scriptex / rollup-mpa Goto Github PK

View Code? Open in Web Editor NEW

3.0 2.0 0.0 5.5 MB

A starter template for web applications using Rollup as a module bundler

Home Page: https://atanas.info/portfolio/open-source/rollup-mpa

License: MIT License

JavaScript 52.20% PHP 44.97% SCSS 2.53% TypeScript 0.29%

rollup-config webapp-boilerplate

rollup-mpa's Introduction

Rollup MPA

A starter template for web applications using Rollup as a module bundler.

About

This repository serves as a starter template for creating multiple page applications using Rollup as a module bundler.

A module bundler is a JavaScript (in this case) module which bundles your JS/CSS modules in one file, optimizes their size, minifies them and does many more things.

This starter template provides:

Latest EcmaScript/JavaScript support
Optional support for TypeScript instead of JavaScript
SASS pre-processor for stylesheets
PostCSS post-processor for stylesheets
PNG sprites
SVG sprites (TODO)
PWA capabilities (TODO)
minification of the generated (CSS and JS) bundles
tree shaking
stylesheet assets managements (copy assets referenced in the imported stylesheets - fonts, images, etc.)

LICENSE

MIT

Connect with me:

Support and sponsor my work:

rollup-mpa's People

Contributors

Stargazers

Watchers

rollup-mpa's Issues

CVE-2020-28168 (Medium) detected in axios-0.19.0.tgz

CVE-2020-28168 - Medium Severity Vulnerability

Vulnerable Library - axios-0.19.0.tgz

Promise based HTTP client for the browser and node.js

Library home page: https://registry.npmjs.org/axios/-/axios-0.19.0.tgz

Path to dependency file: rollup-mpa/package.json

Path to vulnerable library: rollup-mpa/node_modules/axios/package.json

Dependency Hierarchy:

rollup-plugin-browsersync-1.3.1.tgz (Root Library)
- browser-sync-2.26.13.tgz
  - localtunnel-2.0.0.tgz
    - ❌ axios-0.19.0.tgz (Vulnerable Library)

Found in HEAD commit: acdb064de9c3bcd2c9cd1152a14968f6e29bfb3c

Vulnerability Details

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

Publish Date: 2020-11-06

URL: CVE-2020-28168

CVSS 3 Score Details (5.9)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2020-11022 (Medium) detected in multiple libraries

CVE-2020-11022 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-3.4.0.min.js, jquery-2.1.4.min.js, jquery-1.9.1.js

jquery-3.4.0.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.0/jquery.min.js

Path to dependency file: /tmp/ws-scm/rollup-mpa/node_modules/js-base64/test/index.html

Path to vulnerable library: /rollup-mpa/node_modules/js-base64/test/index.html

Dependency Hierarchy:

❌ jquery-3.4.0.min.js (Vulnerable Library)

jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/rollup-mpa/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /rollup-mpa/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

jquery-1.9.1.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.js

Path to dependency file: /tmp/ws-scm/rollup-mpa/node_modules/tinycolor2/test/index.html

Path to vulnerable library: /rollup-mpa/node_modules/tinycolor2/test/../demo/jquery-1.9.1.js,/rollup-mpa/node_modules/tinycolor2/demo/jquery-1.9.1.js

Dependency Hierarchy:

❌ jquery-1.9.1.js (Vulnerable Library)

Found in HEAD commit: 9ea0d2f6acfa8eb52eba4758ecb60d54d02ebc1a

Vulnerability Details

In jQuery before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

CVSS 3 Score Details (5.0)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19839 (Medium) detected in CSS::Sass-v3.6.0

CVE-2018-19839 - Medium Severity Vulnerability

Vulnerable Library - CSS::Sassv3.6.0

Library home page: https://metacpan.org/pod/CSS::Sass

Found in HEAD commit: 21f4d8bd6e162974567acc06a90cd5e2714f18e4

Library Source Files (63)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/rollup-template/node_modules/node-sass/src/libsass/src/color_maps.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass_util.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/rollup-template/node_modules/node-sass/src/libsass/src/output.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/b64/cencode.h
/rollup-template/node_modules/node-sass/src/libsass/src/source_map.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass_values.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/lexer.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/utf8.h
/rollup-template/node_modules/node-sass/src/libsass/test/test_node.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/plugins.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/node.hpp
/rollup-template/node_modules/node-sass/src/libsass/include/sass/base.h
/rollup-template/node_modules/node-sass/src/libsass/src/json.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/environment.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/position.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/extend.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/subset_map.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass_context.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/rollup-template/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/utf8/core.h
/rollup-template/node_modules/node-sass/src/libsass/include/sass/functions.h
/rollup-template/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/node.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/cencode.c
/rollup-template/node_modules/node-sass/src/libsass/src/subset_map.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/listize.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/c99func.c
/rollup-template/node_modules/node-sass/src/libsass/src/position.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/rollup-template/node_modules/node-sass/src/libsass/include/sass/values.h
/rollup-template/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/rollup-template/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/paths.hpp
/rollup-template/node_modules/node-sass/src/libsass/include/sass/context.h
/rollup-template/node_modules/node-sass/src/libsass/src/color_maps.hpp
/rollup-template/node_modules/node-sass/src/libsass/test/test_unification.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass_util.cpp
/rollup-template/node_modules/node-sass/src/libsass/script/test-leaks.pl
/rollup-template/node_modules/node-sass/src/libsass/src/source_map.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/lexer.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/json.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/units.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_c.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/units.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/b64/encode.h
/rollup-template/node_modules/node-sass/src/libsass/src/file.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/environment.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/utf8/checked.h
/rollup-template/node_modules/node-sass/src/libsass/src/plugins.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/listize.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/debug.hpp
/rollup-template/node_modules/node-sass/src/libsass/include/sass2scss.h

Vulnerability Details

In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.

Publish Date: 2018-12-04

URL: CVE-2018-19839

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19839

Fix Resolution: 3.5.5

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6283 (Medium) detected in opennms-opennms-source-23.0.0-1

CVE-2019-6283 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 21f4d8bd6e162974567acc06a90cd5e2714f18e4

Library Source Files (62)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/rollup-template/node_modules/node-sass/src/libsass/src/expand.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/expand.cpp
/rollup-template/node_modules/node-sass/src/sass_types/factory.cpp
/rollup-template/node_modules/node-sass/src/sass_types/boolean.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/util.hpp
/rollup-template/node_modules/node-sass/src/sass_types/value.h
/rollup-template/node_modules/node-sass/src/libsass/src/emitter.hpp
/rollup-template/node_modules/node-sass/src/callback_bridge.h
/rollup-template/node_modules/node-sass/src/libsass/src/file.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/operation.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/operators.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/constants.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/error_handling.hpp
/rollup-template/node_modules/node-sass/src/custom_importer_bridge.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/parser.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/constants.cpp
/rollup-template/node_modules/node-sass/src/sass_types/list.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/cssize.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/functions.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/util.cpp
/rollup-template/node_modules/node-sass/src/custom_function_bridge.cpp
/rollup-template/node_modules/node-sass/src/custom_importer_bridge.h
/rollup-template/node_modules/node-sass/src/libsass/src/bind.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/eval.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/backtrace.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/extend.cpp
/rollup-template/node_modules/node-sass/src/sass_context_wrapper.h
/rollup-template/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/rollup-template/node_modules/node-sass/src/libsass/src/error_handling.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/debugger.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/emitter.cpp
/rollup-template/node_modules/node-sass/src/sass_types/number.cpp
/rollup-template/node_modules/node-sass/src/sass_types/color.h
/rollup-template/node_modules/node-sass/src/libsass/src/sass_values.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/output.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/rollup-template/node_modules/node-sass/src/sass_types/null.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/functions.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/cssize.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/prelexer.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_c.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_value.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/inspect.hpp
/rollup-template/node_modules/node-sass/src/sass_types/color.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/values.cpp
/rollup-template/node_modules/node-sass/src/sass_context_wrapper.cpp
/rollup-template/node_modules/node-sass/src/sass_types/list.h
/rollup-template/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/rollup-template/node_modules/node-sass/src/sass_types/map.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_value.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/context.cpp
/rollup-template/node_modules/node-sass/src/sass_types/string.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass_context.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/prelexer.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/context.hpp
/rollup-template/node_modules/node-sass/src/sass_types/boolean.h
/rollup-template/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6283

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6284

Release Date: 2019-08-06

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7608 (Medium) detected in multiple libraries

CVE-2020-7608 - Medium Severity Vulnerability

Vulnerable Libraries - yargs-parser-16.1.0.tgz, yargs-parser-10.1.0.tgz, yargs-parser-4.2.1.tgz, yargs-parser-5.0.0.tgz

yargs-parser-16.1.0.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-16.1.0.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/stylelint/node_modules/yargs-parser/package.json

Dependency Hierarchy:

stylelint-13.2.1.tgz (Root Library)
- meow-6.0.1.tgz
  - ❌ yargs-parser-16.1.0.tgz (Vulnerable Library)

yargs-parser-10.1.0.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-10.1.0.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/asset-resolver/node_modules/yargs-parser/package.json

Dependency Hierarchy:

critical-1.3.9.tgz (Root Library)
- meow-5.0.0.tgz
  - ❌ yargs-parser-10.1.0.tgz (Vulnerable Library)

yargs-parser-4.2.1.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-4.2.1.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/localtunnel/node_modules/yargs-parser/package.json

Dependency Hierarchy:

rollup-plugin-browsersync-1.1.0.tgz (Root Library)
- browser-sync-2.26.7.tgz
  - yargs-6.4.0.tgz
    - ❌ yargs-parser-4.2.1.tgz (Vulnerable Library)

yargs-parser-5.0.0.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-5.0.0.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/sass-graph/node_modules/yargs-parser/package.json

Dependency Hierarchy:

node-sass-4.13.1.tgz (Root Library)
- sass-graph-2.2.4.tgz
  - yargs-7.1.0.tgz
    - ❌ yargs-parser-5.0.0.tgz (Vulnerable Library)

Found in HEAD commit: d66c1373c8740c8ed5bdaaef68d32abdf60d9dcb

Vulnerability Details

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.

Publish Date: 2020-03-16

URL: CVE-2020-7608

CVSS 3 Score Details (5.0)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608

Release Date: 2020-03-16

Fix Resolution: v18.1.1;13.1.2;15.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19838 (Medium) detected in opennms-opennms-source-23.0.0-1

CVE-2018-19838 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 21f4d8bd6e162974567acc06a90cd5e2714f18e4

Library Source Files (62)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/rollup-template/node_modules/node-sass/src/libsass/src/expand.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/expand.cpp
/rollup-template/node_modules/node-sass/src/sass_types/factory.cpp
/rollup-template/node_modules/node-sass/src/sass_types/boolean.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/util.hpp
/rollup-template/node_modules/node-sass/src/sass_types/value.h
/rollup-template/node_modules/node-sass/src/libsass/src/emitter.hpp
/rollup-template/node_modules/node-sass/src/callback_bridge.h
/rollup-template/node_modules/node-sass/src/libsass/src/file.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/operation.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/operators.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/constants.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/error_handling.hpp
/rollup-template/node_modules/node-sass/src/custom_importer_bridge.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/parser.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/constants.cpp
/rollup-template/node_modules/node-sass/src/sass_types/list.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/cssize.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/functions.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/util.cpp
/rollup-template/node_modules/node-sass/src/custom_function_bridge.cpp
/rollup-template/node_modules/node-sass/src/custom_importer_bridge.h
/rollup-template/node_modules/node-sass/src/libsass/src/bind.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/eval.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/backtrace.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/extend.cpp
/rollup-template/node_modules/node-sass/src/sass_context_wrapper.h
/rollup-template/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/rollup-template/node_modules/node-sass/src/libsass/src/error_handling.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/debugger.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/emitter.cpp
/rollup-template/node_modules/node-sass/src/sass_types/number.cpp
/rollup-template/node_modules/node-sass/src/sass_types/color.h
/rollup-template/node_modules/node-sass/src/libsass/src/sass_values.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/output.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/rollup-template/node_modules/node-sass/src/sass_types/null.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/functions.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/cssize.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/prelexer.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_c.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_value.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/inspect.hpp
/rollup-template/node_modules/node-sass/src/sass_types/color.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/values.cpp
/rollup-template/node_modules/node-sass/src/sass_context_wrapper.cpp
/rollup-template/node_modules/node-sass/src/sass_types/list.h
/rollup-template/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/rollup-template/node_modules/node-sass/src/sass_types/map.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_value.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/context.cpp
/rollup-template/node_modules/node-sass/src/sass_types/string.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass_context.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/prelexer.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/context.hpp
/rollup-template/node_modules/node-sass/src/sass_types/boolean.h
/rollup-template/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().

Publish Date: 2018-12-04

URL: CVE-2018-19838

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/sass/libsass/blob/3.6.0/src/ast.cpp

Release Date: 2019-07-01

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2020-11023 (Medium) detected in jquery-2.1.4.min.js, jquery-1.9.1.js

CVE-2020-11023 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-2.1.4.min.js, jquery-1.9.1.js

jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/rollup-mpa/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /rollup-mpa/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

jquery-1.9.1.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.js

Path to dependency file: /tmp/ws-scm/rollup-mpa/node_modules/tinycolor2/index.html

Path to vulnerable library: /rollup-mpa/node_modules/tinycolor2/demo/jquery-1.9.1.js,/rollup-mpa/node_modules/tinycolor2/test/../demo/jquery-1.9.1.js

Dependency Hierarchy:

❌ jquery-1.9.1.js (Vulnerable Library)

Found in HEAD commit: 1a7521989b3ada35de3a187c8efbbe5d6e48a0d5

Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11023

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023

Release Date: 2020-04-29

Fix Resolution: jquery - 3.5.0

Step up your Open Source Security Game with WhiteSource here

CVE-2019-18797 (Medium) detected in node-sass-v4.11.0

CVE-2019-18797 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: dc29af367d12cb85fac9d13c58bc723a34db804e

Library Source Files (66)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/rollup-mpa/node_modules/node-sass/src/libsass/src/expand.hpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/expand.cpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/operators.cpp
/rollup-mpa/node_modules/node-sass/src/sass_types/factory.cpp
/rollup-mpa/node_modules/node-sass/src/sass_types/boolean.cpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/util.hpp
/rollup-mpa/node_modules/node-sass/src/sass_types/value.h
/rollup-mpa/node_modules/node-sass/src/libsass/src/emitter.hpp
/rollup-mpa/node_modules/node-sass/src/callback_bridge.h
/rollup-mpa/node_modules/node-sass/src/libsass/src/file.cpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/sass.cpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/operation.hpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/operators.hpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/constants.hpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/error_handling.hpp
/rollup-mpa/node_modules/node-sass/src/custom_importer_bridge.cpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/parser.hpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/constants.cpp
/rollup-mpa/node_modules/node-sass/src/sass_types/list.cpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/cssize.cpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/functions.hpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/util.cpp
/rollup-mpa/node_modules/node-sass/src/custom_function_bridge.cpp
/rollup-mpa/node_modules/node-sass/src/custom_importer_bridge.h
/rollup-mpa/node_modules/node-sass/src/libsass/src/bind.cpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/eval.hpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/inspect.cpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/backtrace.cpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/extend.cpp
/rollup-mpa/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/rollup-mpa/node_modules/node-sass/src/libsass/src/error_handling.cpp
/rollup-mpa/node_modules/node-sass/src/sass_context_wrapper.h
/rollup-mpa/node_modules/node-sass/src/libsass/src/parser.cpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/debugger.hpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/emitter.cpp
/rollup-mpa/node_modules/node-sass/src/sass_types/number.cpp
/rollup-mpa/node_modules/node-sass/src/sass_types/color.h
/rollup-mpa/node_modules/node-sass/src/libsass/src/ast.hpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/sass_values.cpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/output.cpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/rollup-mpa/node_modules/node-sass/src/sass_types/null.cpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/cssize.hpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/functions.cpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/prelexer.cpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/ast.cpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/to_c.cpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/to_value.hpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/rollup-mpa/node_modules/node-sass/src/sass_types/color.cpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/inspect.hpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/values.cpp
/rollup-mpa/node_modules/node-sass/src/sass_context_wrapper.cpp
/rollup-mpa/node_modules/node-sass/src/sass_types/list.h
/rollup-mpa/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/to_value.cpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/context.cpp
/rollup-mpa/node_modules/node-sass/src/sass_types/map.cpp
/rollup-mpa/node_modules/node-sass/src/binding.cpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/sass_context.cpp
/rollup-mpa/node_modules/node-sass/src/sass_types/string.cpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/context.hpp
/rollup-mpa/node_modules/node-sass/src/libsass/src/prelexer.hpp
/rollup-mpa/node_modules/node-sass/src/sass_types/boolean.h
/rollup-mpa/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.

Publish Date: 2019-11-06

URL: CVE-2019-18797

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18797

Release Date: 2019-11-06

Fix Resolution: 3.6.3

Step up your Open Source Security Game with WhiteSource here

CVE-2020-28275 (High) detected in cache-base-1.0.1.tgz

CVE-2020-28275 - High Severity Vulnerability

Vulnerable Library - cache-base-1.0.1.tgz

Basic object cache with `get`, `set`, `del`, and `has` methods for node.js/javascript projects.

Library home page: https://registry.npmjs.org/cache-base/-/cache-base-1.0.1.tgz

Path to dependency file: rollup-mpa/package.json

Path to vulnerable library: rollup-mpa/node_modules/cache-base/package.json

Dependency Hierarchy:

rollup-plugin-sass-1.2.2.tgz (Root Library)
- sass-1.7.2.tgz
  - chokidar-2.1.8.tgz
    - braces-2.3.2.tgz
      - snapdragon-0.8.2.tgz
        
        base-0.11.2.tgz
        
        ❌ cache-base-1.0.1.tgz (Vulnerable Library)

Found in HEAD commit: d5581a6824f15c5c10bab3c959444ee366e2b10a

Vulnerability Details

Prototype pollution vulnerability in 'cache-base' versions 0.7.0 through 4.0.0 allows attacker to cause a denial of service and may lead to remote code execution.

Publish Date: 2020-11-07

URL: CVE-2020-28275

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20822 (Medium) detected in opennms-opennms-source-23.0.0-1

CVE-2018-20822 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 21f4d8bd6e162974567acc06a90cd5e2714f18e4

Library Source Files (62)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/rollup-template/node_modules/node-sass/src/libsass/src/expand.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/expand.cpp
/rollup-template/node_modules/node-sass/src/sass_types/factory.cpp
/rollup-template/node_modules/node-sass/src/sass_types/boolean.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/util.hpp
/rollup-template/node_modules/node-sass/src/sass_types/value.h
/rollup-template/node_modules/node-sass/src/libsass/src/emitter.hpp
/rollup-template/node_modules/node-sass/src/callback_bridge.h
/rollup-template/node_modules/node-sass/src/libsass/src/file.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/operation.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/operators.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/constants.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/error_handling.hpp
/rollup-template/node_modules/node-sass/src/custom_importer_bridge.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/parser.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/constants.cpp
/rollup-template/node_modules/node-sass/src/sass_types/list.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/cssize.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/functions.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/util.cpp
/rollup-template/node_modules/node-sass/src/custom_function_bridge.cpp
/rollup-template/node_modules/node-sass/src/custom_importer_bridge.h
/rollup-template/node_modules/node-sass/src/libsass/src/bind.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/eval.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/backtrace.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/extend.cpp
/rollup-template/node_modules/node-sass/src/sass_context_wrapper.h
/rollup-template/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/rollup-template/node_modules/node-sass/src/libsass/src/error_handling.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/debugger.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/emitter.cpp
/rollup-template/node_modules/node-sass/src/sass_types/number.cpp
/rollup-template/node_modules/node-sass/src/sass_types/color.h
/rollup-template/node_modules/node-sass/src/libsass/src/sass_values.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/output.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/rollup-template/node_modules/node-sass/src/sass_types/null.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/functions.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/cssize.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/prelexer.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_c.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_value.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/inspect.hpp
/rollup-template/node_modules/node-sass/src/sass_types/color.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/values.cpp
/rollup-template/node_modules/node-sass/src/sass_context_wrapper.cpp
/rollup-template/node_modules/node-sass/src/sass_types/list.h
/rollup-template/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/rollup-template/node_modules/node-sass/src/sass_types/map.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_value.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/context.cpp
/rollup-template/node_modules/node-sass/src/sass_types/string.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass_context.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/prelexer.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/context.hpp
/rollup-template/node_modules/node-sass/src/sass_types/boolean.h
/rollup-template/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20822

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20822

Release Date: 2019-08-06

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2019-16769 (Medium) detected in serialize-javascript-1.9.1.tgz

CVE-2019-16769 - Medium Severity Vulnerability

Vulnerable Library - serialize-javascript-1.9.1.tgz

Serialize JavaScript to a superset of JSON that includes regular expressions and functions.

Library home page: https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-1.9.1.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/serialize-javascript/package.json

Dependency Hierarchy:

rollup-plugin-uglify-6.0.3.tgz (Root Library)
- ❌ serialize-javascript-1.9.1.tgz (Vulnerable Library)

Found in HEAD commit: 5b4bb19a40130dc4e9c7071f03eb45fb1f7ef3c0

Vulnerability Details

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.

Publish Date: 2019-12-05

URL: CVE-2019-16769

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16769

Release Date: 2019-12-05

Fix Resolution: v2.1.1

Step up your Open Source Security Game with WhiteSource here

CVE-2018-1109 (High) detected in braces-1.8.5.tgz

CVE-2018-1109 - High Severity Vulnerability

Vulnerable Library - braces-1.8.5.tgz

Fastest brace expansion for node.js, with the most complete support for the Bash 4.3 braces specification.

Library home page: https://registry.npmjs.org/braces/-/braces-1.8.5.tgz

Path to dependency file: rollup-mpa/package.json

Path to vulnerable library: rollup-mpa/node_modules/rollup-watch/node_modules/braces/package.json

Dependency Hierarchy:

rollup-watch-4.3.1.tgz (Root Library)
- chokidar-1.7.0.tgz
  - anymatch-1.3.2.tgz
    - micromatch-2.3.11.tgz
      - ❌ braces-1.8.5.tgz (Vulnerable Library)

Found in HEAD commit: 647a1cbcd994a4f2ce0c00711287a68ad6286f39

Found in base branch: master

Vulnerability Details

Braces before 1.4.2 and 2.17.2 is vulnerable to ReDoS. It used a regular expression (^{(,+(?:({,+})),|,(?:({,+})),+)}) in order to detects empty braces. This can cause an impact of about 10 seconds matching time for data 50K characters long.

Publish Date: 2020-07-21

URL: CVE-2018-1109

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1547272

Release Date: 2020-07-21

Fix Resolution: 2.3.1

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6284 (Medium) detected in opennms-opennms-source-23.0.0-1

CVE-2019-6284 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 21f4d8bd6e162974567acc06a90cd5e2714f18e4

Library Source Files (62)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/rollup-template/node_modules/node-sass/src/libsass/src/expand.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/expand.cpp
/rollup-template/node_modules/node-sass/src/sass_types/factory.cpp
/rollup-template/node_modules/node-sass/src/sass_types/boolean.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/util.hpp
/rollup-template/node_modules/node-sass/src/sass_types/value.h
/rollup-template/node_modules/node-sass/src/libsass/src/emitter.hpp
/rollup-template/node_modules/node-sass/src/callback_bridge.h
/rollup-template/node_modules/node-sass/src/libsass/src/file.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/operation.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/operators.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/constants.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/error_handling.hpp
/rollup-template/node_modules/node-sass/src/custom_importer_bridge.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/parser.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/constants.cpp
/rollup-template/node_modules/node-sass/src/sass_types/list.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/cssize.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/functions.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/util.cpp
/rollup-template/node_modules/node-sass/src/custom_function_bridge.cpp
/rollup-template/node_modules/node-sass/src/custom_importer_bridge.h
/rollup-template/node_modules/node-sass/src/libsass/src/bind.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/eval.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/backtrace.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/extend.cpp
/rollup-template/node_modules/node-sass/src/sass_context_wrapper.h
/rollup-template/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/rollup-template/node_modules/node-sass/src/libsass/src/error_handling.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/debugger.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/emitter.cpp
/rollup-template/node_modules/node-sass/src/sass_types/number.cpp
/rollup-template/node_modules/node-sass/src/sass_types/color.h
/rollup-template/node_modules/node-sass/src/libsass/src/sass_values.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/output.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/rollup-template/node_modules/node-sass/src/sass_types/null.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/functions.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/cssize.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/prelexer.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_c.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_value.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/inspect.hpp
/rollup-template/node_modules/node-sass/src/sass_types/color.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/values.cpp
/rollup-template/node_modules/node-sass/src/sass_context_wrapper.cpp
/rollup-template/node_modules/node-sass/src/sass_types/list.h
/rollup-template/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/rollup-template/node_modules/node-sass/src/sass_types/map.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_value.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/context.cpp
/rollup-template/node_modules/node-sass/src/sass_types/string.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass_context.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/prelexer.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/context.hpp
/rollup-template/node_modules/node-sass/src/sass_types/boolean.h
/rollup-template/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6284

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6284

Release Date: 2019-08-06

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19826 (Medium) detected in node-sass-v4.11.0

CVE-2018-19826 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 21f4d8bd6e162974567acc06a90cd5e2714f18e4

Library Source Files (4)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/rollup-template/node_modules/node-sass/src/binding.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/inspect.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/operators.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/parser.cpp

Vulnerability Details

** DISPUTED ** In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. NOTE: Upstream comments indicate this issue is closed as "won't fix" and "works as intended" by design.

Publish Date: 2018-12-03

URL: CVE-2018-19826

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19826

Release Date: 2019-09-01

Fix Resolution: Replace or update the following file: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

WS-2020-0044 (High) detected in decompress-4.2.0.tgz

WS-2020-0044 - High Severity Vulnerability

Vulnerable Library - decompress-4.2.0.tgz

Extracting archives made easy

Library home page: https://registry.npmjs.org/decompress/-/decompress-4.2.0.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/decompress/package.json

Dependency Hierarchy:

optisize-1.0.0.tgz (Root Library)
- imagemin-gifsicle-6.0.1.tgz
  - gifsicle-4.0.1.tgz
    - bin-build-3.0.0.tgz
      - ❌ decompress-4.2.0.tgz (Vulnerable Library)

Found in HEAD commit: e5e893ff6a37be725e089d46c286e7b3c8da12f0

Vulnerability Details

decompress in all its versions is vulnerable to arbitrary file write. the package fails to prevent an extraction of files with relative paths which allows attackers to write to any folder in the system.

Publish Date: 2020-03-08

URL: WS-2020-0044

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7660 (Medium) detected in serialize-javascript-2.1.2.tgz

CVE-2020-7660 - Medium Severity Vulnerability

Vulnerable Library - serialize-javascript-2.1.2.tgz

Serialize JavaScript to a superset of JSON that includes regular expressions and functions.

Library home page: https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-2.1.2.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/serialize-javascript/package.json

Dependency Hierarchy:

rollup-plugin-uglify-6.0.4.tgz (Root Library)
- ❌ serialize-javascript-2.1.2.tgz (Vulnerable Library)

Found in HEAD commit: 91b2386c94e95ddd2fbf5bfea26c32d019c8c300

Vulnerability Details

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".

Publish Date: 2020-06-01

URL: CVE-2020-7660

CVSS 3 Score Details (5.0)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7660

Release Date: 2020-06-01

Fix Resolution: serialize-javascript - 3.1.0

Step up your Open Source Security Game with WhiteSource here

WS-2020-0068 (Medium) detected in multiple libraries

WS-2020-0068 - Medium Severity Vulnerability

Vulnerable Libraries - yargs-parser-10.1.0.tgz, yargs-parser-4.2.1.tgz, yargs-parser-5.0.0.tgz

yargs-parser-10.1.0.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-10.1.0.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/asset-resolver/node_modules/yargs-parser/package.json

Dependency Hierarchy:

critical-1.3.9.tgz (Root Library)
- meow-5.0.0.tgz
  - ❌ yargs-parser-10.1.0.tgz (Vulnerable Library)

yargs-parser-4.2.1.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-4.2.1.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/localtunnel/node_modules/yargs-parser/package.json

Dependency Hierarchy:

rollup-plugin-browsersync-1.1.0.tgz (Root Library)
- browser-sync-2.26.7.tgz
  - yargs-6.4.0.tgz
    - ❌ yargs-parser-4.2.1.tgz (Vulnerable Library)

yargs-parser-5.0.0.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-5.0.0.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/sass-graph/node_modules/yargs-parser/package.json

Dependency Hierarchy:

node-sass-4.14.0.tgz (Root Library)
- sass-graph-2.2.6.tgz
  - yargs-7.1.0.tgz
    - ❌ yargs-parser-5.0.0.tgz (Vulnerable Library)

Found in HEAD commit: b83c58ee189a965195691b0cc360338bc8144564

Vulnerability Details

Affected versions of yargs-parser are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument --foo.proto.bar baz' adds a bar property with value baz to all objects. This is only exploitable if attackers have control over the arguments being passed to yargs-parser.

Publish Date: 2020-05-01

URL: WS-2020-0068

CVSS 3 Score Details (5.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/package/yargs-parser

Release Date: 2020-05-04

Fix Resolution: https://www.npmjs.com/package/yargs-parser/v/18.1.2,https://www.npmjs.com/package/yargs-parser/v/15.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2017-1000048 (High) detected in qs-6.2.3.tgz

CVE-2017-1000048 - High Severity Vulnerability

Vulnerable Library - qs-6.2.3.tgz

A querystring parser that supports nesting and arrays, with a depth limit

Library home page: https://registry.npmjs.org/qs/-/qs-6.2.3.tgz

Path to dependency file: /tmp/ws-scm/rollup-template/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-template/node_modules/browser-sync/node_modules/qs/package.json

Dependency Hierarchy:

rollup-plugin-browsersync-1.0.0.tgz (Root Library)
- browser-sync-2.26.7.tgz
  - ❌ qs-6.2.3.tgz (Vulnerable Library)

Found in HEAD commit: 21f4d8bd6e162974567acc06a90cd5e2714f18e4

Vulnerability Details

the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash.

Publish Date: 2017-07-17

URL: CVE-2017-1000048

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: ljharb/qs@c709f6e

Release Date: 2017-03-06

Fix Resolution: Replace or update the following files: parse.js, parse.js, utils.js

Step up your Open Source Security Game with WhiteSource here

CVE-2015-9251 (Medium) detected in jquery-2.1.4.min.js

CVE-2015-9251 - Medium Severity Vulnerability

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/rollup-template/node_modules/js-base64/test/index.html

Path to vulnerable library: /rollup-template/node_modules/js-base64/test/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: aa4abebcbe02c9f170145fdef2b6e0306b885a73

Vulnerability Details

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Publish Date: 2018-01-18

URL: CVE-2015-9251

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251

Release Date: 2018-01-18

Fix Resolution: jQuery - v3.0.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19827 (High) detected in opennms-opennms-source-23.0.0-1, CSS::Sass-v3.6.0

CVE-2018-19827 - High Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-12-03

URL: CVE-2018-19827

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: sass/libsass#2784

Release Date: 2019-08-29

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

Migrate from TSLint to ESLint

https://github.com/typescript-eslint/tslint-to-eslint-config

CVE-2018-11698 (High) detected in opennms-opennms-source-23.0.0-1

CVE-2018-11698 - High Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 21f4d8bd6e162974567acc06a90cd5e2714f18e4

Library Source Files (62)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/rollup-template/node_modules/node-sass/src/libsass/src/expand.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/expand.cpp
/rollup-template/node_modules/node-sass/src/sass_types/factory.cpp
/rollup-template/node_modules/node-sass/src/sass_types/boolean.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/util.hpp
/rollup-template/node_modules/node-sass/src/sass_types/value.h
/rollup-template/node_modules/node-sass/src/libsass/src/emitter.hpp
/rollup-template/node_modules/node-sass/src/callback_bridge.h
/rollup-template/node_modules/node-sass/src/libsass/src/file.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/operation.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/operators.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/constants.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/error_handling.hpp
/rollup-template/node_modules/node-sass/src/custom_importer_bridge.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/parser.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/constants.cpp
/rollup-template/node_modules/node-sass/src/sass_types/list.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/cssize.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/functions.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/util.cpp
/rollup-template/node_modules/node-sass/src/custom_function_bridge.cpp
/rollup-template/node_modules/node-sass/src/custom_importer_bridge.h
/rollup-template/node_modules/node-sass/src/libsass/src/bind.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/eval.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/backtrace.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/extend.cpp
/rollup-template/node_modules/node-sass/src/sass_context_wrapper.h
/rollup-template/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/rollup-template/node_modules/node-sass/src/libsass/src/error_handling.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/debugger.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/emitter.cpp
/rollup-template/node_modules/node-sass/src/sass_types/number.cpp
/rollup-template/node_modules/node-sass/src/sass_types/color.h
/rollup-template/node_modules/node-sass/src/libsass/src/sass_values.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/output.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/rollup-template/node_modules/node-sass/src/sass_types/null.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/functions.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/cssize.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/prelexer.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_c.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_value.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/inspect.hpp
/rollup-template/node_modules/node-sass/src/sass_types/color.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/values.cpp
/rollup-template/node_modules/node-sass/src/sass_context_wrapper.cpp
/rollup-template/node_modules/node-sass/src/sass_types/list.h
/rollup-template/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/rollup-template/node_modules/node-sass/src/sass_types/map.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_value.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/context.cpp
/rollup-template/node_modules/node-sass/src/sass_types/string.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass_context.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/prelexer.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/context.hpp
/rollup-template/node_modules/node-sass/src/sass_types/boolean.h
/rollup-template/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11698

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11698

Release Date: 2019-08-06

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20821 (Medium) detected in opennms-opennms-source-23.0.0-1, node-sass-v4.11.0

CVE-2018-20821 - Medium Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20821

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20821

Release Date: 2019-04-23

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11694 (High) detected in opennms-opennms-source-23.0.0-1

CVE-2018-11694 - High Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 21f4d8bd6e162974567acc06a90cd5e2714f18e4

Library Source Files (62)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/rollup-template/node_modules/node-sass/src/libsass/src/expand.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/expand.cpp
/rollup-template/node_modules/node-sass/src/sass_types/factory.cpp
/rollup-template/node_modules/node-sass/src/sass_types/boolean.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/util.hpp
/rollup-template/node_modules/node-sass/src/sass_types/value.h
/rollup-template/node_modules/node-sass/src/libsass/src/emitter.hpp
/rollup-template/node_modules/node-sass/src/callback_bridge.h
/rollup-template/node_modules/node-sass/src/libsass/src/file.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/operation.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/operators.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/constants.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/error_handling.hpp
/rollup-template/node_modules/node-sass/src/custom_importer_bridge.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/parser.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/constants.cpp
/rollup-template/node_modules/node-sass/src/sass_types/list.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/cssize.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/functions.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/util.cpp
/rollup-template/node_modules/node-sass/src/custom_function_bridge.cpp
/rollup-template/node_modules/node-sass/src/custom_importer_bridge.h
/rollup-template/node_modules/node-sass/src/libsass/src/bind.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/eval.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/backtrace.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/extend.cpp
/rollup-template/node_modules/node-sass/src/sass_context_wrapper.h
/rollup-template/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/rollup-template/node_modules/node-sass/src/libsass/src/error_handling.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/debugger.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/emitter.cpp
/rollup-template/node_modules/node-sass/src/sass_types/number.cpp
/rollup-template/node_modules/node-sass/src/sass_types/color.h
/rollup-template/node_modules/node-sass/src/libsass/src/sass_values.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/output.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/rollup-template/node_modules/node-sass/src/sass_types/null.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/functions.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/cssize.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/prelexer.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_c.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_value.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/inspect.hpp
/rollup-template/node_modules/node-sass/src/sass_types/color.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/values.cpp
/rollup-template/node_modules/node-sass/src/sass_context_wrapper.cpp
/rollup-template/node_modules/node-sass/src/sass_types/list.h
/rollup-template/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/rollup-template/node_modules/node-sass/src/sass_types/map.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_value.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/context.cpp
/rollup-template/node_modules/node-sass/src/sass_types/string.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass_context.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/prelexer.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/context.hpp
/rollup-template/node_modules/node-sass/src/sass_types/boolean.h
/rollup-template/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11694

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11694

Release Date: 2018-06-04

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7598 (High) detected in multiple libraries

CVE-2020-7598 - High Severity Vulnerability

Vulnerable Libraries - minimist-0.0.8.tgz, minimist-1.1.3.tgz, minimist-0.0.10.tgz, minimist-1.2.0.tgz

minimist-0.0.8.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/@jimp/core/node_modules/minimist/package.json

Dependency Hierarchy:

rollup-watch-4.3.1.tgz (Root Library)
- chokidar-1.7.0.tgz
  - fsevents-1.2.11.tgz
    - node-pre-gyp-0.14.0.tgz
      - mkdirp-0.5.1.tgz
        
        ❌ minimist-0.0.8.tgz (Vulnerable Library)

minimist-1.1.3.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-1.1.3.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/gonzales-pe/node_modules/minimist/package.json

Dependency Hierarchy:

stylelint-13.2.1.tgz (Root Library)
- postcss-sass-0.4.2.tgz
  - gonzales-pe-4.2.4.tgz
    - ❌ minimist-1.1.3.tgz (Vulnerable Library)

minimist-0.0.10.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.10.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/optimist/node_modules/minimist/package.json

Dependency Hierarchy:

rollup-plugin-sprite-0.1.2.tgz (Root Library)
- spritesheet-templates-10.5.0.tgz
  - handlebars-4.7.3.tgz
    - optimist-0.6.1.tgz
      - ❌ minimist-0.0.10.tgz (Vulnerable Library)

minimist-1.2.0.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz

Dependency Hierarchy:

rollup-watch-4.3.1.tgz (Root Library)
- chokidar-1.7.0.tgz
  - fsevents-1.2.11.tgz
    - node-pre-gyp-0.14.0.tgz
      - rc-1.2.8.tgz
        
        ❌ minimist-1.2.0.tgz (Vulnerable Library)

Found in HEAD commit: 96d651fd11f7559661f94c1457e9ca386b77c0f0

Vulnerability Details

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.

Publish Date: 2020-03-11

URL: CVE-2020-7598

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94

Release Date: 2020-03-11

Fix Resolution: minimist - 0.2.1,1.2.2

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20834 (High) detected in tar-2.2.2.tgz

CVE-2018-20834 - High Severity Vulnerability

Vulnerable Library - tar-2.2.2.tgz

tar for node

Library home page: https://registry.npmjs.org/tar/-/tar-2.2.2.tgz

Path to dependency file: /tmp/ws-scm/rollup-template/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-template/node_modules/tar/package.json

Dependency Hierarchy:

node-sass-4.12.0.tgz (Root Library)
- node-gyp-3.8.0.tgz
  - ❌ tar-2.2.2.tgz (Vulnerable Library)

Found in HEAD commit: 21f4d8bd6e162974567acc06a90cd5e2714f18e4

Vulnerability Details

A vulnerability was found in node-tar before version 4.4.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content.

Publish Date: 2019-04-30

URL: CVE-2018-20834

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://hackerone.com/reports/344595

Release Date: 2019-04-30

Fix Resolution: v4.4.2

Step up your Open Source Security Game with WhiteSource here

CVE-2020-8175 (Medium) detected in jpeg-js-0.0.4.tgz, jpeg-js-0.3.7.tgz

CVE-2020-8175 - Medium Severity Vulnerability

Vulnerable Libraries - jpeg-js-0.0.4.tgz, jpeg-js-0.3.7.tgz

jpeg-js-0.0.4.tgz

A pure javascript JPEG encoder and decoder

Library home page: https://registry.npmjs.org/jpeg-js/-/jpeg-js-0.0.4.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/save-pixels/node_modules/jpeg-js/package.json

Dependency Hierarchy:

rollup-plugin-sprite-0.1.2.tgz (Root Library)
- spritesmith-3.4.0.tgz
  - pixelsmith-2.4.1.tgz
    - save-pixels-2.3.4.tgz
      - ❌ jpeg-js-0.0.4.tgz (Vulnerable Library)

jpeg-js-0.3.7.tgz

A pure javascript JPEG encoder and decoder

Library home page: https://registry.npmjs.org/jpeg-js/-/jpeg-js-0.3.7.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/jpeg-js/package.json

Dependency Hierarchy:

rollup-plugin-sprite-0.1.2.tgz (Root Library)
- spritesmith-3.4.0.tgz
  - pixelsmith-2.4.1.tgz
    - get-pixels-3.3.2.tgz
      - ❌ jpeg-js-0.3.7.tgz (Vulnerable Library)

Found in HEAD commit: 1a7521989b3ada35de3a187c8efbbe5d6e48a0d5

Vulnerability Details

Uncontrolled resource consumption in jpeg-js before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image.

Publish Date: 2020-07-24

URL: CVE-2020-8175

CVSS 3 Score Details (5.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8175

Release Date: 2020-07-21

Fix Resolution: 0.4.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20190 (Medium) detected in opennms-opennms-source-23.0.0-1, node-sass-v4.11.0

CVE-2018-20190 - Medium Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-17

URL: CVE-2018-20190

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20190

Release Date: 2018-12-17

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11499 (High) detected in opennms-opennms-source-23.0.0-1, node-sass-v4.11.0

CVE-2018-11499 - High Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.

Publish Date: 2018-05-26

URL: CVE-2018-11499

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11499

Release Date: 2018-05-26

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

WS-2020-0091 (High) detected in http-proxy-1.15.2.tgz

WS-2020-0091 - High Severity Vulnerability

Vulnerable Library - http-proxy-1.15.2.tgz

HTTP proxying for the masses

Library home page: https://registry.npmjs.org/http-proxy/-/http-proxy-1.15.2.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/http-proxy/package.json

Dependency Hierarchy:

rollup-plugin-browsersync-1.1.0.tgz (Root Library)
- browser-sync-2.26.7.tgz
  - ❌ http-proxy-1.15.2.tgz (Vulnerable Library)

Found in HEAD commit: 19796958a49a120d8687ba9f38658c933824a0e1

Vulnerability Details

Versions of http-proxy prior to 1.18.1 are vulnerable to Denial of Service. An HTTP request with a long body triggers an ERR_HTTP_HEADERS_SENT unhandled exception that crashes the proxy server. This is only possible when the proxy server sets headers in the proxy request using the proxyReq.setHeader function.

Publish Date: 2020-05-14

URL: WS-2020-0091

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/1486

Release Date: 2020-05-26

Fix Resolution: http-proxy - 1.18.1

Step up your Open Source Security Game with WhiteSource here

CVE-2019-11358 (Medium) detected in jquery-2.1.4.min.js

CVE-2019-11358 - Medium Severity Vulnerability

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/rollup-template/node_modules/js-base64/test/index.html

Path to vulnerable library: /rollup-template/node_modules/js-base64/test/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: aa4abebcbe02c9f170145fdef2b6e0306b885a73

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-20

URL: CVE-2019-11358

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: jquery/jquery@753d591

Release Date: 2019-03-25

Fix Resolution: Replace or update the following files: core.js, core.js

Step up your Open Source Security Game with WhiteSource here

CVE-2020-8116 (Medium) detected in dot-prop-4.2.0.tgz

CVE-2020-8116 - Medium Severity Vulnerability

Vulnerable Library - dot-prop-4.2.0.tgz

Get, set, or delete a property from a nested object using a dot path

Library home page: https://registry.npmjs.org/dot-prop/-/dot-prop-4.2.0.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/dot-prop/package.json

Dependency Hierarchy:

stylelint-13.1.0.tgz (Root Library)
- postcss-selector-parser-3.1.1.tgz
  - ❌ dot-prop-4.2.0.tgz (Vulnerable Library)

Found in HEAD commit: 2efbc5a4651c4d08607008d5fd1c727ed416b470

Vulnerability Details

Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

Publish Date: 2020-02-04

URL: CVE-2020-8116

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8116

Release Date: 2020-02-04

Fix Resolution: dot-prop - 5.1.1

Step up your Open Source Security Game with WhiteSource here

CVE-2015-9521 (Medium) detected in jquery-2.1.4.min.js, jquery-1.9.1.js

CVE-2015-9521 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-2.1.4.min.js, jquery-1.9.1.js

jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/rollup-mpa/node_modules/js-base64/test/index.html

Path to vulnerable library: /rollup-mpa/node_modules/js-base64/test/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

jquery-1.9.1.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.js

Path to dependency file: /tmp/ws-scm/rollup-mpa/node_modules/tinycolor2/test/index.html

Path to vulnerable library: /rollup-mpa/node_modules/tinycolor2/test/../demo/jquery-1.9.1.js,/rollup-mpa/node_modules/tinycolor2/demo/jquery-1.9.1.js

Dependency Hierarchy:

❌ jquery-1.9.1.js (Vulnerable Library)

Found in HEAD commit: 6ab3b792b3b5517ab2b176d84003983384423a43

Vulnerability Details

The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.

Publish Date: 2019-10-23

URL: CVE-2015-9521

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: jquery/jquery@b078a62

Release Date: 2019-10-23

Fix Resolution: 2.2.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19797 (Medium) detected in opennms-opennms-source-23.0.0-1, CSS::Sass-v3.6.0

CVE-2018-19797 - Medium Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-03

URL: CVE-2018-19797

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19797

Release Date: 2019-09-01

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

WS-2019-0019 (Medium) detected in braces-1.8.5.tgz

WS-2019-0019 - Medium Severity Vulnerability

Vulnerable Library - braces-1.8.5.tgz

Fastest brace expansion for node.js, with the most complete support for the Bash 4.3 braces specification.

Library home page: https://registry.npmjs.org/braces/-/braces-1.8.5.tgz

Path to dependency file: /tmp/ws-scm/rollup-template/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-template/node_modules/rollup-watch/node_modules/braces/package.json

Dependency Hierarchy:

rollup-watch-4.3.1.tgz (Root Library)
- chokidar-1.7.0.tgz
  - anymatch-1.3.2.tgz
    - micromatch-2.3.11.tgz
      - ❌ braces-1.8.5.tgz (Vulnerable Library)

Found in HEAD commit: 21f4d8bd6e162974567acc06a90cd5e2714f18e4

Vulnerability Details

Version of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.

Publish Date: 2019-03-25

URL: WS-2019-0019

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/786

Release Date: 2019-02-21

Fix Resolution: 2.3.1

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6286 (Medium) detected in opennms-opennms-source-23.0.0-1

CVE-2019-6286 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 21f4d8bd6e162974567acc06a90cd5e2714f18e4

Library Source Files (62)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/rollup-template/node_modules/node-sass/src/libsass/src/expand.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/expand.cpp
/rollup-template/node_modules/node-sass/src/sass_types/factory.cpp
/rollup-template/node_modules/node-sass/src/sass_types/boolean.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/util.hpp
/rollup-template/node_modules/node-sass/src/sass_types/value.h
/rollup-template/node_modules/node-sass/src/libsass/src/emitter.hpp
/rollup-template/node_modules/node-sass/src/callback_bridge.h
/rollup-template/node_modules/node-sass/src/libsass/src/file.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/operation.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/operators.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/constants.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/error_handling.hpp
/rollup-template/node_modules/node-sass/src/custom_importer_bridge.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/parser.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/constants.cpp
/rollup-template/node_modules/node-sass/src/sass_types/list.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/cssize.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/functions.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/util.cpp
/rollup-template/node_modules/node-sass/src/custom_function_bridge.cpp
/rollup-template/node_modules/node-sass/src/custom_importer_bridge.h
/rollup-template/node_modules/node-sass/src/libsass/src/bind.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/eval.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/backtrace.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/extend.cpp
/rollup-template/node_modules/node-sass/src/sass_context_wrapper.h
/rollup-template/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/rollup-template/node_modules/node-sass/src/libsass/src/error_handling.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/debugger.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/emitter.cpp
/rollup-template/node_modules/node-sass/src/sass_types/number.cpp
/rollup-template/node_modules/node-sass/src/sass_types/color.h
/rollup-template/node_modules/node-sass/src/libsass/src/sass_values.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/output.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/rollup-template/node_modules/node-sass/src/sass_types/null.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/functions.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/cssize.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/prelexer.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_c.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_value.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/inspect.hpp
/rollup-template/node_modules/node-sass/src/sass_types/color.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/values.cpp
/rollup-template/node_modules/node-sass/src/sass_context_wrapper.cpp
/rollup-template/node_modules/node-sass/src/sass_types/list.h
/rollup-template/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/rollup-template/node_modules/node-sass/src/sass_types/map.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_value.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/context.cpp
/rollup-template/node_modules/node-sass/src/sass_types/string.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass_context.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/prelexer.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/context.hpp
/rollup-template/node_modules/node-sass/src/sass_types/boolean.h
/rollup-template/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.

Publish Date: 2019-01-14

URL: CVE-2019-6286

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6286

Release Date: 2019-08-06

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7774 (High) detected in y18n-4.0.0.tgz

CVE-2020-7774 - High Severity Vulnerability

Vulnerable Library - y18n-4.0.0.tgz

the bare-bones internationalization library used by yargs

Library home page: https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz

Path to dependency file: rollup-mpa/package.json

Path to vulnerable library: rollup-mpa/node_modules/create-pwa/node_modules/y18n/package.json

Dependency Hierarchy:

create-pwa-2.3.0.tgz (Root Library)
- yargs-15.3.1.tgz
  - ❌ y18n-4.0.0.tgz (Vulnerable Library)

Found in HEAD commit: 1871b45288c82b8f518a243ce89d78fd5976eb2e

Found in base branch: master

Vulnerability Details

This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('proto'); y18n.updateLocale({polluted: true}); console.log(polluted); // true

Publish Date: 2020-11-17

URL: CVE-2020-7774

CVSS 3 Score Details (7.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7774

Release Date: 2020-11-17

Fix Resolution: 5.0.5

Step up your Open Source Security Game with WhiteSource here

CVE-2019-20149 (Medium) detected in multiple libraries

CVE-2019-20149 - Medium Severity Vulnerability

Vulnerable Libraries - kind-of-3.2.2.tgz, kind-of-4.0.0.tgz, kind-of-6.0.2.tgz, kind-of-5.1.0.tgz

kind-of-3.2.2.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/expand-range/node_modules/kind-of/package.json

Dependency Hierarchy:

rollup-watch-4.3.1.tgz (Root Library)
- chokidar-1.7.0.tgz
  - anymatch-1.3.2.tgz
    - micromatch-2.3.11.tgz
      - braces-1.8.5.tgz
        
        expand-range-1.8.2.tgz
        
        fill-range-2.2.4.tgz
        
        is-number-2.1.0.tgz
        
        ❌ kind-of-3.2.2.tgz (Vulnerable Library)

kind-of-4.0.0.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-4.0.0.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/has-values/node_modules/kind-of/package.json

Dependency Hierarchy:

rollup-plugin-browsersync-1.1.0.tgz (Root Library)
- browser-sync-2.26.7.tgz
  - micromatch-3.1.10.tgz
    - snapdragon-0.8.2.tgz
      - base-0.11.2.tgz
        
        cache-base-1.0.1.tgz
        
        has-value-1.0.0.tgz
        
        has-values-1.0.0.tgz
        
        ❌ kind-of-4.0.0.tgz (Vulnerable Library)

kind-of-6.0.2.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/kind-of/package.json

Dependency Hierarchy:

rollup-plugin-browsersync-1.1.0.tgz (Root Library)
- browser-sync-2.26.7.tgz
  - micromatch-3.1.10.tgz
    - ❌ kind-of-6.0.2.tgz (Vulnerable Library)

kind-of-5.1.0.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/is-descriptor/node_modules/kind-of/package.json

Dependency Hierarchy:

rollup-plugin-browsersync-1.1.0.tgz (Root Library)
- browser-sync-2.26.7.tgz
  - micromatch-3.1.10.tgz
    - snapdragon-0.8.2.tgz
      - define-property-0.2.5.tgz
        
        is-descriptor-0.1.6.tgz
        
        ❌ kind-of-5.1.0.tgz (Vulnerable Library)

Found in HEAD commit: 2feed2f167cd6d8cd04e67b2cf150ba25b06d254

Vulnerability Details

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.

Publish Date: 2019-12-30

URL: CVE-2019-20149

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11695 (High) detected in opennms-opennms-source-23.0.0-1

CVE-2018-11695 - High Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 21f4d8bd6e162974567acc06a90cd5e2714f18e4

Library Source Files (62)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/rollup-template/node_modules/node-sass/src/libsass/src/expand.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/expand.cpp
/rollup-template/node_modules/node-sass/src/sass_types/factory.cpp
/rollup-template/node_modules/node-sass/src/sass_types/boolean.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/util.hpp
/rollup-template/node_modules/node-sass/src/sass_types/value.h
/rollup-template/node_modules/node-sass/src/libsass/src/emitter.hpp
/rollup-template/node_modules/node-sass/src/callback_bridge.h
/rollup-template/node_modules/node-sass/src/libsass/src/file.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/operation.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/operators.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/constants.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/error_handling.hpp
/rollup-template/node_modules/node-sass/src/custom_importer_bridge.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/parser.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/constants.cpp
/rollup-template/node_modules/node-sass/src/sass_types/list.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/cssize.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/functions.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/util.cpp
/rollup-template/node_modules/node-sass/src/custom_function_bridge.cpp
/rollup-template/node_modules/node-sass/src/custom_importer_bridge.h
/rollup-template/node_modules/node-sass/src/libsass/src/bind.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/eval.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/backtrace.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/extend.cpp
/rollup-template/node_modules/node-sass/src/sass_context_wrapper.h
/rollup-template/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/rollup-template/node_modules/node-sass/src/libsass/src/error_handling.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/debugger.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/emitter.cpp
/rollup-template/node_modules/node-sass/src/sass_types/number.cpp
/rollup-template/node_modules/node-sass/src/sass_types/color.h
/rollup-template/node_modules/node-sass/src/libsass/src/sass_values.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/output.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/rollup-template/node_modules/node-sass/src/sass_types/null.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/functions.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/cssize.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/prelexer.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_c.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_value.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/inspect.hpp
/rollup-template/node_modules/node-sass/src/sass_types/color.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/values.cpp
/rollup-template/node_modules/node-sass/src/sass_context_wrapper.cpp
/rollup-template/node_modules/node-sass/src/sass_types/list.h
/rollup-template/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/rollup-template/node_modules/node-sass/src/sass_types/map.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_value.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/context.cpp
/rollup-template/node_modules/node-sass/src/sass_types/string.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass_context.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/prelexer.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/context.hpp
/rollup-template/node_modules/node-sass/src/sass_types/boolean.h
/rollup-template/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11695

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11695

Release Date: 2018-06-04

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11693 (High) detected in opennms-opennms-source-23.0.0-1

CVE-2018-11693 - High Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 21f4d8bd6e162974567acc06a90cd5e2714f18e4

Library Source Files (62)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/rollup-template/node_modules/node-sass/src/libsass/src/expand.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/expand.cpp
/rollup-template/node_modules/node-sass/src/sass_types/factory.cpp
/rollup-template/node_modules/node-sass/src/sass_types/boolean.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/util.hpp
/rollup-template/node_modules/node-sass/src/sass_types/value.h
/rollup-template/node_modules/node-sass/src/libsass/src/emitter.hpp
/rollup-template/node_modules/node-sass/src/callback_bridge.h
/rollup-template/node_modules/node-sass/src/libsass/src/file.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/operation.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/operators.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/constants.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/error_handling.hpp
/rollup-template/node_modules/node-sass/src/custom_importer_bridge.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/parser.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/constants.cpp
/rollup-template/node_modules/node-sass/src/sass_types/list.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/cssize.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/functions.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/util.cpp
/rollup-template/node_modules/node-sass/src/custom_function_bridge.cpp
/rollup-template/node_modules/node-sass/src/custom_importer_bridge.h
/rollup-template/node_modules/node-sass/src/libsass/src/bind.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/eval.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/backtrace.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/extend.cpp
/rollup-template/node_modules/node-sass/src/sass_context_wrapper.h
/rollup-template/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/rollup-template/node_modules/node-sass/src/libsass/src/error_handling.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/debugger.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/emitter.cpp
/rollup-template/node_modules/node-sass/src/sass_types/number.cpp
/rollup-template/node_modules/node-sass/src/sass_types/color.h
/rollup-template/node_modules/node-sass/src/libsass/src/sass_values.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/output.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/rollup-template/node_modules/node-sass/src/sass_types/null.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/functions.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/cssize.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/prelexer.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_c.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_value.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/inspect.hpp
/rollup-template/node_modules/node-sass/src/sass_types/color.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/values.cpp
/rollup-template/node_modules/node-sass/src/sass_context_wrapper.cpp
/rollup-template/node_modules/node-sass/src/sass_types/list.h
/rollup-template/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/rollup-template/node_modules/node-sass/src/sass_types/map.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/to_value.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/context.cpp
/rollup-template/node_modules/node-sass/src/sass_types/string.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/sass_context.cpp
/rollup-template/node_modules/node-sass/src/libsass/src/prelexer.hpp
/rollup-template/node_modules/node-sass/src/libsass/src/context.hpp
/rollup-template/node_modules/node-sass/src/sass_types/boolean.h
/rollup-template/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11693

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11693

Release Date: 2018-06-04

Fix Resolution: LibSass - 3.5.5

Step up your Open Source Security Game with WhiteSource here

CVE-2020-8244 (High) detected in bl-1.2.2.tgz

CVE-2020-8244 - High Severity Vulnerability

Vulnerable Library - bl-1.2.2.tgz

Buffer List: collect buffers and access with a standard readable Buffer interface, streamable too!

Library home page: https://registry.npmjs.org/bl/-/bl-1.2.2.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/bl/package.json

Dependency Hierarchy:

optisize-1.1.0.tgz (Root Library)
- imagemin-gifsicle-7.0.0.tgz
  - gifsicle-5.1.0.tgz
    - bin-build-3.0.0.tgz
      - decompress-4.2.1.tgz
        
        decompress-tar-4.1.1.tgz
        
        tar-stream-1.6.2.tgz
        
        ❌ bl-1.2.2.tgz (Vulnerable Library)

Found in HEAD commit: 241654497f4de4385c1e3fc8ddf32e0201e1896d

Vulnerability Details

A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1 and <2.2.1 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.

Publish Date: 2020-07-21

URL: CVE-2020-8244

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8244

Release Date: 2020-07-21

Fix Resolution: 2.2.1,3.0.1,4.0.3

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7733 (High) detected in ua-parser-js-0.7.21.tgz

CVE-2020-7733 - High Severity Vulnerability

Vulnerable Library - ua-parser-js-0.7.21.tgz

Lightweight JavaScript-based user-agent string parser

Library home page: https://registry.npmjs.org/ua-parser-js/-/ua-parser-js-0.7.21.tgz

Path to dependency file: rollup-mpa/node_modules/ua-parser-js/package.json

Path to vulnerable library: rollup-mpa/node_modules/ua-parser-js/package.json

Dependency Hierarchy:

rollup-plugin-browsersync-1.3.1.tgz (Root Library)
- browser-sync-2.26.12.tgz
  - ❌ ua-parser-js-0.7.21.tgz (Vulnerable Library)

Found in HEAD commit: 47d5e5050d0d9edbccbe99974ae2113b9ce289af

Vulnerability Details

The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.

Publish Date: 2020-09-16

URL: CVE-2020-7733

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7733

Release Date: 2020-07-21

Fix Resolution: 0.7.22

Step up your Open Source Security Game with WhiteSource here

WS-2020-0070 (High) detected in lodash-4.17.15.tgz

WS-2020-0070 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.15.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/lodash/package.json

Dependency Hierarchy:

core-7.9.6.tgz (Root Library)
- ❌ lodash-4.17.15.tgz (Vulnerable Library)

Found in HEAD commit: c13b4dd244607a654a67a6ba362459ab787697ee

Vulnerability Details

a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype

Publish Date: 2020-04-28

URL: WS-2020-0070

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2020-36048 (Medium) detected in engine.io-3.2.1.tgz

CVE-2020-36048 - Medium Severity Vulnerability

Vulnerable Library - engine.io-3.2.1.tgz

The realtime engine behind Socket.IO. Provides the foundation of a bidirectional connection between client and server

Library home page: https://registry.npmjs.org/engine.io/-/engine.io-3.2.1.tgz

Path to dependency file: rollup-mpa/package.json

Path to vulnerable library: rollup-mpa/node_modules/engine.io/package.json

Dependency Hierarchy:

rollup-plugin-browsersync-1.3.1.tgz (Root Library)
- browser-sync-2.26.13.tgz
  - socket.io-2.1.1.tgz
    - ❌ engine.io-3.2.1.tgz (Vulnerable Library)

Found in HEAD commit: 898e8418a8a450b000b11efa00ec87aa949dbdc0

Vulnerability Details

Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.

Publish Date: 2021-01-08

URL: CVE-2020-36048

CVSS 3 Score Details (5.4)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36048

Release Date: 2021-01-08

Fix Resolution: engine.io - 4.0.0

Step up your Open Source Security Game with WhiteSource here

CVE-2020-36049 (Medium) detected in socket.io-parser-3.2.0.tgz, socket.io-parser-3.3.1.tgz

CVE-2020-36049 - Medium Severity Vulnerability

Vulnerable Libraries - socket.io-parser-3.2.0.tgz, socket.io-parser-3.3.1.tgz

socket.io-parser-3.2.0.tgz

socket.io protocol parser

Library home page: https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-3.2.0.tgz

Path to dependency file: rollup-mpa/package.json

Path to vulnerable library: rollup-mpa/node_modules/socket.io/node_modules/socket.io-parser/package.json

Dependency Hierarchy:

rollup-plugin-browsersync-1.3.1.tgz (Root Library)
- browser-sync-2.26.13.tgz
  - socket.io-2.1.1.tgz
    - ❌ socket.io-parser-3.2.0.tgz (Vulnerable Library)

socket.io-parser-3.3.1.tgz

socket.io protocol parser

Library home page: https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-3.3.1.tgz

Path to dependency file: rollup-mpa/package.json

Path to vulnerable library: rollup-mpa/node_modules/socket.io-parser/package.json

Dependency Hierarchy:

rollup-plugin-browsersync-1.3.1.tgz (Root Library)
- browser-sync-2.26.13.tgz
  - browser-sync-ui-2.26.13.tgz
    - socket.io-client-2.4.0.tgz
      - ❌ socket.io-parser-3.3.1.tgz (Vulnerable Library)

Found in HEAD commit: 898e8418a8a450b000b11efa00ec87aa949dbdc0

Vulnerability Details

socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.

Publish Date: 2021-01-08

URL: CVE-2020-36049

CVSS 3 Score Details (5.4)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36049

Release Date: 2021-01-08

Fix Resolution: socket.io-parser - 3.4.1

Step up your Open Source Security Game with WhiteSource here

CVE-2020-8203 (High) detected in lodash-4.17.19.tgz

CVE-2020-8203 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.19.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz

Path to dependency file: /tmp/ws-scm/rollup-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/rollup-mpa/node_modules/lodash/package.json

Dependency Hierarchy:

core-7.10.5.tgz (Root Library)
- ❌ lodash-4.17.19.tgz (Vulnerable Library)

Found in HEAD commit: 2101715213c75bb0eb8c78bb7252f495435c65c5

Vulnerability Details

Prototype pollution attack when using _.zipObjectDeep in lodash <= 4.17.15.

Publish Date: 2020-07-15

URL: CVE-2020-8203

CVSS 3 Score Details (7.6)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11697 (High) detected in node-sass-v4.11.0, CSS::Sass-v3.6.0

CVE-2018-11697 - High Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11697

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11697

Release Date: 2019-09-01

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7753 (High) detected in trim-0.0.1.tgz

CVE-2020-7753 - High Severity Vulnerability

Vulnerable Library - trim-0.0.1.tgz

Trim string whitespace

Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz

Path to dependency file: rollup-mpa/package.json

Path to vulnerable library: rollup-mpa/node_modules/trim/package.json

Dependency Hierarchy:

stylelint-13.7.2.tgz (Root Library)
- postcss-markdown-0.36.1.tgz
  - remark-12.0.1.tgz
    - remark-parse-8.0.3.tgz
      - ❌ trim-0.0.1.tgz (Vulnerable Library)

Found in HEAD commit: a67636263cb28228babaa25b84188a5f838c4d2f

Vulnerability Details

All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().

Publish Date: 2020-10-27

URL: CVE-2020-7753

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

WS-2016-0090 (Medium) detected in jquery-2.1.4.min.js

WS-2016-0090 - Medium Severity Vulnerability

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/rollup-template/node_modules/js-base64/test/index.html

Path to vulnerable library: /rollup-template/node_modules/js-base64/test/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: aa4abebcbe02c9f170145fdef2b6e0306b885a73

Vulnerability Details

JQuery, before 2.2.0, is vulnerable to Cross-site Scripting (XSS) attacks via text/javascript response with arbitrary code execution.

Publish Date: 2016-11-27

URL: WS-2016-0090

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: jquery/jquery@b078a62

Release Date: 2019-04-08

Fix Resolution: 2.2.0

Step up your Open Source Security Game with WhiteSource here

CVE-2013-0340 (Medium) detected in src-73.0.3635.0

CVE-2013-0340 - Medium Severity Vulnerability

Vulnerable Library - src73.0.3635.0

Library home page: https://chromium.googlesource.com/chromium/src

Found in HEAD commit: 4700f63f2bcadc0407501c3ab9dade76db010dd7

Library Source Files (51)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/expat_external.h
/rollup-mpa/node_modules/sharp/vendor/include/libxml2/libxml/xpathInternals.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/catalog.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/SAX.h
/rollup-mpa/node_modules/sharp/vendor/include/libxml2/libxml/encoding.h
/rollup-mpa/node_modules/sharp/vendor/include/libxml2/libxml/xmlwriter.h
/rollup-mpa/node_modules/sharp/vendor/include/libxml2/libxml/pattern.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/schematron.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/c14n.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/xinclude.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/dict.h
/rollup-mpa/node_modules/sharp/vendor/include/libxml2/libxml/xmlmemory.h
/rollup-mpa/node_modules/sharp/vendor/include/webp/encode.h
/rollup-mpa/node_modules/sharp/vendor/include/webp/mux.h
/rollup-mpa/node_modules/sharp/vendor/include/expat.h
/rollup-mpa/node_modules/sharp/vendor/include/webp/demux.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/parserInternals.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/xmlschemas.h
/rollup-mpa/node_modules/sharp/vendor/include/libxml2/libxml/xmlregexp.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/parser.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/webp/mux_types.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/schemasInternals.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/relaxng.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/webp/types.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/xmlmodule.h
/rollup-mpa/node_modules/sharp/vendor/include/libxml2/libxml/nanohttp.h
/rollup-mpa/node_modules/sharp/vendor/include/libxml2/libxml/xmlsave.h
/rollup-mpa/node_modules/sharp/vendor/include/libxml2/libxml/xmlunicode.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/xmlschemastypes.h
/rollup-mpa/node_modules/sharp/vendor/include/libxml2/libxml/DOCBparser.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/hash.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/xmlstring.h
/rollup-mpa/node_modules/sharp/vendor/include/libxml2/libxml/SAX2.h
/rollup-mpa/node_modules/sharp/vendor/include/libpng16/pngconf.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/uri.h
/rollup-mpa/node_modules/sharp/vendor/include/libxml2/libxml/xmlIO.h
/rollup-mpa/node_modules/sharp/vendor/include/libxml2/libxml/valid.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/debugXML.h
/rollup-mpa/node_modules/sharp/vendor/include/libxml2/libxml/xpointer.h
/rollup-mpa/node_modules/sharp/vendor/include/libxml2/libxml/chvalid.h
/rollup-mpa/node_modules/sharp/vendor/include/libxml2/libxml/threads.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/HTMLparser.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/xmlreader.h
/rollup-mpa/node_modules/sharp/vendor/include/libpng16/png.h
/rollup-mpa/node_modules/sharp/vendor/include/libxml2/libxml/HTMLtree.h
/rollup-mpa/node_modules/sharp/vendor/include/libxml2/libxml/xmlautomata.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/nanoftp.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/xlink.h
/rollup-mpa/node_modules/sharp/vendor/include/libxml2/libxml/xmlerror.h
/rollup-mpa/node_modules/sharp/vendor/include/libxml2/libxml/xpath.h
/rollup-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/list.h

Vulnerability Details

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.

Publish Date: 2014-01-21

URL: CVE-2013-0340

CVSS 2 Score Details (6.8)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://security.gentoo.org/glsa/201701-21

Release Date: 2017-01-11

Fix Resolution: All Expat users should upgrade to the latest version >= expat-2.2.0-r1

Step up your Open Source Security Game with WhiteSource here

scriptex / rollup-mpa Goto Github PK

rollup-mpa's Introduction

Rollup MPA

About

LICENSE

rollup-mpa's People

Contributors

Stargazers

Watchers

rollup-mpa's Issues

CVE-2020-28168 - Medium Severity Vulnerability

CVE-2020-11022 - Medium Severity Vulnerability

CVE-2018-19839 - Medium Severity Vulnerability

CVE-2019-6283 - Medium Severity Vulnerability

CVE-2020-7608 - Medium Severity Vulnerability

CVE-2018-19838 - Medium Severity Vulnerability

CVE-2020-11023 - Medium Severity Vulnerability

CVE-2019-18797 - Medium Severity Vulnerability

CVE-2020-28275 - High Severity Vulnerability

CVE-2018-20822 - Medium Severity Vulnerability

CVE-2019-16769 - Medium Severity Vulnerability

CVE-2018-1109 - High Severity Vulnerability

CVE-2019-6284 - Medium Severity Vulnerability

CVE-2018-19826 - Medium Severity Vulnerability

WS-2020-0044 - High Severity Vulnerability

CVE-2020-7660 - Medium Severity Vulnerability

WS-2020-0068 - Medium Severity Vulnerability

CVE-2017-1000048 - High Severity Vulnerability

CVE-2015-9251 - Medium Severity Vulnerability

CVE-2018-19827 - High Severity Vulnerability

CVE-2018-11698 - High Severity Vulnerability

CVE-2018-20821 - Medium Severity Vulnerability

CVE-2018-11694 - High Severity Vulnerability

CVE-2020-7598 - High Severity Vulnerability

CVE-2018-20834 - High Severity Vulnerability

CVE-2020-8175 - Medium Severity Vulnerability

CVE-2018-20190 - Medium Severity Vulnerability

CVE-2018-11499 - High Severity Vulnerability

WS-2020-0091 - High Severity Vulnerability

CVE-2019-11358 - Medium Severity Vulnerability

CVE-2020-8116 - Medium Severity Vulnerability

CVE-2015-9521 - Medium Severity Vulnerability

CVE-2018-19797 - Medium Severity Vulnerability

WS-2019-0019 - Medium Severity Vulnerability

CVE-2019-6286 - Medium Severity Vulnerability

CVE-2020-7774 - High Severity Vulnerability

CVE-2019-20149 - Medium Severity Vulnerability

CVE-2018-11695 - High Severity Vulnerability

CVE-2018-11693 - High Severity Vulnerability

CVE-2020-8244 - High Severity Vulnerability

CVE-2020-7733 - High Severity Vulnerability

WS-2020-0070 - High Severity Vulnerability

CVE-2020-36048 - Medium Severity Vulnerability

CVE-2020-36049 - Medium Severity Vulnerability

CVE-2020-8203 - High Severity Vulnerability

CVE-2018-11697 - High Severity Vulnerability

CVE-2020-7753 - High Severity Vulnerability

WS-2016-0090 - Medium Severity Vulnerability

CVE-2013-0340 - Medium Severity Vulnerability

Recommend Projects

Recommend Topics

Recommend Org

Jobs