scriptex / atanas.info Goto Github PK

My personal website - a fullstack progressive web app built with modern tooling

License: MIT License

Shell 0.10% TypeScript 62.48% CSS 37.08% JavaScript 0.34%

data-visualization developer-portfolio music-visualizer frontend-app frontend-developer d3-visualization fullstack-application nextjs

atanas.info's Introduction

Hi, I'm Atanas 👋

Javascript/Typescript engineer doing Web and Mobile front-end development since 2011
Lead front-end developer at dmarcian
Former senior software developer and mentor at Three11
Former lead front-end engineer in the E.ON Home project
Former senior web and desktop applications developer at Kinetik Automotive
Former senior front-end engineer and mentor at 2create
Former senior front-end developer at htmlBurger
Former senior front-end developer at htmlBoutique
Former front-end developer at HTML Lab
Part of "the top 3% in the world" at Toptal
Founding talent member at Braintrust
Senior front-end engineer at Andela
Freelance Javascript/Typescript Engineer at Upwork
Freelance Javascript/Typescript Engineer at Freelancer
Freelance front-end engineer at 9am
Freelance front-end developer at Wellfound
Senior front-end engineer at People Per Hour
Freelance front-end developer at FlexWork
Freelance front-end developer at Arc.dev
Freelance front-end developer at Codementor
Open source software maintainer - check my projects.
Author of web components at WebComponents.org
Author of browser extensions for Google Chrome and Mozilla Firefox
Google developer

My open source software is published on NPM and has been downloaded this many times in the past year:

Here is a bit more detailed graph showing my open source contributions in the past year:

Wondering how to pronounce my name? Not anymore!

Connect with me:

Support and sponsor my work:

atanas.info's People

Contributors

Stargazers

Watchers

Forkers

nabil6391 fossabot delta94 ai-and-ml-developer-india

atanas.info's Issues

CVE-2020-8116 (Medium) detected in dot-prop-4.2.0.tgz

CVE-2020-8116 - Medium Severity Vulnerability

Vulnerable Library - dot-prop-4.2.0.tgz

Get, set, or delete a property from a nested object using a dot path

Library home page: https://registry.npmjs.org/dot-prop/-/dot-prop-4.2.0.tgz

Path to dependency file: /tmp/ws-scm/atanas.info/package.json

Path to vulnerable library: /tmp/ws-scm/atanas.info/node_modules/dot-prop/package.json

Dependency Hierarchy:

postcss-merge-rules-4.0.3.tgz (Root Library)
- postcss-selector-parser-3.1.1.tgz
  - ❌ dot-prop-4.2.0.tgz (Vulnerable Library)

Found in HEAD commit: 530095f619c31cb8892d666572bae007b3cfbcb0

Vulnerability Details

Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

Publish Date: 2020-02-04

URL: CVE-2020-8116

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8116

Release Date: 2020-02-04

Fix Resolution: dot-prop - 5.1.1

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11694 (High) detected in opennms-opennms-source-23.0.0-1

CVE-2018-11694 - High Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: cb01a417846f21513486d93e8b4a18af9ade25ef

Library Source Files (68)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/atanas.info/node_modules/node-sass/src/libsass/src/expand.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/expand.cpp
/atanas.info/node_modules/node-sass/src/sass_types/factory.cpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.hpp
/atanas.info/node_modules/node-sass/src/sass_types/value.h
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/lexer.cpp
/atanas.info/node_modules/node-sass/src/callback_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/file.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/operation.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/operators.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/parser.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.cpp
/atanas.info/node_modules/node-sass/src/custom_function_bridge.cpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/bind.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/eval.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/backtrace.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/extend.cpp
/atanas.info/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/node.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/debugger.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.cpp
/atanas.info/node_modules/node-sass/src/sass_types/number.cpp
/atanas.info/node_modules/node-sass/src/sass_types/color.h
/atanas.info/node_modules/node-sass/src/libsass/src/ast.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_values.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/output.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/atanas.info/node_modules/node-sass/src/sass_types/null.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_c.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/atanas.info/node_modules/node-sass/src/sass_types/color.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/inspect.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/values.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.h
/atanas.info/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_c.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/map.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/listize.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/string.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.hpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.h
/atanas.info/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11694

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6286 (Medium) detected in opennms-opennms-source-23.0.0-1

CVE-2019-6286 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: cb01a417846f21513486d93e8b4a18af9ade25ef

Library Source Files (68)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/atanas.info/node_modules/node-sass/src/libsass/src/expand.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/expand.cpp
/atanas.info/node_modules/node-sass/src/sass_types/factory.cpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.hpp
/atanas.info/node_modules/node-sass/src/sass_types/value.h
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/lexer.cpp
/atanas.info/node_modules/node-sass/src/callback_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/file.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/operation.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/operators.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/parser.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.cpp
/atanas.info/node_modules/node-sass/src/custom_function_bridge.cpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/bind.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/eval.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/backtrace.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/extend.cpp
/atanas.info/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/node.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/debugger.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.cpp
/atanas.info/node_modules/node-sass/src/sass_types/number.cpp
/atanas.info/node_modules/node-sass/src/sass_types/color.h
/atanas.info/node_modules/node-sass/src/libsass/src/ast.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_values.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/output.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/atanas.info/node_modules/node-sass/src/sass_types/null.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_c.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/atanas.info/node_modules/node-sass/src/sass_types/color.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/inspect.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/values.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.h
/atanas.info/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_c.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/map.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/listize.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/string.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.hpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.h
/atanas.info/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.

Publish Date: 2019-01-14

URL: CVE-2019-6286

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19797 (Medium) detected in CSS::Sass-v3.3.0

CVE-2018-19797 - Medium Severity Vulnerability

Vulnerable Library - CSS::Sassv3.3.0

Library home page: https://metacpan.org/pod/CSS::Sass

Found in HEAD commit: cb01a417846f21513486d93e8b4a18af9ade25ef

Library Source Files (57)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/atanas.info/node_modules/node-sass/src/libsass/src/color_maps.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_util.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/atanas.info/node_modules/node-sass/src/libsass/src/output.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/b64/cencode.h
/atanas.info/node_modules/node-sass/src/libsass/src/sass_values.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/source_map.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8.h
/atanas.info/node_modules/node-sass/src/libsass/test/test_node.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/plugins.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/json.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/node.hpp
/atanas.info/node_modules/node-sass/src/libsass/include/sass/base.h
/atanas.info/node_modules/node-sass/src/libsass/src/position.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/subset_map.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/environment.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/extend.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_context.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8/core.h
/atanas.info/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/atanas.info/node_modules/node-sass/src/libsass/include/sass/functions.h
/atanas.info/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/subset_map.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/cencode.c
/atanas.info/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/listize.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/c99func.c
/atanas.info/node_modules/node-sass/src/libsass/src/position.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/atanas.info/node_modules/node-sass/src/libsass/include/sass/values.h
/atanas.info/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/paths.hpp
/atanas.info/node_modules/node-sass/src/libsass/include/sass/context.h
/atanas.info/node_modules/node-sass/src/libsass/src/color_maps.hpp
/atanas.info/node_modules/node-sass/src/libsass/test/test_unification.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_util.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/source_map.hpp
/atanas.info/node_modules/node-sass/src/libsass/script/test-leaks.pl
/atanas.info/node_modules/node-sass/src/libsass/src/lexer.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/json.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/units.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/units.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/b64/encode.h
/atanas.info/node_modules/node-sass/src/libsass/src/file.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/environment.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8/checked.h
/atanas.info/node_modules/node-sass/src/libsass/src/plugins.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/debug.hpp
/atanas.info/node_modules/node-sass/src/libsass/include/sass2scss.h

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-03

URL: CVE-2018-19797

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19838 (Medium) detected in opennms-opennms-source-23.0.0-1

CVE-2018-19838 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: cb01a417846f21513486d93e8b4a18af9ade25ef

Library Source Files (68)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/atanas.info/node_modules/node-sass/src/libsass/src/expand.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/expand.cpp
/atanas.info/node_modules/node-sass/src/sass_types/factory.cpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.hpp
/atanas.info/node_modules/node-sass/src/sass_types/value.h
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/lexer.cpp
/atanas.info/node_modules/node-sass/src/callback_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/file.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/operation.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/operators.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/parser.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.cpp
/atanas.info/node_modules/node-sass/src/custom_function_bridge.cpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/bind.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/eval.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/backtrace.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/extend.cpp
/atanas.info/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/node.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/debugger.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.cpp
/atanas.info/node_modules/node-sass/src/sass_types/number.cpp
/atanas.info/node_modules/node-sass/src/sass_types/color.h
/atanas.info/node_modules/node-sass/src/libsass/src/ast.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_values.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/output.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/atanas.info/node_modules/node-sass/src/sass_types/null.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_c.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/atanas.info/node_modules/node-sass/src/sass_types/color.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/inspect.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/values.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.h
/atanas.info/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_c.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/map.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/listize.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/string.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.hpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.h
/atanas.info/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().

Publish Date: 2018-12-04

URL: CVE-2018-19838

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/sass/libsass/blob/3.6.0/src/ast.cpp

Release Date: 2019-07-01

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20677 (Medium) detected in bootstrap-3.3.5.min.js

CVE-2018-20677 - Medium Severity Vulnerability

Vulnerable Library - bootstrap-3.3.5.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js

Path to dependency file: /tmp/ws-scm/atanas.info/node_modules/autocomplete.js/test/playground_jquery.html

Path to vulnerable library: /atanas.info/node_modules/autocomplete.js/test/playground_jquery.html

Dependency Hierarchy:

❌ bootstrap-3.3.5.min.js (Vulnerable Library)

Found in HEAD commit: 88a9403d72b353289413e867c44000a247fa0324

Vulnerability Details

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

Publish Date: 2019-01-09

URL: CVE-2018-20677

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677

Release Date: 2019-01-09

Fix Resolution: Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0

Step up your Open Source Security Game with WhiteSource here

WS-2019-0367 (Medium) detected in angular-1.4.2.min.js

WS-2019-0367 - Medium Severity Vulnerability

Vulnerable Library - angular-1.4.2.min.js

AngularJS is an MVC framework for building web applications. The core features include HTML enhanced with custom component and data-binding capabilities, dependency injection and strong focus on simplicity, testability, maintainability and boiler-plate reduction.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.4.2/angular.min.js

Path to dependency file: /tmp/ws-scm/atanas.info/node_modules/autocomplete.js/test/playground_angular.html

Path to vulnerable library: /atanas.info/node_modules/autocomplete.js/test/playground_angular.html

Dependency Hierarchy:

❌ angular-1.4.2.min.js (Vulnerable Library)

Found in HEAD commit: 88a9403d72b353289413e867c44000a247fa0324

Vulnerability Details

Prototype Pollution vulnerability found in Angular before 1.7.9.

Publish Date: 2020-01-08

URL: WS-2019-0367

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19

Release Date: 2020-01-08

Fix Resolution: angular - 1.7.9

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19827 (High) detected in CSS::Sass-v3.3.0

CVE-2018-19827 - High Severity Vulnerability

Vulnerable Library - CSS::Sassv3.3.0

Library home page: https://metacpan.org/pod/CSS::Sass

Found in HEAD commit: cb01a417846f21513486d93e8b4a18af9ade25ef

Library Source Files (57)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/atanas.info/node_modules/node-sass/src/libsass/src/color_maps.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_util.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/atanas.info/node_modules/node-sass/src/libsass/src/output.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/b64/cencode.h
/atanas.info/node_modules/node-sass/src/libsass/src/sass_values.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/source_map.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8.h
/atanas.info/node_modules/node-sass/src/libsass/test/test_node.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/plugins.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/json.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/node.hpp
/atanas.info/node_modules/node-sass/src/libsass/include/sass/base.h
/atanas.info/node_modules/node-sass/src/libsass/src/position.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/subset_map.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/environment.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/extend.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_context.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8/core.h
/atanas.info/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/atanas.info/node_modules/node-sass/src/libsass/include/sass/functions.h
/atanas.info/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/subset_map.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/cencode.c
/atanas.info/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/listize.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/c99func.c
/atanas.info/node_modules/node-sass/src/libsass/src/position.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/atanas.info/node_modules/node-sass/src/libsass/include/sass/values.h
/atanas.info/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/paths.hpp
/atanas.info/node_modules/node-sass/src/libsass/include/sass/context.h
/atanas.info/node_modules/node-sass/src/libsass/src/color_maps.hpp
/atanas.info/node_modules/node-sass/src/libsass/test/test_unification.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_util.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/source_map.hpp
/atanas.info/node_modules/node-sass/src/libsass/script/test-leaks.pl
/atanas.info/node_modules/node-sass/src/libsass/src/lexer.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/json.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/units.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/units.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/b64/encode.h
/atanas.info/node_modules/node-sass/src/libsass/src/file.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/environment.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8/checked.h
/atanas.info/node_modules/node-sass/src/libsass/src/plugins.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/debug.hpp
/atanas.info/node_modules/node-sass/src/libsass/include/sass2scss.h

Vulnerability Details

In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-12-03

URL: CVE-2018-19827

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2017-16226 (High) detected in static-eval-0.2.4.tgz

CVE-2017-16226 - High Severity Vulnerability

Vulnerable Library - static-eval-0.2.4.tgz

evaluate statically-analyzable expressions

Library home page: https://registry.npmjs.org/static-eval/-/static-eval-0.2.4.tgz

Path to dependency file: /atanas.info/package.json

Path to vulnerable library: /tmp/git/atanas.info/node_modules/static-eval/package.json

Dependency Hierarchy:

webpack-spritesmith-1.0.1.tgz (Root Library)
- spritesmith-3.3.1.tgz
  - pixelsmith-2.2.1.tgz
    - ndarray-fill-1.0.2.tgz
      - cwise-1.0.10.tgz
        
        static-module-1.5.0.tgz
        
        ❌ static-eval-0.2.4.tgz (Vulnerable Library)

Found in HEAD commit: cb01a417846f21513486d93e8b4a18af9ade25ef

Vulnerability Details

The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.

Publish Date: 2018-06-07

URL: CVE-2017-16226

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/548

Release Date: 2017-10-18

Fix Resolution: Update to version 2.0.0 or later.

Step up your Open Source Security Game with WhiteSource here

CVE-2012-6708 (Medium) detected in jquery-1.7.1.min.js

CVE-2012-6708 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.7.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/atanas.info/node_modules/vm-browserify/example/run/index.html

Path to vulnerable library: /atanas.info/node_modules/vm-browserify/example/run/index.html

Dependency Hierarchy:

❌ jquery-1.7.1.min.js (Vulnerable Library)

Found in HEAD commit: 996b1acf552f6f92f7b606a09b9f32176018446e

Vulnerability Details

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

Publish Date: 2018-01-18

URL: CVE-2012-6708

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6708

Release Date: 2018-01-18

Fix Resolution: jQuery - v1.9.0

Step up your Open Source Security Game with WhiteSource here

CVE-2020-11022 (Medium) detected in multiple libraries

CVE-2020-11022 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-3.4.0.min.js, jquery-3.2.1.min.js, jquery-2.1.4.min.js, jquery-1.7.1.min.js

jquery-3.4.0.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.0/jquery.min.js

Path to dependency file: /tmp/ws-scm/atanas.info/node_modules/js-base64/test/index.html

Path to vulnerable library: /atanas.info/node_modules/js-base64/test/index.html

Dependency Hierarchy:

❌ jquery-3.4.0.min.js (Vulnerable Library)

jquery-3.2.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/atanas.info/node_modules/autocomplete.js/examples/basic_jquery.html

Path to vulnerable library: /atanas.info/node_modules/autocomplete.js/examples/basic_jquery.html

Dependency Hierarchy:

❌ jquery-3.2.1.min.js (Vulnerable Library)

jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/atanas.info/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /atanas.info/node_modules/js-base64/.attic/test-moment/index.html,/atanas.info/node_modules/autocomplete.js/examples/basic_angular.html,/atanas.info/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

jquery-1.7.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/atanas.info/node_modules/sockjs/examples/express-3.x/index.html

Path to vulnerable library: /atanas.info/node_modules/sockjs/examples/express-3.x/index.html

Dependency Hierarchy:

❌ jquery-1.7.1.min.js (Vulnerable Library)

Found in HEAD commit: b06a84c2d99e89500a0b68d488c6eec7740db631

Vulnerability Details

In jQuery before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

CVSS 3 Score Details (5.0)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6284 (Medium) detected in opennms-opennms-source-23.0.0-1

CVE-2019-6284 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: cb01a417846f21513486d93e8b4a18af9ade25ef

Library Source Files (68)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/atanas.info/node_modules/node-sass/src/libsass/src/expand.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/expand.cpp
/atanas.info/node_modules/node-sass/src/sass_types/factory.cpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.hpp
/atanas.info/node_modules/node-sass/src/sass_types/value.h
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/lexer.cpp
/atanas.info/node_modules/node-sass/src/callback_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/file.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/operation.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/operators.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/parser.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.cpp
/atanas.info/node_modules/node-sass/src/custom_function_bridge.cpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/bind.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/eval.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/backtrace.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/extend.cpp
/atanas.info/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/node.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/debugger.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.cpp
/atanas.info/node_modules/node-sass/src/sass_types/number.cpp
/atanas.info/node_modules/node-sass/src/sass_types/color.h
/atanas.info/node_modules/node-sass/src/libsass/src/ast.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_values.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/output.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/atanas.info/node_modules/node-sass/src/sass_types/null.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_c.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/atanas.info/node_modules/node-sass/src/sass_types/color.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/inspect.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/values.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.h
/atanas.info/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_c.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/map.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/listize.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/string.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.hpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.h
/atanas.info/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6284

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20834 (High) detected in tar-2.2.2.tgz

CVE-2018-20834 - High Severity Vulnerability

Vulnerable Library - tar-2.2.2.tgz

tar for node

Library home page: https://registry.npmjs.org/tar/-/tar-2.2.2.tgz

Path to dependency file: /atanas.info/package.json

Path to vulnerable library: /tmp/git/atanas.info/node_modules/node-gyp/node_modules/tar/package.json

Dependency Hierarchy:

node-sass-4.12.0.tgz (Root Library)
- node-gyp-3.8.0.tgz
  - ❌ tar-2.2.2.tgz (Vulnerable Library)

Found in HEAD commit: 4e26166be776391cf1d645da301974adb02d6529

Vulnerability Details

A vulnerability was found in node-tar before version 4.4.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content.

Publish Date: 2019-04-30

URL: CVE-2018-20834

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://hackerone.com/reports/344595

Release Date: 2019-04-30

Fix Resolution: v4.4.2

Step up your Open Source Security Game with WhiteSource here

CVE-2019-1010266 (Medium) detected in lodash-3.10.1.tgz, lodash-2.4.2.tgz

CVE-2019-1010266 - Medium Severity Vulnerability

Vulnerable Libraries - lodash-3.10.1.tgz, lodash-2.4.2.tgz

lodash-3.10.1.tgz

The modern build of lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz

Path to dependency file: /atanas.info/package.json

Path to vulnerable library: /tmp/git/atanas.info/node_modules/oust/node_modules/lodash/package.json

Dependency Hierarchy:

critical-1.3.4.tgz (Root Library)
- oust-0.4.0.tgz
  - cheerio-0.19.0.tgz
    - ❌ lodash-3.10.1.tgz (Vulnerable Library)

lodash-2.4.2.tgz

A utility library delivering consistency, customization, performance, & extras.

Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz

Path to dependency file: /atanas.info/package.json

Path to vulnerable library: /tmp/git/atanas.info/node_modules/cave/node_modules/lodash/package.json

Dependency Hierarchy:

critical-1.3.4.tgz (Root Library)
- inline-critical-4.0.7.tgz
  - cave-2.0.0.tgz
    - ❌ lodash-2.4.2.tgz (Vulnerable Library)

Found in HEAD commit: 48b5c39ab35eb52c2c8752f34ad543d08d50c7a0

Vulnerability Details

lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.

Publish Date: 2019-07-17

URL: CVE-2019-1010266

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010266

Release Date: 2019-07-17

Fix Resolution: 4.17.11

Step up your Open Source Security Game with WhiteSource here

WS-2016-0090 (Medium) detected in jquery-2.1.4.min.js, jquery-1.7.1.min.js

WS-2016-0090 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-2.1.4.min.js, jquery-1.7.1.min.js

jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/atanas.info/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /atanas.info/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

jquery-1.7.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/atanas.info/node_modules/vm-browserify/example/run/index.html

Path to vulnerable library: /atanas.info/node_modules/vm-browserify/example/run/index.html

Dependency Hierarchy:

❌ jquery-1.7.1.min.js (Vulnerable Library)

Found in HEAD commit: 996b1acf552f6f92f7b606a09b9f32176018446e

Vulnerability Details

JQuery, before 2.2.0, is vulnerable to Cross-site Scripting (XSS) attacks via text/javascript response with arbitrary code execution.

Publish Date: 2016-11-27

URL: WS-2016-0090

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: jquery/jquery@b078a62

Release Date: 2019-04-08

Fix Resolution: 2.2.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20822 (Medium) detected in opennms-opennms-source-23.0.0-1

CVE-2018-20822 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: cb01a417846f21513486d93e8b4a18af9ade25ef

Library Source Files (68)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/atanas.info/node_modules/node-sass/src/libsass/src/expand.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/expand.cpp
/atanas.info/node_modules/node-sass/src/sass_types/factory.cpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.hpp
/atanas.info/node_modules/node-sass/src/sass_types/value.h
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/lexer.cpp
/atanas.info/node_modules/node-sass/src/callback_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/file.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/operation.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/operators.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/parser.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.cpp
/atanas.info/node_modules/node-sass/src/custom_function_bridge.cpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/bind.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/eval.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/backtrace.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/extend.cpp
/atanas.info/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/node.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/debugger.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.cpp
/atanas.info/node_modules/node-sass/src/sass_types/number.cpp
/atanas.info/node_modules/node-sass/src/sass_types/color.h
/atanas.info/node_modules/node-sass/src/libsass/src/ast.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_values.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/output.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/atanas.info/node_modules/node-sass/src/sass_types/null.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_c.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/atanas.info/node_modules/node-sass/src/sass_types/color.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/inspect.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/values.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.h
/atanas.info/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_c.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/map.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/listize.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/string.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.hpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.h
/atanas.info/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20822

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Fix workflow

The current github action should run only on the master branch.

CVE-2020-7598 (High) detected in multiple libraries

CVE-2020-7598 - High Severity Vulnerability

Vulnerable Libraries - minimist-0.0.8.tgz, minimist-0.0.10.tgz, minimist-1.2.0.tgz

minimist-0.0.8.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz

Path to dependency file: /tmp/ws-scm/atanas.info/package.json

Path to vulnerable library: /tmp/ws-scm/atanas.info/node_modules/mkdirp/node_modules/minimist/package.json

Dependency Hierarchy:

babel-loader-8.0.6.tgz (Root Library)
- mkdirp-0.5.1.tgz
  - ❌ minimist-0.0.8.tgz (Vulnerable Library)

minimist-0.0.10.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.10.tgz

Path to dependency file: /tmp/ws-scm/atanas.info/package.json

Path to vulnerable library: /tmp/ws-scm/atanas.info/node_modules/optimist/node_modules/minimist/package.json

Dependency Hierarchy:

webpack-spritesmith-1.1.0.tgz (Root Library)
- spritesheet-templates-10.5.0.tgz
  - handlebars-4.7.3.tgz
    - optimist-0.6.1.tgz
      - ❌ minimist-0.0.10.tgz (Vulnerable Library)

minimist-1.2.0.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz

Dependency Hierarchy:

browser-sync-2.26.7.tgz (Root Library)
- chokidar-2.1.8.tgz
  - fsevents-1.2.11.tgz
    - node-pre-gyp-0.14.0.tgz
      - rc-1.2.8.tgz
        
        ❌ minimist-1.2.0.tgz (Vulnerable Library)

Found in HEAD commit: 8ce79d0b9f2a35f1c6df375d78b08df90e76b51a

Vulnerability Details

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.

Publish Date: 2020-03-11

URL: CVE-2020-7598

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94

Release Date: 2020-03-11

Fix Resolution: minimist - 0.2.1,1.2.2

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19826 (Medium) detected in node-sass-v4.11.0

CVE-2018-19826 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: cb01a417846f21513486d93e8b4a18af9ade25ef

Library Source Files (4)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/atanas.info/node_modules/node-sass/src/binding.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/operators.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/inspect.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/parser.cpp

Vulnerability Details

** DISPUTED ** In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. NOTE: Upstream comments indicate this issue is closed as "won't fix" and "works as intended" by design.

Publish Date: 2018-12-03

URL: CVE-2018-19826

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2017-1000048 (High) detected in qs-6.2.3.tgz

CVE-2017-1000048 - High Severity Vulnerability

Vulnerable Library - qs-6.2.3.tgz

A querystring parser that supports nesting and arrays, with a depth limit

Library home page: https://registry.npmjs.org/qs/-/qs-6.2.3.tgz

Path to dependency file: /atanas.info/package.json

Path to vulnerable library: /tmp/git/atanas.info/node_modules/qs/package.json

Dependency Hierarchy:

browser-sync-2.26.7.tgz (Root Library)
- ❌ qs-6.2.3.tgz (Vulnerable Library)

Found in HEAD commit: cb01a417846f21513486d93e8b4a18af9ade25ef

Vulnerability Details

the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash.

Publish Date: 2017-07-17

URL: CVE-2017-1000048

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: ljharb/qs@c709f6e

Release Date: 2017-03-06

Fix Resolution: Replace or update the following files: parse.js, parse.js, utils.js

Step up your Open Source Security Game with WhiteSource here

CVE-2018-3721 (Medium) detected in lodash-3.10.1.tgz, lodash-2.4.2.tgz

CVE-2018-3721 - Medium Severity Vulnerability

Vulnerable Libraries - lodash-3.10.1.tgz, lodash-2.4.2.tgz

lodash-3.10.1.tgz

The modern build of lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz

Path to dependency file: /atanas.info/package.json

Path to vulnerable library: /tmp/git/atanas.info/node_modules/oust/node_modules/lodash/package.json

Dependency Hierarchy:

critical-1.3.4.tgz (Root Library)
- oust-0.4.0.tgz
  - cheerio-0.19.0.tgz
    - ❌ lodash-3.10.1.tgz (Vulnerable Library)

lodash-2.4.2.tgz

A utility library delivering consistency, customization, performance, & extras.

Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz

Path to dependency file: /atanas.info/package.json

Path to vulnerable library: /tmp/git/atanas.info/node_modules/cave/node_modules/lodash/package.json

Dependency Hierarchy:

critical-1.3.4.tgz (Root Library)
- inline-critical-4.0.7.tgz
  - cave-2.0.0.tgz
    - ❌ lodash-2.4.2.tgz (Vulnerable Library)

Found in HEAD commit: cb01a417846f21513486d93e8b4a18af9ade25ef

Vulnerability Details

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.

Publish Date: 2018-06-07

URL: CVE-2018-3721

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-3721

Release Date: 2018-06-07

Fix Resolution: 4.17.5

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11698 (High) detected in opennms-opennms-source-23.0.0-1

CVE-2018-11698 - High Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: cb01a417846f21513486d93e8b4a18af9ade25ef

Library Source Files (68)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/atanas.info/node_modules/node-sass/src/libsass/src/expand.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/expand.cpp
/atanas.info/node_modules/node-sass/src/sass_types/factory.cpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.hpp
/atanas.info/node_modules/node-sass/src/sass_types/value.h
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/lexer.cpp
/atanas.info/node_modules/node-sass/src/callback_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/file.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/operation.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/operators.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/parser.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.cpp
/atanas.info/node_modules/node-sass/src/custom_function_bridge.cpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/bind.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/eval.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/backtrace.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/extend.cpp
/atanas.info/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/node.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/debugger.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.cpp
/atanas.info/node_modules/node-sass/src/sass_types/number.cpp
/atanas.info/node_modules/node-sass/src/sass_types/color.h
/atanas.info/node_modules/node-sass/src/libsass/src/ast.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_values.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/output.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/atanas.info/node_modules/node-sass/src/sass_types/null.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_c.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/atanas.info/node_modules/node-sass/src/sass_types/color.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/inspect.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/values.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.h
/atanas.info/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_c.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/map.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/listize.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/string.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.hpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.h
/atanas.info/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11698

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11499 (High) detected in opennms-opennms-source-23.0.0-1

CVE-2018-11499 - High Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: cb01a417846f21513486d93e8b4a18af9ade25ef

Library Source Files (68)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/atanas.info/node_modules/node-sass/src/libsass/src/expand.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/expand.cpp
/atanas.info/node_modules/node-sass/src/sass_types/factory.cpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.hpp
/atanas.info/node_modules/node-sass/src/sass_types/value.h
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/lexer.cpp
/atanas.info/node_modules/node-sass/src/callback_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/file.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/operation.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/operators.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/parser.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.cpp
/atanas.info/node_modules/node-sass/src/custom_function_bridge.cpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/bind.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/eval.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/backtrace.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/extend.cpp
/atanas.info/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/node.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/debugger.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.cpp
/atanas.info/node_modules/node-sass/src/sass_types/number.cpp
/atanas.info/node_modules/node-sass/src/sass_types/color.h
/atanas.info/node_modules/node-sass/src/libsass/src/ast.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_values.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/output.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/atanas.info/node_modules/node-sass/src/sass_types/null.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_c.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/atanas.info/node_modules/node-sass/src/sass_types/color.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/inspect.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/values.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.h
/atanas.info/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_c.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/map.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/listize.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/string.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.hpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.h
/atanas.info/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.

Publish Date: 2018-05-26

URL: CVE-2018-11499

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2019-8331 (Medium) detected in bootstrap-3.3.5.min.js

CVE-2019-8331 - Medium Severity Vulnerability

Vulnerable Library - bootstrap-3.3.5.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js

Path to dependency file: /tmp/ws-scm/atanas.info/node_modules/autocomplete.js/test/playground_jquery.html

Path to vulnerable library: /atanas.info/node_modules/autocomplete.js/test/playground_jquery.html

Dependency Hierarchy:

❌ bootstrap-3.3.5.min.js (Vulnerable Library)

Found in HEAD commit: 88a9403d72b353289413e867c44000a247fa0324

Vulnerability Details

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

Publish Date: 2019-02-20

URL: CVE-2019-8331

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: twbs/bootstrap#28236

Release Date: 2019-02-20

Fix Resolution: bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1

Step up your Open Source Security Game with WhiteSource here

CVE-2015-9251 (Medium) detected in jquery-2.1.4.min.js, jquery-1.7.1.min.js

CVE-2015-9251 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-2.1.4.min.js, jquery-1.7.1.min.js

jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/atanas.info/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /atanas.info/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

jquery-1.7.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/atanas.info/node_modules/vm-browserify/example/run/index.html

Path to vulnerable library: /atanas.info/node_modules/vm-browserify/example/run/index.html

Dependency Hierarchy:

❌ jquery-1.7.1.min.js (Vulnerable Library)

Found in HEAD commit: 996b1acf552f6f92f7b606a09b9f32176018446e

Vulnerability Details

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Publish Date: 2018-01-18

URL: CVE-2015-9251

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251

Release Date: 2018-01-18

Fix Resolution: jQuery - v3.0.0

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7608 (Medium) detected in multiple libraries

CVE-2020-7608 - Medium Severity Vulnerability

Vulnerable Libraries - yargs-parser-10.1.0.tgz, yargs-parser-4.2.1.tgz, yargs-parser-5.0.0.tgz

yargs-parser-10.1.0.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-10.1.0.tgz

Path to dependency file: /tmp/ws-scm/atanas.info/package.json

Path to vulnerable library: /tmp/ws-scm/atanas.info/node_modules/filter-css/node_modules/yargs-parser/package.json

Dependency Hierarchy:

localga-2.0.0.tgz (Root Library)
- meow-5.0.0.tgz
  - ❌ yargs-parser-10.1.0.tgz (Vulnerable Library)

yargs-parser-4.2.1.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-4.2.1.tgz

Path to dependency file: /tmp/ws-scm/atanas.info/package.json

Path to vulnerable library: /tmp/ws-scm/atanas.info/node_modules/browser-sync/node_modules/yargs-parser/package.json

Dependency Hierarchy:

browser-sync-2.26.7.tgz (Root Library)
- yargs-6.4.0.tgz
  - ❌ yargs-parser-4.2.1.tgz (Vulnerable Library)

yargs-parser-5.0.0.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-5.0.0.tgz

Path to dependency file: /tmp/ws-scm/atanas.info/package.json

Path to vulnerable library: /tmp/ws-scm/atanas.info/node_modules/sass-graph/node_modules/yargs-parser/package.json

Dependency Hierarchy:

node-sass-4.13.1.tgz (Root Library)
- sass-graph-2.2.4.tgz
  - yargs-7.1.0.tgz
    - ❌ yargs-parser-5.0.0.tgz (Vulnerable Library)

Found in HEAD commit: eefc6245615479d83e2db8a1b51a05ba265e91c3

Vulnerability Details

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.

Publish Date: 2020-03-16

URL: CVE-2020-7608

CVSS 3 Score Details (5.0)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608

Release Date: 2020-03-16

Fix Resolution: v18.1.1;13.1.2;15.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20821 (Medium) detected in opennms-opennms-source-23.0.0-1, node-sass-v4.11.0

CVE-2018-20821 - Medium Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20821

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11693 (High) detected in opennms-opennms-source-23.0.0-1

CVE-2018-11693 - High Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: cb01a417846f21513486d93e8b4a18af9ade25ef

Library Source Files (68)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/atanas.info/node_modules/node-sass/src/libsass/src/expand.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/expand.cpp
/atanas.info/node_modules/node-sass/src/sass_types/factory.cpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.hpp
/atanas.info/node_modules/node-sass/src/sass_types/value.h
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/lexer.cpp
/atanas.info/node_modules/node-sass/src/callback_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/file.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/operation.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/operators.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/parser.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.cpp
/atanas.info/node_modules/node-sass/src/custom_function_bridge.cpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/bind.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/eval.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/backtrace.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/extend.cpp
/atanas.info/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/node.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/debugger.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.cpp
/atanas.info/node_modules/node-sass/src/sass_types/number.cpp
/atanas.info/node_modules/node-sass/src/sass_types/color.h
/atanas.info/node_modules/node-sass/src/libsass/src/ast.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_values.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/output.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/atanas.info/node_modules/node-sass/src/sass_types/null.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_c.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/atanas.info/node_modules/node-sass/src/sass_types/color.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/inspect.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/values.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.h
/atanas.info/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_c.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/map.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/listize.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/string.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.hpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.h
/atanas.info/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11693

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Try deploying on Zeit's Now

Migrate to Zeit Now hosting using a local now.json file

WS-2020-0044 (High) detected in decompress-4.2.0.tgz

WS-2020-0044 - High Severity Vulnerability

Vulnerable Library - decompress-4.2.0.tgz

Extracting archives made easy

Library home page: https://registry.npmjs.org/decompress/-/decompress-4.2.0.tgz

Path to dependency file: /tmp/ws-scm/atanas.info/package.json

Path to vulnerable library: /tmp/ws-scm/atanas.info/node_modules/decompress/package.json

Dependency Hierarchy:

optisize-1.0.0.tgz (Root Library)
- imagemin-gifsicle-6.0.1.tgz
  - gifsicle-4.0.1.tgz
    - bin-build-3.0.0.tgz
      - ❌ decompress-4.2.0.tgz (Vulnerable Library)

Found in HEAD commit: 74eccd7b923c88e21f658742f44bae07d93db8a5

Vulnerability Details

decompress in all its versions is vulnerable to arbitrary file write. the package fails to prevent an extraction of files with relative paths which allows attackers to write to any folder in the system.

Publish Date: 2020-03-08

URL: WS-2020-0044

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11697 (High) detected in CSS::Sass-v3.3.0

CVE-2018-11697 - High Severity Vulnerability

Vulnerable Library - CSS::Sassv3.3.0

Library home page: https://metacpan.org/pod/CSS::Sass

Found in HEAD commit: cb01a417846f21513486d93e8b4a18af9ade25ef

Library Source Files (57)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/atanas.info/node_modules/node-sass/src/libsass/src/color_maps.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_util.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/atanas.info/node_modules/node-sass/src/libsass/src/output.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/b64/cencode.h
/atanas.info/node_modules/node-sass/src/libsass/src/sass_values.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/source_map.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8.h
/atanas.info/node_modules/node-sass/src/libsass/test/test_node.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/plugins.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/json.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/node.hpp
/atanas.info/node_modules/node-sass/src/libsass/include/sass/base.h
/atanas.info/node_modules/node-sass/src/libsass/src/position.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/subset_map.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/environment.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/extend.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_context.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8/core.h
/atanas.info/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/atanas.info/node_modules/node-sass/src/libsass/include/sass/functions.h
/atanas.info/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/subset_map.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/cencode.c
/atanas.info/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/listize.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/c99func.c
/atanas.info/node_modules/node-sass/src/libsass/src/position.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/atanas.info/node_modules/node-sass/src/libsass/include/sass/values.h
/atanas.info/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/paths.hpp
/atanas.info/node_modules/node-sass/src/libsass/include/sass/context.h
/atanas.info/node_modules/node-sass/src/libsass/src/color_maps.hpp
/atanas.info/node_modules/node-sass/src/libsass/test/test_unification.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_util.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/source_map.hpp
/atanas.info/node_modules/node-sass/src/libsass/script/test-leaks.pl
/atanas.info/node_modules/node-sass/src/libsass/src/lexer.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/json.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/units.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/units.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/b64/encode.h
/atanas.info/node_modules/node-sass/src/libsass/src/file.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/environment.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8/checked.h
/atanas.info/node_modules/node-sass/src/libsass/src/plugins.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/debug.hpp
/atanas.info/node_modules/node-sass/src/libsass/include/sass2scss.h

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11697

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2019-18797 (Medium) detected in node-sass-v4.11.0

CVE-2019-18797 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: a78be0eb68276515640188f722aab54a97c1c4ba

Library Source Files (66)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/atanas.info/node_modules/node-sass/src/libsass/src/expand.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/expand.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/operators.cpp
/atanas.info/node_modules/node-sass/src/sass_types/factory.cpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.hpp
/atanas.info/node_modules/node-sass/src/sass_types/value.h
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.hpp
/atanas.info/node_modules/node-sass/src/callback_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/file.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/operation.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/operators.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.hpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/parser.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.cpp
/atanas.info/node_modules/node-sass/src/custom_function_bridge.cpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/bind.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/eval.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/inspect.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/backtrace.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/extend.cpp
/atanas.info/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/parser.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/debugger.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.cpp
/atanas.info/node_modules/node-sass/src/sass_types/number.cpp
/atanas.info/node_modules/node-sass/src/sass_types/color.h
/atanas.info/node_modules/node-sass/src/libsass/src/ast.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_values.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/output.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/atanas.info/node_modules/node-sass/src/sass_types/null.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_c.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/atanas.info/node_modules/node-sass/src/sass_types/color.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/inspect.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/values.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.h
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/map.cpp
/atanas.info/node_modules/node-sass/src/binding.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/string.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.hpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.h
/atanas.info/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.

Publish Date: 2019-11-06

URL: CVE-2019-18797

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18797

Release Date: 2019-11-06

Fix Resolution: 3.6.3

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6283 (Medium) detected in opennms-opennms-source-23.0.0-1

CVE-2019-6283 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: cb01a417846f21513486d93e8b4a18af9ade25ef

Library Source Files (68)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/atanas.info/node_modules/node-sass/src/libsass/src/expand.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/expand.cpp
/atanas.info/node_modules/node-sass/src/sass_types/factory.cpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.hpp
/atanas.info/node_modules/node-sass/src/sass_types/value.h
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/lexer.cpp
/atanas.info/node_modules/node-sass/src/callback_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/file.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/operation.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/operators.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/parser.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.cpp
/atanas.info/node_modules/node-sass/src/custom_function_bridge.cpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/bind.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/eval.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/backtrace.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/extend.cpp
/atanas.info/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/node.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/debugger.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.cpp
/atanas.info/node_modules/node-sass/src/sass_types/number.cpp
/atanas.info/node_modules/node-sass/src/sass_types/color.h
/atanas.info/node_modules/node-sass/src/libsass/src/ast.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_values.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/output.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/atanas.info/node_modules/node-sass/src/sass_types/null.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_c.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/atanas.info/node_modules/node-sass/src/sass_types/color.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/inspect.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/values.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.h
/atanas.info/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_c.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/map.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/listize.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/string.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.hpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.h
/atanas.info/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6283

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-14040 (Medium) detected in bootstrap-3.3.5.min.js

CVE-2018-14040 - Medium Severity Vulnerability

Vulnerable Library - bootstrap-3.3.5.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js

Path to dependency file: /tmp/ws-scm/atanas.info/node_modules/autocomplete.js/test/playground_jquery.html

Path to vulnerable library: /atanas.info/node_modules/autocomplete.js/test/playground_jquery.html

Dependency Hierarchy:

❌ bootstrap-3.3.5.min.js (Vulnerable Library)

Found in HEAD commit: 88a9403d72b353289413e867c44000a247fa0324

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

Publish Date: 2018-07-13

URL: CVE-2018-14040

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: twbs/bootstrap#26630

Release Date: 2018-07-13

Fix Resolution: org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0

Step up your Open Source Security Game with WhiteSource here

CVE-2015-9521 (Medium) detected in jquery-2.1.4.min.js

CVE-2015-9521 - Medium Severity Vulnerability

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/atanas.info/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /atanas.info/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: ff09f1be4ec55dc4dc3a2097b824aa4caafecdee

Vulnerability Details

The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.

Publish Date: 2019-10-23

URL: CVE-2015-9521

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: jquery/jquery@b078a62

Release Date: 2019-10-23

Fix Resolution: 2.2.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11695 (High) detected in opennms-opennms-source-23.0.0-1

CVE-2018-11695 - High Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: cb01a417846f21513486d93e8b4a18af9ade25ef

Library Source Files (68)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/atanas.info/node_modules/node-sass/src/libsass/src/expand.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/expand.cpp
/atanas.info/node_modules/node-sass/src/sass_types/factory.cpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.hpp
/atanas.info/node_modules/node-sass/src/sass_types/value.h
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/lexer.cpp
/atanas.info/node_modules/node-sass/src/callback_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/file.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/operation.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/operators.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/parser.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.cpp
/atanas.info/node_modules/node-sass/src/custom_function_bridge.cpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/bind.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/eval.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/backtrace.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/extend.cpp
/atanas.info/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/node.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/debugger.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.cpp
/atanas.info/node_modules/node-sass/src/sass_types/number.cpp
/atanas.info/node_modules/node-sass/src/sass_types/color.h
/atanas.info/node_modules/node-sass/src/libsass/src/ast.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_values.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/output.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/atanas.info/node_modules/node-sass/src/sass_types/null.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_c.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/atanas.info/node_modules/node-sass/src/sass_types/color.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/inspect.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/values.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.h
/atanas.info/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_c.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/map.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/listize.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/string.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.hpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.h
/atanas.info/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11695

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2019-20149 (Medium) detected in multiple libraries

CVE-2019-20149 - Medium Severity Vulnerability

Vulnerable Libraries - kind-of-3.2.2.tgz, kind-of-4.0.0.tgz, kind-of-6.0.2.tgz, kind-of-5.1.0.tgz

kind-of-3.2.2.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz

Path to dependency file: /tmp/ws-scm/atanas.info/package.json

Path to vulnerable library: /tmp/ws-scm/atanas.info/node_modules/is-data-descriptor/node_modules/kind-of/package.json

Dependency Hierarchy:

browser-sync-2.26.7.tgz (Root Library)
- micromatch-3.1.10.tgz
  - snapdragon-0.8.2.tgz
    - base-0.11.2.tgz
      - class-utils-0.3.6.tgz
        
        static-extend-0.1.2.tgz
        
        object-copy-0.1.0.tgz
        
        ❌ kind-of-3.2.2.tgz (Vulnerable Library)

kind-of-4.0.0.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-4.0.0.tgz

Path to dependency file: /tmp/ws-scm/atanas.info/package.json

Path to vulnerable library: /tmp/ws-scm/atanas.info/node_modules/has-values/node_modules/kind-of/package.json

Dependency Hierarchy:

browser-sync-2.26.7.tgz (Root Library)
- micromatch-3.1.10.tgz
  - snapdragon-0.8.2.tgz
    - base-0.11.2.tgz
      - cache-base-1.0.1.tgz
        
        has-value-1.0.0.tgz
        
        has-values-1.0.0.tgz
        
        ❌ kind-of-4.0.0.tgz (Vulnerable Library)

kind-of-6.0.2.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz

Path to dependency file: /tmp/ws-scm/atanas.info/package.json

Path to vulnerable library: /tmp/ws-scm/atanas.info/node_modules/kind-of/package.json

Dependency Hierarchy:

browser-sync-2.26.7.tgz (Root Library)
- micromatch-3.1.10.tgz
  - ❌ kind-of-6.0.2.tgz (Vulnerable Library)

kind-of-5.1.0.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz

Path to dependency file: /tmp/ws-scm/atanas.info/package.json

Path to vulnerable library: /tmp/ws-scm/atanas.info/node_modules/is-descriptor/node_modules/kind-of/package.json

Dependency Hierarchy:

browser-sync-2.26.7.tgz (Root Library)
- micromatch-3.1.10.tgz
  - snapdragon-0.8.2.tgz
    - define-property-0.2.5.tgz
      - is-descriptor-0.1.6.tgz
        
        ❌ kind-of-5.1.0.tgz (Vulnerable Library)

Found in HEAD commit: 0f0f4e3dbd7592b25c0ab46b044d83e7770893a3

Vulnerability Details

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.

Publish Date: 2019-12-30

URL: CVE-2019-20149

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

WS-2017-0120 (High) detected in angular-1.4.2.min.js

WS-2017-0120 - High Severity Vulnerability

Vulnerable Library - angular-1.4.2.min.js

Library home page: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.4.2/angular.min.js

Path to dependency file: /tmp/ws-scm/atanas.info/node_modules/autocomplete.js/test/playground_angular.html

Path to vulnerable library: /atanas.info/node_modules/autocomplete.js/test/playground_angular.html

Dependency Hierarchy:

❌ angular-1.4.2.min.js (Vulnerable Library)

Found in HEAD commit: 88a9403d72b353289413e867c44000a247fa0324

Vulnerability Details

No proper sanitize of xlink:href attribute interoplation, thus vulnerable to Cross-site Scripting (XSS).

Publish Date: 2017-01-20

URL: WS-2017-0120

CVSS 2 Score Details (7.8)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: angular/angular.js@f33ce17

Release Date: 2015-09-18

Fix Resolution: Replace or update the following files: compileSpec.js, compile.js

Step up your Open Source Security Game with WhiteSource here

WS-2018-0021 (Medium) detected in bootstrap-3.3.5.min.js

WS-2018-0021 - Medium Severity Vulnerability

Vulnerable Library - bootstrap-3.3.5.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js

Path to dependency file: /tmp/ws-scm/atanas.info/node_modules/autocomplete.js/test/playground_jquery.html

Path to vulnerable library: /atanas.info/node_modules/autocomplete.js/test/playground_jquery.html

Dependency Hierarchy:

❌ bootstrap-3.3.5.min.js (Vulnerable Library)

Found in HEAD commit: 88a9403d72b353289413e867c44000a247fa0324

Vulnerability Details

XSS in data-target in bootstrap (3.3.7 and before)

Publish Date: 2017-06-27

URL: WS-2018-0021

CVSS 2 Score Details (6.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: twbs/bootstrap#20184

Release Date: 2019-06-12

Fix Resolution: 3.4.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-14042 (Medium) detected in bootstrap-3.3.5.min.js

CVE-2018-14042 - Medium Severity Vulnerability

Vulnerable Library - bootstrap-3.3.5.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js

Path to dependency file: /tmp/ws-scm/atanas.info/node_modules/autocomplete.js/test/playground_jquery.html

Path to vulnerable library: /atanas.info/node_modules/autocomplete.js/test/playground_jquery.html

Dependency Hierarchy:

❌ bootstrap-3.3.5.min.js (Vulnerable Library)

Found in HEAD commit: 88a9403d72b353289413e867c44000a247fa0324

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

Publish Date: 2018-07-13

URL: CVE-2018-14042

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: twbs/bootstrap#26630

Release Date: 2018-07-13

Fix Resolution: org.webjars.npm:bootstrap:4.1.2.org.webjars:bootstrap:4.1.2

Step up your Open Source Security Game with WhiteSource here

CVE-2019-11358 (Medium) detected in jquery-2.1.4.min.js

CVE-2019-11358 - Medium Severity Vulnerability

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/atanas.info/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /atanas.info/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: 996b1acf552f6f92f7b606a09b9f32176018446e

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-20

URL: CVE-2019-11358

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: jquery/jquery@753d591

Release Date: 2019-03-25

Fix Resolution: Replace or update the following files: core.js, core.js

Step up your Open Source Security Game with WhiteSource here

CVE-2019-10744 (High) detected in multiple libraries

CVE-2019-10744 - High Severity Vulnerability

Vulnerable Libraries - lodash-4.17.10.tgz, lodash-3.10.1.tgz, lodash-2.4.2.tgz, lodash-4.17.11.tgz

lodash-4.17.10.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz

Path to dependency file: /atanas.info/package.json

Path to vulnerable library: /tmp/git/atanas.info/node_modules/asset-resolver/node_modules/lodash/package.json

Dependency Hierarchy:

critical-1.3.4.tgz (Root Library)
- postcss-image-inliner-2.0.0.tgz
  - asset-resolver-1.0.3.tgz
    - ❌ lodash-4.17.10.tgz (Vulnerable Library)

lodash-3.10.1.tgz

The modern build of lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz

Path to dependency file: /atanas.info/package.json

Path to vulnerable library: /tmp/git/atanas.info/node_modules/oust/node_modules/lodash/package.json

Dependency Hierarchy:

critical-1.3.4.tgz (Root Library)
- oust-0.4.0.tgz
  - cheerio-0.19.0.tgz
    - ❌ lodash-3.10.1.tgz (Vulnerable Library)

lodash-2.4.2.tgz

A utility library delivering consistency, customization, performance, & extras.

Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz

Path to dependency file: /atanas.info/package.json

Path to vulnerable library: /tmp/git/atanas.info/node_modules/cave/node_modules/lodash/package.json

Dependency Hierarchy:

critical-1.3.4.tgz (Root Library)
- inline-critical-4.0.7.tgz
  - cave-2.0.0.tgz
    - ❌ lodash-2.4.2.tgz (Vulnerable Library)

lodash-4.17.11.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz

Path to dependency file: /atanas.info/package.json

Path to vulnerable library: /tmp/git/atanas.info/node_modules/lodash/package.json

Dependency Hierarchy:

@babel/core-7.5.0.tgz (Root Library)
- ❌ lodash-4.17.11.tgz (Vulnerable Library)

Found in HEAD commit: cb01a417846f21513486d93e8b4a18af9ade25ef

Vulnerability Details

A Prototype Pollution vulnerability was found in lodash through version 4.17.11.

Publish Date: 2019-07-08

URL: CVE-2019-10744

CVSS 2 Score Details (7.4)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: lodash/lodash@a01e4fa

Release Date: 2019-07-08

Fix Resolution: 4.17.12

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19839 (Medium) detected in CSS::Sass-v3.3.0

CVE-2018-19839 - Medium Severity Vulnerability

Vulnerable Library - CSS::Sassv3.3.0

Library home page: https://metacpan.org/pod/CSS::Sass

Found in HEAD commit: cb01a417846f21513486d93e8b4a18af9ade25ef

Library Source Files (57)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/atanas.info/node_modules/node-sass/src/libsass/src/color_maps.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_util.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/atanas.info/node_modules/node-sass/src/libsass/src/output.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/b64/cencode.h
/atanas.info/node_modules/node-sass/src/libsass/src/sass_values.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/source_map.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8.h
/atanas.info/node_modules/node-sass/src/libsass/test/test_node.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/plugins.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/json.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/node.hpp
/atanas.info/node_modules/node-sass/src/libsass/include/sass/base.h
/atanas.info/node_modules/node-sass/src/libsass/src/position.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/subset_map.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/environment.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/extend.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_context.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8/core.h
/atanas.info/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/atanas.info/node_modules/node-sass/src/libsass/include/sass/functions.h
/atanas.info/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/subset_map.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/cencode.c
/atanas.info/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/listize.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/c99func.c
/atanas.info/node_modules/node-sass/src/libsass/src/position.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/atanas.info/node_modules/node-sass/src/libsass/include/sass/values.h
/atanas.info/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/paths.hpp
/atanas.info/node_modules/node-sass/src/libsass/include/sass/context.h
/atanas.info/node_modules/node-sass/src/libsass/src/color_maps.hpp
/atanas.info/node_modules/node-sass/src/libsass/test/test_unification.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_util.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/source_map.hpp
/atanas.info/node_modules/node-sass/src/libsass/script/test-leaks.pl
/atanas.info/node_modules/node-sass/src/libsass/src/lexer.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/json.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/units.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/units.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/b64/encode.h
/atanas.info/node_modules/node-sass/src/libsass/src/file.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/environment.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/utf8/checked.h
/atanas.info/node_modules/node-sass/src/libsass/src/plugins.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/debug.hpp
/atanas.info/node_modules/node-sass/src/libsass/include/sass2scss.h

Vulnerability Details

In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.

Publish Date: 2018-12-04

URL: CVE-2018-19839

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19839

Fix Resolution: 3.5.5

Step up your Open Source Security Game with WhiteSource here

Fix mobile portfolio

Portfolio items' title should be on a separate line.

CVE-2018-20190 (Medium) detected in opennms-opennms-source-23.0.0-1

CVE-2018-20190 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: cb01a417846f21513486d93e8b4a18af9ade25ef

Library Source Files (68)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/atanas.info/node_modules/node-sass/src/libsass/src/expand.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/expand.cpp
/atanas.info/node_modules/node-sass/src/sass_types/factory.cpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.hpp
/atanas.info/node_modules/node-sass/src/sass_types/value.h
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/lexer.cpp
/atanas.info/node_modules/node-sass/src/callback_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/file.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/operation.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/operators.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/parser.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/constants.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/util.cpp
/atanas.info/node_modules/node-sass/src/custom_function_bridge.cpp
/atanas.info/node_modules/node-sass/src/custom_importer_bridge.h
/atanas.info/node_modules/node-sass/src/libsass/src/bind.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/eval.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/backtrace.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/extend.cpp
/atanas.info/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/error_handling.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.h
/atanas.info/node_modules/node-sass/src/libsass/src/node.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/debugger.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/emitter.cpp
/atanas.info/node_modules/node-sass/src/sass_types/number.cpp
/atanas.info/node_modules/node-sass/src/sass_types/color.h
/atanas.info/node_modules/node-sass/src/libsass/src/ast.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_values.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/output.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/atanas.info/node_modules/node-sass/src/sass_types/null.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/cssize.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/functions.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_c.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/atanas.info/node_modules/node-sass/src/sass_types/color.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/inspect.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/values.cpp
/atanas.info/node_modules/node-sass/src/sass_context_wrapper.cpp
/atanas.info/node_modules/node-sass/src/sass_types/list.h
/atanas.info/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_c.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/to_value.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/map.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/listize.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/sass_context.cpp
/atanas.info/node_modules/node-sass/src/sass_types/string.cpp
/atanas.info/node_modules/node-sass/src/libsass/src/context.hpp
/atanas.info/node_modules/node-sass/src/libsass/src/prelexer.hpp
/atanas.info/node_modules/node-sass/src/sass_types/boolean.h
/atanas.info/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-17

URL: CVE-2018-20190

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

WS-2019-0063 (High) detected in js-yaml-3.13.1.tgz

WS-2019-0063 - High Severity Vulnerability

Vulnerable Library - js-yaml-3.13.1.tgz

YAML 1.2 parser and serializer

Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.13.1.tgz

Path to dependency file: /atanas.info/package.json

Path to vulnerable library: /tmp/git/atanas.info/node_modules/js-yaml/package.json

Dependency Hierarchy:

cssnano-4.1.10.tgz (Root Library)
- cosmiconfig-5.2.1.tgz
  - ❌ js-yaml-3.13.1.tgz (Vulnerable Library)

Found in HEAD commit: 04614a5307a7b102922ef719bb9d44a3e022f115

Vulnerability Details

Js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file.

Publish Date: 2019-04-30

URL: WS-2019-0063

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/813

Release Date: 2019-04-30

Fix Resolution: 3.13.1

Step up your Open Source Security Game with WhiteSource here

CVE-2018-16487 (High) detected in multiple libraries

CVE-2018-16487 - High Severity Vulnerability

Vulnerable Libraries - lodash-4.17.10.tgz, lodash-3.10.1.tgz, lodash-2.4.2.tgz

lodash-4.17.10.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz

Path to dependency file: /atanas.info/package.json

Path to vulnerable library: /tmp/git/atanas.info/node_modules/asset-resolver/node_modules/lodash/package.json

Dependency Hierarchy:

critical-1.3.4.tgz (Root Library)
- postcss-image-inliner-2.0.0.tgz
  - asset-resolver-1.0.3.tgz
    - ❌ lodash-4.17.10.tgz (Vulnerable Library)

lodash-3.10.1.tgz

The modern build of lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz

Path to dependency file: /atanas.info/package.json

Path to vulnerable library: /tmp/git/atanas.info/node_modules/oust/node_modules/lodash/package.json

Dependency Hierarchy:

critical-1.3.4.tgz (Root Library)
- oust-0.4.0.tgz
  - cheerio-0.19.0.tgz
    - ❌ lodash-3.10.1.tgz (Vulnerable Library)

lodash-2.4.2.tgz

A utility library delivering consistency, customization, performance, & extras.

Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz

Path to dependency file: /atanas.info/package.json

Path to vulnerable library: /tmp/git/atanas.info/node_modules/cave/node_modules/lodash/package.json

Dependency Hierarchy:

critical-1.3.4.tgz (Root Library)
- inline-critical-4.0.7.tgz
  - cave-2.0.0.tgz
    - ❌ lodash-2.4.2.tgz (Vulnerable Library)

Found in HEAD commit: cb01a417846f21513486d93e8b4a18af9ade25ef

Vulnerability Details

A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.

Publish Date: 2019-02-01

URL: CVE-2018-16487

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16487

Release Date: 2019-02-01

Fix Resolution: 4.17.11

Step up your Open Source Security Game with WhiteSource here

CVE-2013-0340 (Medium) detected in src-73.0.3635.0

CVE-2013-0340 - Medium Severity Vulnerability

Vulnerable Library - src73.0.3635.0

Library home page: https://chromium.googlesource.com/chromium/src

Found in HEAD commit: e2735fbe148822f0307f80a8cefc5e1869f97672

Library Source Files (50)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/xpathInternals.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/catalog.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/SAX.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/encoding.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/xmlwriter.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/pattern.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/schematron.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/c14n.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/xinclude.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/dict.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/xmlmemory.h
/atanas.info/node_modules/sharp/vendor/include/webp/encode.h
/atanas.info/node_modules/sharp/vendor/include/webp/mux.h
/atanas.info/node_modules/sharp/vendor/include/expat.h
/atanas.info/node_modules/sharp/vendor/include/webp/demux.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/parserInternals.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/xmlschemas.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/xmlregexp.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/parser.h
/atanas.info/node_modules/sharp/vendor/include/webp/mux_types.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/schemasInternals.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/relaxng.h
/atanas.info/node_modules/sharp/vendor/include/webp/types.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/xmlmodule.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/nanohttp.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/xmlsave.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/xmlunicode.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/xmlschemastypes.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/DOCBparser.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/hash.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/xmlstring.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/SAX2.h
/atanas.info/node_modules/sharp/vendor/include/libpng16/pngconf.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/uri.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/xmlIO.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/valid.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/debugXML.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/xpointer.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/chvalid.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/threads.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/HTMLparser.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/xmlreader.h
/atanas.info/node_modules/sharp/vendor/include/libpng16/png.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/HTMLtree.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/xmlautomata.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/nanoftp.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/xlink.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/xmlerror.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/xpath.h
/atanas.info/node_modules/sharp/vendor/include/libxml2/libxml/list.h

Vulnerability Details

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.

Publish Date: 2014-01-21

URL: CVE-2013-0340

CVSS 2 Score Details (6.8)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://security.gentoo.org/glsa/201701-21

Release Date: 2017-01-11

Fix Resolution: All Expat users should upgrade to the latest version >= expat-2.2.0-r1

Step up your Open Source Security Game with WhiteSource here

WS-2020-0042 (Medium) detected in acorn-6.4.0.tgz, acorn-2.7.0.tgz

WS-2020-0042 - Medium Severity Vulnerability

Vulnerable Libraries - acorn-6.4.0.tgz, acorn-2.7.0.tgz

acorn-6.4.0.tgz

ECMAScript parser

Library home page: https://registry.npmjs.org/acorn/-/acorn-6.4.0.tgz

Path to dependency file: /tmp/ws-scm/atanas.info/package.json

Path to vulnerable library: /tmp/ws-scm/atanas.info/node_modules/webpack/node_modules/acorn/package.json

Dependency Hierarchy:

webpack-4.42.0.tgz (Root Library)
- ❌ acorn-6.4.0.tgz (Vulnerable Library)

acorn-2.7.0.tgz

ECMAScript parser

Library home page: https://registry.npmjs.org/acorn/-/acorn-2.7.0.tgz

Path to dependency file: /tmp/ws-scm/atanas.info/package.json

Path to vulnerable library: /tmp/ws-scm/atanas.info/node_modules/acorn/package.json

Dependency Hierarchy:

spritesh-1.2.1.tgz (Root Library)
- cheerio-0.20.0.tgz
  - jsdom-7.2.2.tgz
    - ❌ acorn-2.7.0.tgz (Vulnerable Library)

Found in HEAD commit: 0751c63f6c7a81b86bfb4d953ebf6d02deaa94ac

Vulnerability Details

acorn is vulnerable to REGEX DoS. A regex of the form /[x-\ud800]/u causes the parser to enter an infinite loop. attackers may leverage the vulnerability leading to a Denial of Service since the string is not valid UTF16 and it results in it being sanitized before reaching the parser.

Publish Date: 2020-03-08

URL: WS-2020-0042

CVSS 3 Score Details (5.0)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/1488

Release Date: 2020-03-08

Fix Resolution: 7.1.1

Step up your Open Source Security Game with WhiteSource here

WS-2019-0158 (Medium) detected in static-eval-0.2.4.tgz

WS-2019-0158 - Medium Severity Vulnerability

Vulnerable Library - static-eval-0.2.4.tgz

evaluate statically-analyzable expressions

Library home page: https://registry.npmjs.org/static-eval/-/static-eval-0.2.4.tgz

Path to dependency file: /atanas.info/package.json

Path to vulnerable library: /tmp/git/atanas.info/node_modules/static-eval/package.json

Dependency Hierarchy:

webpack-spritesmith-1.0.1.tgz (Root Library)
- spritesmith-3.3.1.tgz
  - pixelsmith-2.2.1.tgz
    - ndarray-fill-1.0.2.tgz
      - cwise-1.0.10.tgz
        
        static-module-1.5.0.tgz
        
        ❌ static-eval-0.2.4.tgz (Vulnerable Library)

Found in HEAD commit: 98d123e59396f49ad675dd331e2f77982b1d84a3

Vulnerability Details

static-eval before 2.0.2 pass untrusted user input directly to the global function constructor. leads to Arbitrary Code Execution

Publish Date: 2019-07-15

URL: WS-2019-0158

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/758

Release Date: 2019-07-15

Fix Resolution: 2.0.2

Step up your Open Source Security Game with WhiteSource here

scriptex / atanas.info Goto Github PK

atanas.info's Introduction

Hi, I'm Atanas 👋

atanas.info's People

Contributors

Stargazers

Watchers

Forkers

atanas.info's Issues

CVE-2020-8116 - Medium Severity Vulnerability

CVE-2018-11694 - High Severity Vulnerability

CVE-2019-6286 - Medium Severity Vulnerability

CVE-2018-19797 - Medium Severity Vulnerability

CVE-2018-19838 - Medium Severity Vulnerability

CVE-2018-20677 - Medium Severity Vulnerability

WS-2019-0367 - Medium Severity Vulnerability

CVE-2018-19827 - High Severity Vulnerability

CVE-2017-16226 - High Severity Vulnerability

CVE-2012-6708 - Medium Severity Vulnerability

CVE-2020-11022 - Medium Severity Vulnerability

CVE-2019-6284 - Medium Severity Vulnerability

CVE-2018-20834 - High Severity Vulnerability

CVE-2019-1010266 - Medium Severity Vulnerability

WS-2016-0090 - Medium Severity Vulnerability

CVE-2018-20822 - Medium Severity Vulnerability

CVE-2020-7598 - High Severity Vulnerability

CVE-2018-19826 - Medium Severity Vulnerability

CVE-2017-1000048 - High Severity Vulnerability

CVE-2018-3721 - Medium Severity Vulnerability

CVE-2018-11698 - High Severity Vulnerability

CVE-2018-11499 - High Severity Vulnerability

CVE-2019-8331 - Medium Severity Vulnerability

CVE-2015-9251 - Medium Severity Vulnerability

CVE-2020-7608 - Medium Severity Vulnerability

CVE-2018-20821 - Medium Severity Vulnerability

CVE-2018-11693 - High Severity Vulnerability

WS-2020-0044 - High Severity Vulnerability

CVE-2018-11697 - High Severity Vulnerability

CVE-2019-18797 - Medium Severity Vulnerability

CVE-2019-6283 - Medium Severity Vulnerability

CVE-2018-14040 - Medium Severity Vulnerability

CVE-2015-9521 - Medium Severity Vulnerability

CVE-2018-11695 - High Severity Vulnerability

CVE-2019-20149 - Medium Severity Vulnerability

WS-2017-0120 - High Severity Vulnerability

WS-2018-0021 - Medium Severity Vulnerability

CVE-2018-14042 - Medium Severity Vulnerability

CVE-2019-11358 - Medium Severity Vulnerability

CVE-2019-10744 - High Severity Vulnerability

CVE-2018-19839 - Medium Severity Vulnerability

CVE-2018-20190 - Medium Severity Vulnerability

WS-2019-0063 - High Severity Vulnerability

CVE-2018-16487 - High Severity Vulnerability

CVE-2013-0340 - Medium Severity Vulnerability

WS-2020-0042 - Medium Severity Vulnerability

WS-2019-0158 - Medium Severity Vulnerability

Recommend Projects

Recommend Topics

Recommend Org

Jobs