scriptex / introscroll Goto Github PK

View Code? Open in Web Editor NEW

5.0 3.0 1.0 1.37 MB

Fullwidth and Fullheight intro section

Home Page: https://intro-scroll.atanas.info/

License: MIT License

JavaScript 100.00%

single-scroll page-scroll swipe-to-scroll

introscroll's Introduction

IntroScroll

Create a fullscreen intro section and dismiss it in a single gesture.

See the demo here

Visitor stats

Code stats

Description

This library creates a fullscreen intro section and disables the default page scroll.

The page scroll is being enabled again after a single mouse scroll, touch swipe up or any gesture that forces the page to move upwards.

Install

npm i introscroll

yarn add introscroll

just download this repository and link the files located in dist folder

or include it from unpkg.com

<script src="https://unpkg.com/introscroll"></script>

Then

import IntroScroll from 'introscroll';

and initialize an instance using default settings

const intro = new IntroScroll();

or add your own settings

const intro = new IntroScroll({
	element: '#your-fullscreen-section',
	wrapper: '#your-fullscreen-sections-wrapper',
	container: '#your-fullscreen-sections-container',
	trigger: '#your-fullscreen-sections-link',
	scrollClass: 'intro--scrolled',
	duration: 1000,
	afterScroll(instance) {
		console.log(instance.element);
	}
});

For more details please see the demo.

LICENSE

MIT

Connect with me:

Support and sponsor my work:

introscroll's People

Contributors

Stargazers

Watchers

Forkers

delta94

introscroll's Issues

CVE-2021-44906 (Medium) detected in minimist-1.2.5.tgz

CVE-2021-44906 - Medium Severity Vulnerability

Vulnerable Library - minimist-1.2.5.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/minimist/package.json

Dependency Hierarchy:

babel-minify-0.5.1.tgz (Root Library)
- mkdirp-0.5.5.tgz
  - ❌ minimist-1.2.5.tgz (Vulnerable Library)

Found in HEAD commit: 064ab45b20baf60c389300a1bbaa1c3f4a239871

Vulnerability Details

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

Publish Date: 2022-03-17

URL: CVE-2021-44906

CVSS 3 Score Details (5.0)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-44906

Release Date: 2022-03-17

Fix Resolution: BumperLane.Public.Service.Contracts - 0.23.35.214-prerelease;cloudscribe.templates - 5.2.0;Virteom.Tenant.Mobile.Bluetooth - 0.21.29.159-prerelease;ShowingVault.DotNet.Sdk - 0.13.41.190-prerelease;Envisia.DotNet.Templates - 3.0.1;Yarnpkg.Yarn - 0.26.1;Virteom.Tenant.Mobile.Framework.UWP - 0.20.41.103-prerelease;Virteom.Tenant.Mobile.Framework.iOS - 0.20.41.103-prerelease;BumperLane.Public.Api.V2.ClientModule - 0.23.35.214-prerelease;VueJS.NetCore - 1.1.1;Dianoga - 4.0.0,3.0.0-RC02;Virteom.Tenant.Mobile.Bluetooth.iOS - 0.20.41.103-prerelease;Virteom.Public.Utilities - 0.23.37.212-prerelease;Indianadavy.VueJsWebAPITemplate.CSharp - 1.0.1;NorDroN.AngularTemplate - 0.1.6;Virteom.Tenant.Mobile.Framework - 0.21.29.159-prerelease;Virteom.Tenant.Mobile.Bluetooth.Android - 0.20.41.103-prerelease;z4a-dotnet-scaffold - 1.0.0.2;Raml.Parser - 1.0.7;CoreVueWebTest - 3.0.101;dotnetng.template - 1.0.0.4;SitecoreMaster.TrueDynamicPlaceholders - 1.0.3;Virteom.Tenant.Mobile.Framework.Android - 0.20.41.103-prerelease;Fable.Template.Elmish.React - 0.1.6;BlazorPolyfill.Build - 6.0.100.2;Fable.Snowpack.Template - 2.1.0;BumperLane.Public.Api.Client - 0.23.35.214-prerelease;Yarn.MSBuild - 0.22.0,0.24.6;Blazor.TailwindCSS.BUnit - 1.0.2;Bridge.AWS - 0.3.30.36;tslint - 5.6.0;SAFE.Template - 3.0.1;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105

Step up your Open Source Security Game with WhiteSource here

CVE-2021-23343 (Medium) detected in path-parse-1.0.6.tgz

CVE-2021-23343 - Medium Severity Vulnerability

Vulnerable Library - path-parse-1.0.6.tgz

Node.js path.parse() ponyfill

Library home page: https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz

Path to dependency file: IntroScroll/package.json

Path to vulnerable library: IntroScroll/node_modules/path-parse

Dependency Hierarchy:

babel-minify-0.5.1.tgz (Root Library)
- core-7.11.5.tgz
  - resolve-1.17.0.tgz
    - ❌ path-parse-1.0.6.tgz (Vulnerable Library)

Found in HEAD commit: 878ca1b1cdf684152786f3ed3d10b247b0dddc0e

Found in base branch: master

Vulnerability Details

All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.

Publish Date: 2021-05-04

URL: CVE-2021-23343

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

WS-2016-0090 (Medium) detected in jquery-1.11.1.min.js, jquery-1.12.4.min.js

WS-2016-0090 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-1.11.1.min.js, jquery-1.12.4.min.js

jquery-1.11.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/IntroScroll/node_modules/@babel/compat-data/build/compat-table/es2016plus/compiler-skeleton.html

Path to vulnerable library: /IntroScroll/node_modules/@babel/compat-data/build/compat-table/es2016plus/compiler-skeleton.html

Dependency Hierarchy:

❌ jquery-1.11.1.min.js (Vulnerable Library)

jquery-1.12.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/IntroScroll/node_modules/@babel/compat-data/build/compat-table/es5/skeleton.html

Path to vulnerable library: /IntroScroll/node_modules/@babel/compat-data/build/compat-table/es5/skeleton.html,/IntroScroll/node_modules/@babel/compat-data/build/compat-table/esintl/index.html

Dependency Hierarchy:

❌ jquery-1.12.4.min.js (Vulnerable Library)

Found in HEAD commit: 02e7a6e26516b088b92a9751663aca73b8c9516a

Vulnerability Details

JQuery, before 2.2.0, is vulnerable to Cross-site Scripting (XSS) attacks via text/javascript response with arbitrary code execution.

Publish Date: 2016-11-27

URL: WS-2016-0090

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: jquery/jquery@b078a62

Release Date: 2019-04-08

Fix Resolution: 2.2.0

Step up your Open Source Security Game with WhiteSource here

CVE-2021-23364 (Medium) detected in browserslist-4.16.3.tgz

CVE-2021-23364 - Medium Severity Vulnerability

Vulnerable Library - browserslist-4.16.3.tgz

Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset

Library home page: https://registry.npmjs.org/browserslist/-/browserslist-4.16.3.tgz

Path to dependency file: IntroScroll/package.json

Path to vulnerable library: IntroScroll/node_modules/browserslist/package.json

Dependency Hierarchy:

core-7.13.15.tgz (Root Library)
- helper-compilation-targets-7.13.13.tgz
  - ❌ browserslist-4.16.3.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.

Publish Date: 2021-04-28

URL: CVE-2021-23364

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23364

Release Date: 2021-04-28

Fix Resolution: browserslist - 4.16.5

Step up your Open Source Security Game with WhiteSource here

Dependency Dashboard

This issue provides visibility into Renovate updates and their statuses. Learn more

This repository currently has no open or pending branches.

Check this box to trigger a request for Renovate to run again on this repository

CVE-2021-23337 (High) detected in lodash-4.17.20.tgz

CVE-2021-23337 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.20.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz

Path to dependency file: IntroScroll/package.json

Path to vulnerable library: IntroScroll/node_modules/lodash/package.json

Dependency Hierarchy:

@babel/cli-7.12.17.tgz (Root Library)
- ❌ lodash-4.17.20.tgz (Vulnerable Library)

Found in HEAD commit: 58c56387c7720b07fabaa5e5b3e714b4cfcc6185

Vulnerability Details

All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Command Injection via template.

Publish Date: 2021-02-15

URL: CVE-2021-23337

CVSS 3 Score Details (7.2)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Export using UMD

Use Webpack to build and export for all environments using the UMD pattern

WS-2020-0070 (High) detected in lodash-4.17.15.tgz

WS-2020-0070 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.15.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz

Path to dependency file: /tmp/ws-scm/IntroScroll/package.json

Path to vulnerable library: /tmp/ws-scm/IntroScroll/node_modules/lodash/package.json

Dependency Hierarchy:

@babel/cli-7.10.0.tgz (Root Library)
- ❌ lodash-4.17.15.tgz (Vulnerable Library)

Found in HEAD commit: d348a74b5a6d34635f03f897d75e7c7006a7a91b

Vulnerability Details

a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype

Publish Date: 2020-04-28

URL: WS-2020-0070

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Action required: Greenkeeper could not be activated 🚨

🚨 You need to enable Continuous Integration on all branches of this repository. 🚨

To enable Greenkeeper, you need to make sure that a commit status is reported on all branches. This is required by Greenkeeper because it uses your CI build statuses to figure out when to notify you about breaking changes.

Since we didn’t receive a CI status on the greenkeeper/initial branch, it’s possible that you don’t have CI set up yet. We recommend using Travis CI, but Greenkeeper will work with every other CI service as well.

If you have already set up a CI for this repository, you might need to check how it’s configured. Make sure it is set to run on all new branches. If you don’t want it to run on absolutely every branch, you can whitelist branches starting with greenkeeper/.

Once you have installed and configured CI on this repository correctly, you’ll need to re-trigger Greenkeeper’s initial pull request. To do this, please delete the greenkeeper/initial branch in this repository, and then remove and re-add this repository to the Greenkeeper App’s white list on Github. You'll find this list on your repo or organization’s settings page, under Installed GitHub Apps.

CVE-2020-28500 (Medium) detected in lodash-4.17.20.tgz

CVE-2020-28500 - Medium Severity Vulnerability

Vulnerable Library - lodash-4.17.20.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz

Path to dependency file: IntroScroll/package.json

Path to vulnerable library: IntroScroll/node_modules/lodash/package.json

Dependency Hierarchy:

@babel/cli-7.12.17.tgz (Root Library)
- ❌ lodash-4.17.20.tgz (Vulnerable Library)

Found in HEAD commit: 58c56387c7720b07fabaa5e5b3e714b4cfcc6185

Vulnerability Details

All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. Steps to reproduce (provided by reporter Liyuan Chen): var lo = require('lodash'); function build_blank (n) { var ret = "1" for (var i = 0; i < n; i++) { ret += " " } return ret + "1"; } var s = build_blank(50000) var time0 = Date.now(); lo.trim(s) var time_cost0 = Date.now() - time0; console.log("time_cost0: " + time_cost0) var time1 = Date.now(); lo.toNumber(s) var time_cost1 = Date.now() - time1; console.log("time_cost1: " + time_cost1) var time2 = Date.now(); lo.trimEnd(s) var time_cost2 = Date.now() - time2; console.log("time_cost2: " + time_cost2)

Publish Date: 2021-02-15

URL: CVE-2020-28500

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2020-28469 (Medium) detected in glob-parent-5.1.1.tgz

CVE-2020-28469 - Medium Severity Vulnerability

Vulnerable Library - glob-parent-5.1.1.tgz

Extract the non-magic parent path from a glob string.

Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.1.tgz

Path to dependency file: IntroScroll/package.json

Path to vulnerable library: IntroScroll/node_modules/glob-parent

Dependency Hierarchy:

@babel/cli-7.14.5.tgz (Root Library)
- chokidar-3.4.3.tgz
  - ❌ glob-parent-5.1.1.tgz (Vulnerable Library)

Found in HEAD commit: 6610eec3f6dbb09de1bc14efdb978cccbec4274a

Found in base branch: master

Vulnerability Details

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.

Publish Date: 2021-06-03

URL: CVE-2020-28469

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28469

Release Date: 2021-06-03

Fix Resolution: glob-parent - 5.1.2

Step up your Open Source Security Game with WhiteSource here

CVE-2019-10744 (High) detected in lodash-4.17.11.tgz

CVE-2019-10744 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.11.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz

Path to dependency file: /IntroScroll/package.json

Path to vulnerable library: /tmp/git/IntroScroll/node_modules/lodash/package.json

Dependency Hierarchy:

@babel/cli-7.5.0.tgz (Root Library)
- ❌ lodash-4.17.11.tgz (Vulnerable Library)

Found in HEAD commit: c18cb102d1b5c8a7236a42bd0094903abc9dc75b

Vulnerability Details

A Prototype Pollution vulnerability was found in lodash through version 4.17.11.

Publish Date: 2019-07-08

URL: CVE-2019-10744

CVSS 2 Score Details (7.4)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: lodash/lodash@a01e4fa

Release Date: 2019-07-08

Fix Resolution: 4.17.12

Step up your Open Source Security Game with WhiteSource here

CVE-2019-20149 (Medium) detected in multiple libraries

CVE-2019-20149 - Medium Severity Vulnerability

Vulnerable Libraries - kind-of-3.2.2.tgz, kind-of-4.0.0.tgz, kind-of-5.1.0.tgz, kind-of-6.0.2.tgz

kind-of-3.2.2.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz

Path to dependency file: /tmp/ws-scm/IntroScroll/package.json

Path to vulnerable library: /tmp/ws-scm/IntroScroll/node_modules/is-number/node_modules/kind-of/package.json

Dependency Hierarchy:

@babel/cli-7.8.0.tgz (Root Library)
- chokidar-2.1.8.tgz
  - braces-2.3.2.tgz
    - fill-range-4.0.0.tgz
      - is-number-3.0.0.tgz
        
        ❌ kind-of-3.2.2.tgz (Vulnerable Library)

kind-of-4.0.0.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-4.0.0.tgz

Path to dependency file: /tmp/ws-scm/IntroScroll/package.json

Path to vulnerable library: /tmp/ws-scm/IntroScroll/node_modules/has-values/node_modules/kind-of/package.json

Dependency Hierarchy:

@babel/cli-7.8.0.tgz (Root Library)
- chokidar-2.1.8.tgz
  - braces-2.3.2.tgz
    - snapdragon-0.8.2.tgz
      - base-0.11.2.tgz
        
        cache-base-1.0.1.tgz
        
        has-value-1.0.0.tgz
        
        has-values-1.0.0.tgz
        
        ❌ kind-of-4.0.0.tgz (Vulnerable Library)

kind-of-5.1.0.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz

Path to dependency file: /tmp/ws-scm/IntroScroll/package.json

Path to vulnerable library: /tmp/ws-scm/IntroScroll/node_modules/is-descriptor/node_modules/kind-of/package.json

Dependency Hierarchy:

@babel/cli-7.8.0.tgz (Root Library)
- chokidar-2.1.8.tgz
  - braces-2.3.2.tgz
    - snapdragon-0.8.2.tgz
      - define-property-0.2.5.tgz
        
        is-descriptor-0.1.6.tgz
        
        ❌ kind-of-5.1.0.tgz (Vulnerable Library)

kind-of-6.0.2.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz

Path to dependency file: /tmp/ws-scm/IntroScroll/package.json

Path to vulnerable library: /tmp/ws-scm/IntroScroll/node_modules/kind-of/package.json

Dependency Hierarchy:

@babel/cli-7.8.0.tgz (Root Library)
- chokidar-2.1.8.tgz
  - anymatch-2.0.0.tgz
    - micromatch-3.1.10.tgz
      - ❌ kind-of-6.0.2.tgz (Vulnerable Library)

Found in HEAD commit: 1daca37520532c7b2a28ef62b7350152cfe014d2

Vulnerability Details

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.

Publish Date: 2019-12-30

URL: CVE-2019-20149

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

Action Required: Fix Renovate Configuration

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: undefined. Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.

CVE-2020-7608 (Medium) detected in yargs-parser-10.1.0.tgz

CVE-2020-7608 - Medium Severity Vulnerability

Vulnerable Library - yargs-parser-10.1.0.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-10.1.0.tgz

Path to dependency file: /tmp/ws-scm/IntroScroll/package.json

Path to vulnerable library: /tmp/ws-scm/IntroScroll/node_modules/yargs-parser/package.json

Dependency Hierarchy:

babel-minify-0.5.1.tgz (Root Library)
- ❌ yargs-parser-10.1.0.tgz (Vulnerable Library)

Found in HEAD commit: 89544a1e5a24c995ff50823f81ee6f4343b6da06

Vulnerability Details

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.

Publish Date: 2020-03-16

URL: CVE-2020-7608

CVSS 3 Score Details (5.0)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608

Release Date: 2020-03-16

Fix Resolution: v18.1.1;13.1.2;15.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2015-9251 (Medium) detected in jquery-1.11.1.min.js, jquery-1.12.4.min.js

CVE-2015-9251 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-1.11.1.min.js, jquery-1.12.4.min.js

jquery-1.11.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/IntroScroll/node_modules/@babel/compat-data/build/compat-table/es2016plus/compiler-skeleton.html

Path to vulnerable library: /IntroScroll/node_modules/@babel/compat-data/build/compat-table/es2016plus/compiler-skeleton.html

Dependency Hierarchy:

❌ jquery-1.11.1.min.js (Vulnerable Library)

jquery-1.12.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/IntroScroll/node_modules/@babel/compat-data/build/compat-table/es5/skeleton.html

Path to vulnerable library: /IntroScroll/node_modules/@babel/compat-data/build/compat-table/es5/skeleton.html,/IntroScroll/node_modules/@babel/compat-data/build/compat-table/esintl/index.html

Dependency Hierarchy:

❌ jquery-1.12.4.min.js (Vulnerable Library)

Found in HEAD commit: 02e7a6e26516b088b92a9751663aca73b8c9516a

Vulnerability Details

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Publish Date: 2018-01-18

URL: CVE-2015-9251

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251

Release Date: 2018-01-18

Fix Resolution: jQuery - v3.0.0

Step up your Open Source Security Game with WhiteSource here

WS-2021-0154 (Medium) detected in glob-parent-5.1.1.tgz

WS-2021-0154 - Medium Severity Vulnerability

Vulnerable Library - glob-parent-5.1.1.tgz

Extract the non-magic parent path from a glob string.

Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.1.tgz

Path to dependency file: IntroScroll/package.json

Path to vulnerable library: IntroScroll/node_modules/glob-parent

Dependency Hierarchy:

@babel/cli-7.14.5.tgz (Root Library)
- chokidar-3.4.3.tgz
  - ❌ glob-parent-5.1.1.tgz (Vulnerable Library)

Found in HEAD commit: 6610eec3f6dbb09de1bc14efdb978cccbec4274a

Found in base branch: master

Vulnerability Details

Regular Expression Denial of Service (ReDoS) vulnerability was found in glob-parent before 5.1.2.

Publish Date: 2021-01-27

URL: WS-2021-0154

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2

Release Date: 2021-01-27

Fix Resolution: glob-parent - 5.1.2

Step up your Open Source Security Game with WhiteSource here

CVE-2019-11358 (Medium) detected in jquery-1.11.1.min.js, jquery-1.12.4.min.js

CVE-2019-11358 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-1.11.1.min.js, jquery-1.12.4.min.js

jquery-1.11.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/IntroScroll/node_modules/@babel/compat-data/build/compat-table/es2016plus/compiler-skeleton.html

Path to vulnerable library: /IntroScroll/node_modules/@babel/compat-data/build/compat-table/es2016plus/compiler-skeleton.html

Dependency Hierarchy:

❌ jquery-1.11.1.min.js (Vulnerable Library)

jquery-1.12.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/IntroScroll/node_modules/@babel/compat-data/build/compat-table/es5/skeleton.html

Path to vulnerable library: /IntroScroll/node_modules/@babel/compat-data/build/compat-table/es5/skeleton.html,/IntroScroll/node_modules/@babel/compat-data/build/compat-table/esintl/index.html

Dependency Hierarchy:

❌ jquery-1.12.4.min.js (Vulnerable Library)

Found in HEAD commit: 02e7a6e26516b088b92a9751663aca73b8c9516a

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-20

URL: CVE-2019-11358

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

Release Date: 2019-04-20

Fix Resolution: 3.4.0

Step up your Open Source Security Game with WhiteSource here

scriptex / introscroll Goto Github PK

introscroll's Introduction

IntroScroll

Visitor stats

Code stats

Description

Install

LICENSE

introscroll's People

Contributors

Stargazers

Watchers

Forkers

introscroll's Issues

CVE-2021-44906 - Medium Severity Vulnerability

CVE-2021-23343 - Medium Severity Vulnerability

WS-2016-0090 - Medium Severity Vulnerability

CVE-2021-23364 - Medium Severity Vulnerability

CVE-2021-23337 - High Severity Vulnerability

WS-2020-0070 - High Severity Vulnerability

CVE-2020-28500 - Medium Severity Vulnerability

CVE-2020-28469 - Medium Severity Vulnerability

CVE-2019-10744 - High Severity Vulnerability

CVE-2019-20149 - Medium Severity Vulnerability

CVE-2020-7608 - Medium Severity Vulnerability

CVE-2015-9251 - Medium Severity Vulnerability

WS-2021-0154 - Medium Severity Vulnerability

CVE-2019-11358 - Medium Severity Vulnerability

Recommend Projects

Recommend Topics

Recommend Org

Jobs