL: CVE-2020-7660
CVSS 3 Score Details (5.0 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: N/A
Attack Complexity: N/A
Privileges Required: N/A
User Interaction: N/A
Scope: N/A
Impact Metrics:
Confidentiality Impact: N/A
Integrity Impact: N/A
Availability Impact: N/A
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7660
Release Date: 2020-06-01
Fix Resolution: serialize-javascript - 3.1.0
Step up your Open Source Security Game with WhiteSource here
CVE-2018-11694 - High Severity Vulnerability
Vulnerable Library - opennmsopennms-source-24.1.2-1
A Java based fault and performance management system
Library home page: https://sourceforge.net/projects/opennms/
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Library Source Files (12)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
/splitterino/node_modules/node-sass/src/libsass/src/util.hpp
/splitterino/node_modules/node-sass/src/libsass/src/cssize.cpp
/splitterino/node_modules/node-sass/src/sass_context_wrapper.cpp
/splitterino/node_modules/node-sass/src/libsass/src/functions.cpp
/splitterino/node_modules/node-sass/src/libsass/src/expand.cpp
/splitterino/node_modules/node-sass/src/libsass/src/prelexer.cpp
/splitterino/node_modules/node-sass/src/callback_bridge.h
/splitterino/node_modules/node-sass/src/libsass/src/sass.cpp
/splitterino/node_modules/node-sass/src/sass_context_wrapper.h
/splitterino/node_modules/node-sass/src/libsass/src/parser.hpp
/splitterino/node_modules/node-sass/src/libsass/src/eval.cpp
/splitterino/node_modules/node-sass/src/libsass/src/debugger.hpp
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11694
CVSS 3 Score Details (8.8 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11694
Release Date: 2018-06-04
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
CVE-2019-6283 - Medium Severity Vulnerability
Vulnerable Libraries - node-sass-4.14.1.tgz
node-sass-4.14.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz
Path to dependency file: /tmp/ws-scm/splitterino/package.json
Path to vulnerable library: /splitterino/node_modules/node-sass/package.json
Dependency Hierarchy:
❌ node-sass-4.14.1.tgz (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.
Publish Date: 2019-01-14
URL: CVE-2019-6283
CVSS 3 Score Details (6.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6284
Release Date: 2019-08-06
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
CVE-2018-11698 - High Severity Vulnerability
Vulnerable Library - opennmsopennms-source-22.0.1-1
A Java based fault and performance management system
Library home page: https://sourceforge.net/projects/opennms/
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Library Source Files (64)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
/splitterino/node_modules/console-browserify/test/static/test-adapter.js
/splitterino/node_modules/nan/nan_callbacks_pre_12_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/expand.hpp
/splitterino/node_modules/node-sass/src/sass_types/factory.cpp
/splitterino/node_modules/js-base64/.attic/test-moment/./yoshinoya.js
/splitterino/node_modules/node-sass/src/sass_types/boolean.cpp
/splitterino/node_modules/node-sass/src/sass_types/value.h
/splitterino/node_modules/node-sass/src/libsass/src/emitter.hpp
/splitterino/node_modules/nan/nan_converters_pre_43_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/file.cpp
/splitterino/node_modules/nan/nan_persistent_12_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/operation.hpp
/splitterino/node_modules/nan/nan_persistent_pre_12_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/operators.hpp
/splitterino/node_modules/node-sass/src/libsass/src/constants.hpp
/splitterino/node_modules/node-sass/src/libsass/src/error_handling.hpp
/splitterino/node_modules/nan/nan_implementation_pre_12_inl.h
/splitterino/node_modules/js-base64/.attic/test-moment/./dankogai.js
/splitterino/node_modules/node-sass/src/libsass/src/constants.cpp
/splitterino/node_modules/node-sass/src/sass_types/list.cpp
/splitterino/node_modules/node-sass/src/libsass/src/functions.hpp
/splitterino/node_modules/node-sass/src/libsass/src/util.cpp
/splitterino/node_modules/node-sass/src/custom_function_bridge.cpp
/splitterino/node_modules/node-sass/src/custom_importer_bridge.h
/splitterino/node_modules/node-sass/src/libsass/src/bind.cpp
/splitterino/node_modules/nan/nan_json.h
/splitterino/node_modules/node-sass/src/libsass/src/eval.hpp
/splitterino/node_modules/nan/nan_converters.h
/splitterino/node_modules/node-sass/src/libsass/src/backtrace.cpp
/splitterino/node_modules/node-sass/src/libsass/src/extend.cpp
/splitterino/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/splitterino/node_modules/node-sass/src/libsass/src/error_handling.cpp
/splitterino/node_modules/node-sass/src/libsass/src/emitter.cpp
/splitterino/node_modules/node-sass/src/sass_types/number.cpp
/splitterino/node_modules/node-sass/src/sass_types/color.h
/splitterino/node_modules/nan/nan_new.h
/splitterino/node_modules/node-sass/src/libsass/src/sass_values.cpp
/splitterino/node_modules/node-sass/src/libsass/src/ast.hpp
/splitterino/node_modules/node-sass/src/libsass/src/output.cpp
/splitterino/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/splitterino/node_modules/node-sass/src/sass_types/null.cpp
/splitterino/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/splitterino/node_modules/node-sass/src/libsass/src/cssize.hpp
/splitterino/node_modules/node-sass/src/libsass/src/ast.cpp
/splitterino/node_modules/node-sass/src/libsass/src/to_c.cpp
/splitterino/node_modules/node-sass/src/libsass/src/to_value.hpp
/splitterino/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/splitterino/node_modules/nan/nan_callbacks.h
/splitterino/node_modules/node-sass/src/libsass/src/inspect.hpp
/splitterino/node_modules/node-sass/src/sass_types/color.cpp
/splitterino/node_modules/node-sass/src/libsass/src/values.cpp
/splitterino/node_modules/node-sass/src/sass_types/list.h
/splitterino/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/splitterino/node_modules/nan/nan_define_own_property_helper.h
/splitterino/node_modules/js-base64/test/./es5.js
/splitterino/node_modules/node-sass/src/sass_types/map.cpp
/splitterino/node_modules/node-sass/src/libsass/src/to_value.cpp
/splitterino/node_modules/node-sass/src/libsass/src/context.cpp
/splitterino/node_modules/node-sass/src/sass_types/string.cpp
/splitterino/node_modules/node-sass/src/libsass/src/sass_context.cpp
/splitterino/node_modules/node-sass/src/libsass/src/prelexer.hpp
/splitterino/node_modules/node-sass/src/libsass/src/context.hpp
/splitterino/node_modules/node-sass/src/sass_types/boolean.h
/splitterino/node_modules/nan/nan_private.h
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11698
CVSS 3 Score Details (8.1 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11698
Release Date: 2019-08-06
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
CVE-2020-7656 - Medium Severity Vulnerability
Vulnerable Library - jquery-1.7.2.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to dependency file: /tmp/ws-scm/splitterino/node_modules/jmespath/index.html
Path to vulnerable library: /splitterino/node_modules/jmespath/index.html
Dependency Hierarchy:
❌ jquery-1.7.2.min.js (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
Publish Date: 2020-05-19
URL: CVE-2020-7656
CVSS 3 Score Details (6.1 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Impact Metrics:
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7656
Release Date: 2020-05-19
Fix Resolution: 1.9.0b1
Step up your Open Source Security Game with WhiteSource here
Add option to use a custom target time
CVE-2018-19797 - Medium Severity Vulnerability
Vulnerable Libraries -
Vulnerability Details
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.
Publish Date: 2018-12-03
URL: CVE-2018-19797
CVSS 3 Score Details (6.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19797
Release Date: 2019-09-01
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
Extract the Vue-Part and put it into own repository.
This repository will then be used for the desktop-wrapper.
CVE-2018-11499 - High Severity Vulnerability
Vulnerable Libraries -
Vulnerability Details
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.
Publish Date: 2018-05-26
URL: CVE-2018-11499
CVSS 3 Score Details (9.8 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11499
Release Date: 2018-05-26
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
CVE-2018-11695 - High Severity Vulnerability
Vulnerable Library - opennmsopennms-source-24.1.2-1
A Java based fault and performance management system
Library home page: https://sourceforge.net/projects/opennms/
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Library Source Files (12)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
/splitterino/node_modules/node-sass/src/libsass/src/util.hpp
/splitterino/node_modules/node-sass/src/libsass/src/cssize.cpp
/splitterino/node_modules/node-sass/src/sass_context_wrapper.cpp
/splitterino/node_modules/node-sass/src/libsass/src/functions.cpp
/splitterino/node_modules/node-sass/src/libsass/src/expand.cpp
/splitterino/node_modules/node-sass/src/libsass/src/prelexer.cpp
/splitterino/node_modules/node-sass/src/callback_bridge.h
/splitterino/node_modules/node-sass/src/libsass/src/sass.cpp
/splitterino/node_modules/node-sass/src/sass_context_wrapper.h
/splitterino/node_modules/node-sass/src/libsass/src/parser.hpp
/splitterino/node_modules/node-sass/src/libsass/src/eval.cpp
/splitterino/node_modules/node-sass/src/libsass/src/debugger.hpp
Vulnerability Details
An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11695
CVSS 3 Score Details (8.8 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11695
Release Date: 2018-06-04
Fix Resolution: LibSass - 3.6.0;node-sass - 4.13.1
Step up your Open Source Security Game with WhiteSource here
WS-2019-0424 - Medium Severity Vulnerability
Vulnerable Library - elliptic-6.5.2.tgz
EC cryptography
Library home page: https://registry.npmjs.org/elliptic/-/elliptic-6.5.2.tgz
Path to dependency file: /tmp/ws-scm/splitterino/package.json
Path to vulnerable library: /tmp/ws-scm/splitterino/node_modules/elliptic/package.json
Dependency Hierarchy:
cli-plugin-babel-4.4.1.tgz (Root Library)
webpack-4.43.0.tgz
node-libs-browser-2.2.1.tgz
crypto-browserify-3.12.0.tgz
browserify-sign-4.2.0.tgz
❌ elliptic-6.5.2.tgz (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
all versions of elliptic are vulnerable to Timing Attack through side-channels.
Publish Date: 2019-11-13
URL: WS-2019-0424
CVSS 3 Score Details (5.9 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Adjacent
Attack Complexity: High
Privileges Required: None
User Interaction: None
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: Low
Integrity Impact: High
Availability Impact: None
For more information on CVSS3 Scores, click here .
Step up your Open Source Security Game with WhiteSource here
CVE-2018-20821 - Medium Severity Vulnerability
Vulnerable Libraries - node-sass-4.14.1.tgz
node-sass-4.14.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz
Path to dependency file: /tmp/ws-scm/splitterino/package.json
Path to vulnerable library: /splitterino/node_modules/node-sass/package.json
Dependency Hierarchy:
❌ node-sass-4.14.1.tgz (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).
Publish Date: 2019-04-23
URL: CVE-2018-20821
CVSS 3 Score Details (6.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20821
Release Date: 2019-04-23
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
CVE-2019-6284 - Medium Severity Vulnerability
Vulnerable Libraries - node-sass-4.14.1.tgz
node-sass-4.14.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz
Path to dependency file: /tmp/ws-scm/splitterino/package.json
Path to vulnerable library: /splitterino/node_modules/node-sass/package.json
Dependency Hierarchy:
❌ node-sass-4.14.1.tgz (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.
Publish Date: 2019-01-14
URL: CVE-2019-6284
CVSS 3 Score Details (6.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6284
Release Date: 2019-08-06
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
CVE-2018-19839 - Medium Severity Vulnerability
Vulnerable Library - CSS::Sassv3.4.11
Library home page: https://metacpan.org/pod/CSS::Sass
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Library Source Files (60)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
/splitterino/node_modules/node-sass/src/libsass/src/color_maps.cpp
/splitterino/node_modules/node-sass/src/libsass/src/sass_util.hpp
/splitterino/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/splitterino/node_modules/node-sass/src/libsass/src/output.hpp
/splitterino/node_modules/node-sass/src/libsass/src/b64/cencode.h
/splitterino/node_modules/node-sass/src/libsass/src/source_map.cpp
/splitterino/node_modules/node-sass/src/libsass/src/lexer.cpp
/splitterino/node_modules/node-sass/src/libsass/src/utf8.h
/splitterino/node_modules/node-sass/src/libsass/test/test_node.cpp
/splitterino/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/splitterino/node_modules/node-sass/src/libsass/src/plugins.cpp
/splitterino/node_modules/node-sass/src/libsass/src/node.hpp
/splitterino/node_modules/node-sass/src/libsass/include/sass/base.h
/splitterino/node_modules/node-sass/src/libsass/src/json.hpp
/splitterino/node_modules/node-sass/src/libsass/src/environment.cpp
/splitterino/node_modules/node-sass/src/libsass/src/position.hpp
/splitterino/node_modules/node-sass/src/libsass/src/extend.hpp
/splitterino/node_modules/node-sass/src/libsass/src/subset_map.hpp
/splitterino/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/splitterino/node_modules/node-sass/src/libsass/src/sass_context.hpp
/splitterino/node_modules/node-sass/src/libsass/src/sass.hpp
/splitterino/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/splitterino/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/splitterino/node_modules/node-sass/src/libsass/src/utf8/core.h
/splitterino/node_modules/node-sass/src/libsass/include/sass/functions.h
/splitterino/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/splitterino/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/splitterino/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/splitterino/node_modules/node-sass/src/libsass/src/node.cpp
/splitterino/node_modules/node-sass/src/libsass/src/subset_map.cpp
/splitterino/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/splitterino/node_modules/node-sass/src/libsass/src/listize.cpp
/splitterino/node_modules/node-sass/src/libsass/src/c99func.c
/splitterino/node_modules/node-sass/src/libsass/src/position.cpp
/splitterino/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/splitterino/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/splitterino/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/splitterino/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/splitterino/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/splitterino/node_modules/node-sass/src/libsass/src/paths.hpp
/splitterino/node_modules/node-sass/src/libsass/include/sass/context.h
/splitterino/node_modules/node-sass/src/libsass/src/color_maps.hpp
/splitterino/node_modules/node-sass/src/libsass/test/test_unification.cpp
/splitterino/node_modules/node-sass/src/libsass/src/sass_util.cpp
/splitterino/node_modules/node-sass/src/libsass/script/test-leaks.pl
/splitterino/node_modules/node-sass/src/libsass/src/source_map.hpp
/splitterino/node_modules/node-sass/src/libsass/src/lexer.hpp
/splitterino/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/splitterino/node_modules/node-sass/src/libsass/src/json.cpp
/splitterino/node_modules/node-sass/src/libsass/src/units.cpp
/splitterino/node_modules/node-sass/src/libsass/src/to_c.hpp
/splitterino/node_modules/node-sass/src/libsass/src/units.hpp
/splitterino/node_modules/node-sass/src/libsass/src/b64/encode.h
/splitterino/node_modules/node-sass/src/libsass/src/file.hpp
/splitterino/node_modules/node-sass/src/libsass/src/environment.hpp
/splitterino/node_modules/node-sass/src/libsass/src/utf8/checked.h
/splitterino/node_modules/node-sass/src/libsass/src/plugins.hpp
/splitterino/node_modules/node-sass/src/libsass/src/listize.hpp
/splitterino/node_modules/node-sass/src/libsass/src/debug.hpp
/splitterino/node_modules/node-sass/src/libsass/include/sass2scss.h
Vulnerability Details
In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.
Publish Date: 2018-12-04
URL: CVE-2018-19839
CVSS 3 Score Details (6.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19839
Release Date: 2020-03-20
Fix Resolution: LibSass - 3.5.5
Step up your Open Source Security Game with WhiteSource here
CVE-2015-9251 - Medium Severity Vulnerability
Vulnerable Libraries - jquery-1.7.2.min.js , jquery-2.1.4.min.js
jquery-1.7.2.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to dependency file: /tmp/ws-scm/splitterino/node_modules/jmespath/index.html
Path to vulnerable library: /splitterino/node_modules/jmespath/index.html
Dependency Hierarchy:
❌ jquery-1.7.2.min.js (Vulnerable Library)
jquery-2.1.4.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/splitterino/node_modules/js-base64/.attic/test-moment/index.html
Path to vulnerable library: /splitterino/node_modules/js-base64/.attic/test-moment/index.html
Dependency Hierarchy:
❌ jquery-2.1.4.min.js (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
CVSS 3 Score Details (6.1 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Impact Metrics:
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - v3.0.0
Step up your Open Source Security Game with WhiteSource here
CVE-2018-19838 - Medium Severity Vulnerability
Vulnerable Library - opennmsopennms-source-22.0.1-1
A Java based fault and performance management system
Library home page: https://sourceforge.net/projects/opennms/
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Library Source Files (64)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
/splitterino/node_modules/console-browserify/test/static/test-adapter.js
/splitterino/node_modules/nan/nan_callbacks_pre_12_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/expand.hpp
/splitterino/node_modules/node-sass/src/sass_types/factory.cpp
/splitterino/node_modules/js-base64/.attic/test-moment/./yoshinoya.js
/splitterino/node_modules/node-sass/src/sass_types/boolean.cpp
/splitterino/node_modules/node-sass/src/sass_types/value.h
/splitterino/node_modules/node-sass/src/libsass/src/emitter.hpp
/splitterino/node_modules/nan/nan_converters_pre_43_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/file.cpp
/splitterino/node_modules/nan/nan_persistent_12_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/operation.hpp
/splitterino/node_modules/nan/nan_persistent_pre_12_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/operators.hpp
/splitterino/node_modules/node-sass/src/libsass/src/constants.hpp
/splitterino/node_modules/node-sass/src/libsass/src/error_handling.hpp
/splitterino/node_modules/nan/nan_implementation_pre_12_inl.h
/splitterino/node_modules/js-base64/.attic/test-moment/./dankogai.js
/splitterino/node_modules/node-sass/src/libsass/src/constants.cpp
/splitterino/node_modules/node-sass/src/sass_types/list.cpp
/splitterino/node_modules/node-sass/src/libsass/src/functions.hpp
/splitterino/node_modules/node-sass/src/libsass/src/util.cpp
/splitterino/node_modules/node-sass/src/custom_function_bridge.cpp
/splitterino/node_modules/node-sass/src/custom_importer_bridge.h
/splitterino/node_modules/node-sass/src/libsass/src/bind.cpp
/splitterino/node_modules/nan/nan_json.h
/splitterino/node_modules/node-sass/src/libsass/src/eval.hpp
/splitterino/node_modules/nan/nan_converters.h
/splitterino/node_modules/node-sass/src/libsass/src/backtrace.cpp
/splitterino/node_modules/node-sass/src/libsass/src/extend.cpp
/splitterino/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/splitterino/node_modules/node-sass/src/libsass/src/error_handling.cpp
/splitterino/node_modules/node-sass/src/libsass/src/emitter.cpp
/splitterino/node_modules/node-sass/src/sass_types/number.cpp
/splitterino/node_modules/node-sass/src/sass_types/color.h
/splitterino/node_modules/nan/nan_new.h
/splitterino/node_modules/node-sass/src/libsass/src/sass_values.cpp
/splitterino/node_modules/node-sass/src/libsass/src/ast.hpp
/splitterino/node_modules/node-sass/src/libsass/src/output.cpp
/splitterino/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/splitterino/node_modules/node-sass/src/sass_types/null.cpp
/splitterino/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/splitterino/node_modules/node-sass/src/libsass/src/cssize.hpp
/splitterino/node_modules/node-sass/src/libsass/src/ast.cpp
/splitterino/node_modules/node-sass/src/libsass/src/to_c.cpp
/splitterino/node_modules/node-sass/src/libsass/src/to_value.hpp
/splitterino/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/splitterino/node_modules/nan/nan_callbacks.h
/splitterino/node_modules/node-sass/src/libsass/src/inspect.hpp
/splitterino/node_modules/node-sass/src/sass_types/color.cpp
/splitterino/node_modules/node-sass/src/libsass/src/values.cpp
/splitterino/node_modules/node-sass/src/sass_types/list.h
/splitterino/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/splitterino/node_modules/nan/nan_define_own_property_helper.h
/splitterino/node_modules/js-base64/test/./es5.js
/splitterino/node_modules/node-sass/src/sass_types/map.cpp
/splitterino/node_modules/node-sass/src/libsass/src/to_value.cpp
/splitterino/node_modules/node-sass/src/libsass/src/context.cpp
/splitterino/node_modules/node-sass/src/sass_types/string.cpp
/splitterino/node_modules/node-sass/src/libsass/src/sass_context.cpp
/splitterino/node_modules/node-sass/src/libsass/src/prelexer.hpp
/splitterino/node_modules/node-sass/src/libsass/src/context.hpp
/splitterino/node_modules/node-sass/src/sass_types/boolean.h
/splitterino/node_modules/nan/nan_private.h
Vulnerability Details
In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().
Publish Date: 2018-12-04
URL: CVE-2018-19838
CVSS 3 Score Details (6.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://github.com/sass/libsass/blob/3.6.0/src/ast.cpp
Release Date: 2019-07-01
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
CVE-2020-11022 - Medium Severity Vulnerability
Vulnerable Libraries - jquery-3.4.0.min.js , jquery-1.7.2.min.js , jquery-2.1.4.min.js
jquery-3.4.0.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.0/jquery.min.js
Path to dependency file: /tmp/ws-scm/splitterino/node_modules/js-base64/test/index.html
Path to vulnerable library: /splitterino/node_modules/js-base64/test/index.html
Dependency Hierarchy:
❌ jquery-3.4.0.min.js (Vulnerable Library)
jquery-1.7.2.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to dependency file: /tmp/ws-scm/splitterino/node_modules/jmespath/index.html
Path to vulnerable library: /splitterino/node_modules/jmespath/index.html
Dependency Hierarchy:
❌ jquery-1.7.2.min.js (Vulnerable Library)
jquery-2.1.4.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/splitterino/node_modules/js-base64/.attic/test-moment/index.html
Path to vulnerable library: /splitterino/node_modules/js-base64/.attic/test-moment/index.html
Dependency Hierarchy:
❌ jquery-2.1.4.min.js (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
CVSS 3 Score Details (6.1 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Impact Metrics:
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
CVE-2018-20822 - Medium Severity Vulnerability
Vulnerable Library - opennmsopennms-source-22.0.1-1
A Java based fault and performance management system
Library home page: https://sourceforge.net/projects/opennms/
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Library Source Files (64)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
/splitterino/node_modules/console-browserify/test/static/test-adapter.js
/splitterino/node_modules/nan/nan_callbacks_pre_12_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/expand.hpp
/splitterino/node_modules/node-sass/src/sass_types/factory.cpp
/splitterino/node_modules/js-base64/.attic/test-moment/./yoshinoya.js
/splitterino/node_modules/node-sass/src/sass_types/boolean.cpp
/splitterino/node_modules/node-sass/src/sass_types/value.h
/splitterino/node_modules/node-sass/src/libsass/src/emitter.hpp
/splitterino/node_modules/nan/nan_converters_pre_43_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/file.cpp
/splitterino/node_modules/nan/nan_persistent_12_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/operation.hpp
/splitterino/node_modules/nan/nan_persistent_pre_12_inl.h
/splitterino/node_modules/node-sass/src/libsass/src/operators.hpp
/splitterino/node_modules/node-sass/src/libsass/src/constants.hpp
/splitterino/node_modules/node-sass/src/libsass/src/error_handling.hpp
/splitterino/node_modules/nan/nan_implementation_pre_12_inl.h
/splitterino/node_modules/js-base64/.attic/test-moment/./dankogai.js
/splitterino/node_modules/node-sass/src/libsass/src/constants.cpp
/splitterino/node_modules/node-sass/src/sass_types/list.cpp
/splitterino/node_modules/node-sass/src/libsass/src/functions.hpp
/splitterino/node_modules/node-sass/src/libsass/src/util.cpp
/splitterino/node_modules/node-sass/src/custom_function_bridge.cpp
/splitterino/node_modules/node-sass/src/custom_importer_bridge.h
/splitterino/node_modules/node-sass/src/libsass/src/bind.cpp
/splitterino/node_modules/nan/nan_json.h
/splitterino/node_modules/node-sass/src/libsass/src/eval.hpp
/splitterino/node_modules/nan/nan_converters.h
/splitterino/node_modules/node-sass/src/libsass/src/backtrace.cpp
/splitterino/node_modules/node-sass/src/libsass/src/extend.cpp
/splitterino/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/splitterino/node_modules/node-sass/src/libsass/src/error_handling.cpp
/splitterino/node_modules/node-sass/src/libsass/src/emitter.cpp
/splitterino/node_modules/node-sass/src/sass_types/number.cpp
/splitterino/node_modules/node-sass/src/sass_types/color.h
/splitterino/node_modules/nan/nan_new.h
/splitterino/node_modules/node-sass/src/libsass/src/sass_values.cpp
/splitterino/node_modules/node-sass/src/libsass/src/ast.hpp
/splitterino/node_modules/node-sass/src/libsass/src/output.cpp
/splitterino/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/splitterino/node_modules/node-sass/src/sass_types/null.cpp
/splitterino/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/splitterino/node_modules/node-sass/src/libsass/src/cssize.hpp
/splitterino/node_modules/node-sass/src/libsass/src/ast.cpp
/splitterino/node_modules/node-sass/src/libsass/src/to_c.cpp
/splitterino/node_modules/node-sass/src/libsass/src/to_value.hpp
/splitterino/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/splitterino/node_modules/nan/nan_callbacks.h
/splitterino/node_modules/node-sass/src/libsass/src/inspect.hpp
/splitterino/node_modules/node-sass/src/sass_types/color.cpp
/splitterino/node_modules/node-sass/src/libsass/src/values.cpp
/splitterino/node_modules/node-sass/src/sass_types/list.h
/splitterino/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/splitterino/node_modules/nan/nan_define_own_property_helper.h
/splitterino/node_modules/js-base64/test/./es5.js
/splitterino/node_modules/node-sass/src/sass_types/map.cpp
/splitterino/node_modules/node-sass/src/libsass/src/to_value.cpp
/splitterino/node_modules/node-sass/src/libsass/src/context.cpp
/splitterino/node_modules/node-sass/src/sass_types/string.cpp
/splitterino/node_modules/node-sass/src/libsass/src/sass_context.cpp
/splitterino/node_modules/node-sass/src/libsass/src/prelexer.hpp
/splitterino/node_modules/node-sass/src/libsass/src/context.hpp
/splitterino/node_modules/node-sass/src/sass_types/boolean.h
/splitterino/node_modules/nan/nan_private.h
Vulnerability Details
LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).
Publish Date: 2019-04-23
URL: CVE-2018-20822
CVSS 3 Score Details (6.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20822
Release Date: 2019-08-06
Fix Resolution: LibSass - 3.6.0;node-sass - 4.13.1
Step up your Open Source Security Game with WhiteSource here
CVE-2019-11358 - Medium Severity Vulnerability
Vulnerable Library - jquery-2.1.4.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/splitterino/node_modules/js-base64/.attic/test-moment/index.html
Path to vulnerable library: /splitterino/node_modules/js-base64/.attic/test-moment/index.html
Dependency Hierarchy:
❌ jquery-2.1.4.min.js (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
CVSS 3 Score Details (6.1 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Impact Metrics:
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: 3.4.0
Step up your Open Source Security Game with WhiteSource here
CVE-2020-7598 - Medium Severity Vulnerability
Vulnerable Library - minimist-0.0.10.tgz
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.10.tgz
Path to dependency file: /tmp/ws-scm/splitterino/package.json
Path to vulnerable library: /tmp/ws-scm/splitterino/node_modules/optimist/node_modules/minimist/package.json
Dependency Hierarchy:
optimist-0.6.1.tgz (Root Library)
❌ minimist-0.0.10.tgz (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto " payload.
Publish Date: 2020-03-11
URL: CVE-2020-7598
CVSS 3 Score Details (5.6 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: None
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: Low
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94
Release Date: 2020-03-11
Fix Resolution: minimist - 0.2.1,1.2.3
Step up your Open Source Security Game with WhiteSource here
CVE-2018-19827 - High Severity Vulnerability
Vulnerable Libraries -
Vulnerability Details
In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-12-03
URL: CVE-2018-19827
CVSS 3 Score Details (8.8 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: sass/libsass#2784
Release Date: 2019-08-29
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
Fix current Splitting
Fix Split pausing and timing issues
General Styles for everything
CVE-2019-18797 - Medium Severity Vulnerability
Vulnerable Library - opennmsopennms-source-24.1.2-1
A Java based fault and performance management system
Library home page: https://sourceforge.net/projects/opennms/
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Library Source Files (12)
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
/splitterino/node_modules/node-sass/src/libsass/src/util.hpp
/splitterino/node_modules/node-sass/src/libsass/src/cssize.cpp
/splitterino/node_modules/node-sass/src/sass_context_wrapper.cpp
/splitterino/node_modules/node-sass/src/libsass/src/functions.cpp
/splitterino/node_modules/node-sass/src/libsass/src/expand.cpp
/splitterino/node_modules/node-sass/src/libsass/src/prelexer.cpp
/splitterino/node_modules/node-sass/src/callback_bridge.h
/splitterino/node_modules/node-sass/src/libsass/src/sass.cpp
/splitterino/node_modules/node-sass/src/sass_context_wrapper.h
/splitterino/node_modules/node-sass/src/libsass/src/parser.hpp
/splitterino/node_modules/node-sass/src/libsass/src/eval.cpp
/splitterino/node_modules/node-sass/src/libsass/src/debugger.hpp
Vulnerability Details
LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.
Publish Date: 2019-11-06
URL: CVE-2019-18797
CVSS 3 Score Details (6.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18797
Release Date: 2019-11-06
Fix Resolution: LibSass - 3.6.3
Step up your Open Source Security Game with WhiteSource here
Add support for start delay
CVE-2019-6286 - Medium Severity Vulnerability
Vulnerable Libraries - node-sass-4.14.1.tgz
node-sass-4.14.1.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz
Path to dependency file: /tmp/ws-scm/splitterino/package.json
Path to vulnerable library: /splitterino/node_modules/node-sass/package.json
Dependency Hierarchy:
❌ node-sass-4.14.1.tgz (Vulnerable Library)
Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121
Vulnerability Details
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693 .
Publish Date: 2019-01-14
URL: CVE-2019-6286
CVSS 3 Score Details (6.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6286
Release Date: 2019-08-06
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
Modal/Popup for settings and configuration
Move away from Electron as the app is getting too complicated with electron while it can be easily solved via nwjs.
Should save up a lot of issues and clear some of the current one.
CVE-2018-20190 - Medium Severity Vulnerability
Vulnerable Libraries -
Vulnerability Details
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.
Publish Date: 2018-12-17
URL: CVE-2018-20190
CVSS 3 Score Details (6.5 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: High
For more information on CVSS3 Scores, click here .
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20190
Release Date: 2018-12-17
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here