GithubHelp home page GithubHelp logo

scriptex / webpack-mpa Goto Github PK

View Code? Open in Web Editor NEW
46.0 5.0 3.0 11.11 MB

Multiple page application setup with Webpack using SASS, PostCSS, ES6+, etc

Home Page: https://atanas.info/portfolio/open-source/webpack-mpa

License: MIT License

JavaScript 70.55% PHP 27.57% SCSS 1.88%
front-end-starter-kit front-end-developer-tool multi-page-application webpack-boilerplate webpack-configuration sass-boilerplate

webpack-mpa's Introduction

Webpack MPA Logo

Zero config and fast installation: Run `npx webpack-mpa && npm i && npm start` in your terminal.

Travis CI Github Build Codacy Badge Codebeat Badge CodeFactor Badge DeepScan grade Analytics

Webpack-MPA

Opinionated multiple page application setup with Webpack using SASS, PostCSS, ES2017, PNG & SVG Sprites and more.

This boilerplate is suitable for static web applications, WordPress websites, etc.

Visitor stats

GitHub stars GitHub forks GitHub watchers GitHub followers

Code stats

GitHub code size in bytes GitHub repo size GitHub language count GitHub top language GitHub last commit

Dependencies

In order to use this setup you need to have installed the following dependencies:

  1. Node - min v8.9.4 - LTS recommended
  2. NPM - min v5.6.0 or
  3. Yarn - min v1.3.2
  4. Bash terminal (Default on OSX/Linux, GitBash or similar on Windows)

Default setup

The default setup uses PHP files, but you can easily switch to a file format of your choice.

Also, you can always switch to another file/folder structure if the current one does not suit you.

Just keep in mind that the styles should be located in assets/styles and the scripts should be located in assets/scripts.

Zero config and fast installation

Navigate to your new project's folder and execute the following command:

npx webpack-mpa && npm i && npm start

This will install Webpack-MPA in your project folder and you will be able to start right away.

Download

You can download this setup directly and extract it.

or use NPM or Yarn to install it:

npm i webpack-mpa

or

yarn add webpack-mpa

Then navigate to the webpack-mpa folder and proceed with the rest of the instructions.

Global installation

It is possible to use the CLI tool included in Webpack MPA. In order to do this you must install Webpack MPA globally:

npm i webpack-mpa -g

or

yarn global add webpack-mpa

The wmpa binary is now available for you to use.

Go to your new project folder and execute

wmpa

Your new project is setup!

Install dependencies

yarn

or

npm i

Develop

yarn start

or

npm start

Build

yarn build

or

npm run build

Details

  1. SCSS stylesheets preprocessing

    • SCSS entry point is main.scss file located in assets/styles
    • The whole stylesheets file/folder structure is up to you
    • ITSCSS boilerplate used as a starting point.
    • Glob import in SCSS thanks to node-sass-magic-importer

  2. PostCSS stylesheets postprocessing including:

    "Write your CSS rules without vendor prefixes (in fact, forget about them entirely)"

  3. PNG Sprite generating using Webpack SpriteSmith The default setup includes retina sprite support which means that you should provide a retina version of each png icon.

    If you do not wish to use the retina sprite, comment the @include retina-sprites($retina-groups); statement in main.scss file.

    In order to use the PNG sprite, you need to do so by adding the relevant icons in your markup:

    <i class="ico-home"></i>

    The class name corresponds to the name of the PNG file.

  4. Latest EcmaScript support

    • Usage of the latest features in EcmaScript
    • Using Babel to transpile to ES5
    • Minification of the bundled file
    • Source maps

  5. Automatic browser reload using BrowserSync

    • The setup assumes that you have a web server (MAMP, XAMPP, etc) installed.
    • If you wish to use a proxy in browsersync you can do it using the url CLI argument like this:
    yarn start --env url=http://your.app

    or

    npm start --env url=http://your.app

    If you do not have a web server installed, then the files can be served via the browser-sync built-in server. In order to use this you need to pass a new CLI argument server like this.

    yarn start --env server

    or

    npm start --env server

  1. SVG Sprite generating using spritesh

    All svg files located in assets/images/svg are merged into a single sprite.svg file in dist directory.

    This action is performed each time the start command is invoked.

    In order to use the SVG sprite you first need to include it in your markup. You can do so in several ways:

    • If you're using PHP files, include it in each of your PHP files: <?php include_once('assets/dist/sprite.svg'); ?>
    • If you're using HTML files, paste the content of the SVG sprite in each of your HTML files.
    • If you're using another templating method (posthtml include, handlebars, ejs, etc) you need to do so according to its documentation.

    It is preferred to include the SVG sprite right after your opening <body> tag

    In order to add an SVG icon in your markup, you can do so by using the SVG <use> tag:

    <svg class="svg-home">
	<use xlink:href="#svg-home"></use>
</svg>

  2. All front-end assets are stored in an auto-generated dist folder.

Assets

The assets folder contains several folders:

  • images - contains several folders too:
    • favicon - contains all icons variations
    • sprite - contains png sprite's parts
    • svg - contains svg sprite's parts
    • temp - contains content images
  • scripts - contains the JS modules
  • styles - contains the SASS stylesheets

Each start command regenerates the contents of the dist folder.

Supported Browsers

This setup uses Browserslist to target browsers.

The default list of supported browsers is listed in the package.json file:

{
	"browserslist": ["> 1%", "last 2 versions"]
}

This means that supported browsers vary based on current usage data and current browser versions.

In general, this setup supports the two most recent versions of all browsers.

Scripts

There are several scripts defined in the package.json file:

{
	"build": "webpack --mode=production",
	"start": "webpack --watch --mode=development",
	"html": "php index.php > index.html",
	"critical": "critical index.html > assets/dist/critical.css",
	"rm-html": "rm index.html",
	"pwa": "create-pwa --icon=\"./assets/images/favicon/icon.png\"",
	"prod": "yarn build && yarn html && yarn critical && yarn rm-html"
}

Here is a bit more about what each script does:

  1. build: Builds the production version of the javascript and css bundles, regenerates PNG and SVG sprites.
  2. start: Starts the development sequence, regenerates PNG and SVG sprites, opens your default browser and watches for changes.
  3. html: Converts your index.php file to index.html.
  4. critical: Using the index.html extracts the critical css and generates a critical.css file in the assets/dist folder which is then inlined in the index.php file.
  5. rm-html: Deletes the index.html file.
  6. pwa: Generates boilerplate files for a PWA. More info here.
  7. prod: Runs 1, 4, 5, 6. (In this exact order).

In order to use the ability to generate critical CSS you must have the php binary exposed in your bash terminal. More about PHP's commandline usage can be found here.

Public vs. private projects

This starter boilerplate is licensed under the MIT open source license and is publicly available.

If you intend to use it to create a private and closed source project, please make sure to delete the license field in the package.json file and add "private": true in the same file.

This will make sure that you don't accidentally use an open source license for your private/closed source project.

LICENSE

MIT

Connect with me:

                     
Support and sponsor my work:

webpack-mpa's People

Contributors

dependabot[bot] avatar greenkeeper[bot] avatar imgbotapp avatar renovate-bot avatar renovate[bot] avatar scriptex avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

pponto mo-om urbrioche

webpack-mpa's Issues

CVE-2019-10744 (High) detected in multiple libraries

CVE-2019-10744 - High Severity Vulnerability

Vulnerable Libraries - lodash-4.17.10.tgz, lodash-3.10.1.tgz, lodash-2.4.2.tgz, lodash-4.17.11.tgz

lodash-4.17.10.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz

Path to dependency file: /webpack-mpa/package.json

Path to vulnerable library: /tmp/git/webpack-mpa/node_modules/asset-resolver/node_modules/lodash/package.json

Dependency Hierarchy:

  • critical-1.3.4.tgz (Root Library)
    • postcss-image-inliner-2.0.0.tgz
      • asset-resolver-1.0.3.tgz
        • lodash-4.17.10.tgz (Vulnerable Library)
lodash-3.10.1.tgz

The modern build of lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz

Path to dependency file: /webpack-mpa/package.json

Path to vulnerable library: /tmp/git/webpack-mpa/node_modules/oust/node_modules/lodash/package.json

Dependency Hierarchy:

  • critical-1.3.4.tgz (Root Library)
    • oust-0.4.0.tgz
      • cheerio-0.19.0.tgz
        • lodash-3.10.1.tgz (Vulnerable Library)
lodash-2.4.2.tgz

A utility library delivering consistency, customization, performance, & extras.

Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz

Path to dependency file: /webpack-mpa/package.json

Path to vulnerable library: /tmp/git/webpack-mpa/node_modules/cave/node_modules/lodash/package.json

Dependency Hierarchy:

  • critical-1.3.4.tgz (Root Library)
    • inline-critical-4.0.7.tgz
      • cave-2.0.0.tgz
        • lodash-2.4.2.tgz (Vulnerable Library)
lodash-4.17.11.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz

Path to dependency file: /webpack-mpa/package.json

Path to vulnerable library: /tmp/git/webpack-mpa/node_modules/lodash/package.json

Dependency Hierarchy:

  • @babel/core-7.5.0.tgz (Root Library)
    • lodash-4.17.11.tgz (Vulnerable Library)

Found in HEAD commit: 6930f6056ceb74d0ba833d0250daf25807ec8243

Vulnerability Details

A Prototype Pollution vulnerability was found in lodash through version 4.17.11.

Publish Date: 2019-07-08

URL: CVE-2019-10744

CVSS 2 Score Details (7.4)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: lodash/lodash@a01e4fa

Release Date: 2019-07-08

Fix Resolution: 4.17.12

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19838 (Medium) detected in node-sass-v4.11.0

CVE-2018-19838 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 6562e357ec8914e0e324a6785b327bd9d810c9b7

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/base.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operation.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.hpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/contrib/plugin.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_superselector.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/paths.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_unification.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/json.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/checked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/string.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass2scss.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/factory.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/value.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.cpp
  • /webpack-mpa/node_modules/node-sass/src/callback_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/functions.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_function_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/bind.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/backtrace.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debugger.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cencode.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/base64vlq.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/number.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/c99func.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/values.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass2scss.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/null.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/context.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/script/test-leaks.pl
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/b64/encode.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.hpp
  • /webpack-mpa/node_modules/node-sass/src/binding.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().

Publish Date: 2018-12-04

URL: CVE-2018-19838

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19838

Fix Resolution: 3.5.5

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6286 (Medium) detected in node-sass-v4.11.0

CVE-2019-6286 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 6562e357ec8914e0e324a6785b327bd9d810c9b7

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/base.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operation.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.hpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/contrib/plugin.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_superselector.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/paths.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_unification.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/json.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/checked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/string.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass2scss.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/factory.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/value.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.cpp
  • /webpack-mpa/node_modules/node-sass/src/callback_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/functions.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_function_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/bind.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/backtrace.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debugger.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cencode.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/base64vlq.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/number.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/c99func.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/values.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass2scss.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/null.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/context.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/script/test-leaks.pl
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/b64/encode.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.hpp
  • /webpack-mpa/node_modules/node-sass/src/binding.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.

Publish Date: 2019-01-14

URL: CVE-2019-6286

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2019-1010266 (Medium) detected in lodash-3.10.1.tgz, lodash-2.4.2.tgz

CVE-2019-1010266 - Medium Severity Vulnerability

Vulnerable Libraries - lodash-3.10.1.tgz, lodash-2.4.2.tgz

lodash-3.10.1.tgz

The modern build of lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz

Path to dependency file: /webpack-mpa/package.json

Path to vulnerable library: /tmp/git/webpack-mpa/node_modules/oust/node_modules/lodash/package.json

Dependency Hierarchy:

  • critical-1.3.4.tgz (Root Library)
    • oust-0.4.0.tgz
      • cheerio-0.19.0.tgz
        • lodash-3.10.1.tgz (Vulnerable Library)
lodash-2.4.2.tgz

A utility library delivering consistency, customization, performance, & extras.

Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz

Path to dependency file: /webpack-mpa/package.json

Path to vulnerable library: /tmp/git/webpack-mpa/node_modules/cave/node_modules/lodash/package.json

Dependency Hierarchy:

  • critical-1.3.4.tgz (Root Library)
    • inline-critical-4.0.7.tgz
      • cave-2.0.0.tgz
        • lodash-2.4.2.tgz (Vulnerable Library)

Found in HEAD commit: 1e4cc80085ce9066b65e5d61bec0694412f02c41

Vulnerability Details

lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.

Publish Date: 2019-07-17

URL: CVE-2019-1010266

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010266

Release Date: 2019-07-17

Fix Resolution: 4.17.11

Step up your Open Source Security Game with WhiteSource here

CVE-2017-1000048 (High) detected in qs-6.2.3.tgz

CVE-2017-1000048 - High Severity Vulnerability

Vulnerable Library - qs-6.2.3.tgz

A querystring parser that supports nesting and arrays, with a depth limit

Library home page: https://registry.npmjs.org/qs/-/qs-6.2.3.tgz

Path to dependency file: /webpack-mpa/package.json

Path to vulnerable library: /tmp/git/webpack-mpa/node_modules/qs/package.json

Dependency Hierarchy:

  • browser-sync-2.26.5.tgz (Root Library)
    • qs-6.2.3.tgz (Vulnerable Library)

Found in HEAD commit: 6562e357ec8914e0e324a6785b327bd9d810c9b7

Vulnerability Details

the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash.

Publish Date: 2017-07-17

URL: CVE-2017-1000048

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: ljharb/qs@c709f6e

Release Date: 2017-03-06

Fix Resolution: Replace or update the following files: parse.js, parse.js, utils.js

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7598 (High) detected in multiple libraries

CVE-2020-7598 - High Severity Vulnerability

Vulnerable Libraries - minimist-0.0.8.tgz, minimist-1.1.3.tgz, minimist-0.0.10.tgz, minimist-1.2.0.tgz

minimist-0.0.8.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz

Path to dependency file: /tmp/ws-scm/webpack-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/webpack-mpa/node_modules/mkdirp/node_modules/minimist/package.json

Dependency Hierarchy:

  • babel-loader-8.0.6.tgz (Root Library)
    • mkdirp-0.5.1.tgz
      • minimist-0.0.8.tgz (Vulnerable Library)
minimist-1.1.3.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-1.1.3.tgz

Path to dependency file: /tmp/ws-scm/webpack-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/webpack-mpa/node_modules/gonzales-pe/node_modules/minimist/package.json

Dependency Hierarchy:

  • stylelint-13.2.1.tgz (Root Library)
    • postcss-sass-0.4.2.tgz
      • gonzales-pe-4.2.4.tgz
        • minimist-1.1.3.tgz (Vulnerable Library)
minimist-0.0.10.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.10.tgz

Path to dependency file: /tmp/ws-scm/webpack-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/webpack-mpa/node_modules/optimist/node_modules/minimist/package.json

Dependency Hierarchy:

  • webpack-spritesmith-1.1.0.tgz (Root Library)
    • spritesheet-templates-10.5.0.tgz
      • handlebars-4.7.3.tgz
        • optimist-0.6.1.tgz
          • minimist-0.0.10.tgz (Vulnerable Library)
minimist-1.2.0.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz

Dependency Hierarchy:

  • browser-sync-2.26.7.tgz (Root Library)
    • chokidar-2.1.8.tgz
      • fsevents-1.2.11.tgz
        • node-pre-gyp-0.14.0.tgz
          • rc-1.2.8.tgz
            • minimist-1.2.0.tgz (Vulnerable Library)

Found in HEAD commit: e83fb7e984a468c694347a7690ff7aeffebe6d18

Vulnerability Details

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.

Publish Date: 2020-03-11

URL: CVE-2020-7598

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94

Release Date: 2020-03-11

Fix Resolution: minimist - 0.2.1,1.2.2

Step up your Open Source Security Game with WhiteSource here

WS-2016-0090 (Medium) detected in multiple libraries

WS-2016-0090 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-2.1.4.min.js, jquery-1.9.1.js, jquery-1.7.1.min.js

jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/webpack-mpa/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /webpack-mpa/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

  • jquery-2.1.4.min.js (Vulnerable Library)
jquery-1.9.1.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.js

Path to dependency file: /tmp/ws-scm/webpack-mpa/node_modules/tinycolor2/index.html

Path to vulnerable library: /webpack-mpa/node_modules/tinycolor2/demo/jquery-1.9.1.js,/webpack-mpa/node_modules/tinycolor2/test/../demo/jquery-1.9.1.js

Dependency Hierarchy:

  • jquery-1.9.1.js (Vulnerable Library)
jquery-1.7.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/webpack-mpa/node_modules/vm-browserify/example/run/index.html

Path to vulnerable library: /webpack-mpa/node_modules/vm-browserify/example/run/index.html

Dependency Hierarchy:

  • jquery-1.7.1.min.js (Vulnerable Library)

Found in HEAD commit: 8b39c112f82dbc91fff837dd14751007b9e4839d

Vulnerability Details

JQuery, before 2.2.0, is vulnerable to Cross-site Scripting (XSS) attacks via text/javascript response with arbitrary code execution.

Publish Date: 2016-11-27

URL: WS-2016-0090

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: jquery/jquery@b078a62

Release Date: 2019-04-08

Fix Resolution: 2.2.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11698 (High) detected in node-sass-v4.11.0

CVE-2018-11698 - High Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 6562e357ec8914e0e324a6785b327bd9d810c9b7

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/base.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operation.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.hpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/contrib/plugin.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_superselector.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/paths.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_unification.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/json.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/checked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/string.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass2scss.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/factory.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/value.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.cpp
  • /webpack-mpa/node_modules/node-sass/src/callback_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/functions.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_function_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/bind.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/backtrace.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debugger.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cencode.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/base64vlq.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/number.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/c99func.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/values.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass2scss.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/null.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/context.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/script/test-leaks.pl
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/b64/encode.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.hpp
  • /webpack-mpa/node_modules/node-sass/src/binding.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11698

CVSS 3 Score Details (8.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-3721 (Medium) detected in lodash-3.10.1.tgz, lodash-2.4.2.tgz

CVE-2018-3721 - Medium Severity Vulnerability

Vulnerable Libraries - lodash-3.10.1.tgz, lodash-2.4.2.tgz

lodash-3.10.1.tgz

The modern build of lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz

Path to dependency file: /webpack-mpa/package.json

Path to vulnerable library: /tmp/git/webpack-mpa/node_modules/oust/node_modules/lodash/package.json

Dependency Hierarchy:

  • critical-1.3.4.tgz (Root Library)
    • oust-0.4.0.tgz
      • cheerio-0.19.0.tgz
        • lodash-3.10.1.tgz (Vulnerable Library)
lodash-2.4.2.tgz

A utility library delivering consistency, customization, performance, & extras.

Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz

Path to dependency file: /webpack-mpa/package.json

Path to vulnerable library: /tmp/git/webpack-mpa/node_modules/cave/node_modules/lodash/package.json

Dependency Hierarchy:

  • critical-1.3.4.tgz (Root Library)
    • inline-critical-4.0.7.tgz
      • cave-2.0.0.tgz
        • lodash-2.4.2.tgz (Vulnerable Library)

Found in HEAD commit: 6562e357ec8914e0e324a6785b327bd9d810c9b7

Vulnerability Details

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.

Publish Date: 2018-06-07

URL: CVE-2018-3721

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-3721

Release Date: 2018-06-07

Fix Resolution: 4.17.5

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6283 (Medium) detected in node-sass-v4.11.0

CVE-2019-6283 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 6562e357ec8914e0e324a6785b327bd9d810c9b7

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/base.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operation.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.hpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/contrib/plugin.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_superselector.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/paths.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_unification.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/json.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/checked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/string.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass2scss.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/factory.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/value.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.cpp
  • /webpack-mpa/node_modules/node-sass/src/callback_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/functions.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_function_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/bind.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/backtrace.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debugger.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cencode.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/base64vlq.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/number.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/c99func.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/values.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass2scss.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/null.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/context.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/script/test-leaks.pl
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/b64/encode.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.hpp
  • /webpack-mpa/node_modules/node-sass/src/binding.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6283

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

WS-2019-0047 (Medium) detected in tar-2.2.1.tgz

WS-2019-0047 - Medium Severity Vulnerability

Vulnerable Library - tar-2.2.1.tgz

tar for node

Library home page: https://registry.npmjs.org/tar/-/tar-2.2.1.tgz

Path to dependency file: /webpack-mpa/package.json

Path to vulnerable library: /tmp/git/webpack-mpa/node_modules/node-gyp/node_modules/tar/package.json

Dependency Hierarchy:

  • node-sass-4.12.0.tgz (Root Library)
    • node-gyp-3.8.0.tgz
      • tar-2.2.1.tgz (Vulnerable Library)

Found in HEAD commit: 6562e357ec8914e0e324a6785b327bd9d810c9b7

Vulnerability Details

Versions of node-tar prior to 4.4.2 are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file.

Publish Date: 2019-04-05

URL: WS-2019-0047

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/803

Release Date: 2019-04-05

Fix Resolution: 4.4.2

Step up your Open Source Security Game with WhiteSource here

CVE-2012-6708 (Medium) detected in jquery-1.7.1.min.js

CVE-2012-6708 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.7.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/webpack-mpa/node_modules/vm-browserify/example/run/index.html

Path to vulnerable library: /webpack-mpa/node_modules/vm-browserify/example/run/index.html

Dependency Hierarchy:

  • jquery-1.7.1.min.js (Vulnerable Library)

Found in HEAD commit: 8b39c112f82dbc91fff837dd14751007b9e4839d

Vulnerability Details

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

Publish Date: 2018-01-18

URL: CVE-2012-6708

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6708

Release Date: 2018-01-18

Fix Resolution: jQuery - v1.9.0

Step up your Open Source Security Game with WhiteSource here

CVE-2019-18797 (Medium) detected in node-sass-v4.11.0

CVE-2019-18797 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 3664393aaf525d3d8bddf5f54a1b83e3a961fce1

Library Source Files (66)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/factory.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/value.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.hpp
  • /webpack-mpa/node_modules/node-sass/src/callback_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operation.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.hpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_function_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/bind.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/backtrace.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debugger.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/number.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/null.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/values.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/map.cpp
  • /webpack-mpa/node_modules/node-sass/src/binding.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/string.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.

Publish Date: 2019-11-06

URL: CVE-2019-18797

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18797

Release Date: 2019-11-06

Fix Resolution: 3.6.3

Step up your Open Source Security Game with WhiteSource here

WS-2020-0044 (High) detected in decompress-4.2.0.tgz

WS-2020-0044 - High Severity Vulnerability

Vulnerable Library - decompress-4.2.0.tgz

Extracting archives made easy

Library home page: https://registry.npmjs.org/decompress/-/decompress-4.2.0.tgz

Path to dependency file: /tmp/ws-scm/webpack-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/webpack-mpa/node_modules/decompress/package.json

Dependency Hierarchy:

  • optisize-1.0.0.tgz (Root Library)
    • imagemin-gifsicle-6.0.1.tgz
      • gifsicle-4.0.1.tgz
        • bin-build-3.0.0.tgz
          • decompress-4.2.0.tgz (Vulnerable Library)

Found in HEAD commit: 022530dc1e1f1bc7f995fe028175da5362860233

Vulnerability Details

decompress in all its versions is vulnerable to arbitrary file write. the package fails to prevent an extraction of files with relative paths which allows attackers to write to any folder in the system.

Publish Date: 2020-03-08

URL: WS-2020-0044

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7608 (Medium) detected in multiple libraries

CVE-2020-7608 - Medium Severity Vulnerability

Vulnerable Libraries - yargs-parser-16.1.0.tgz, yargs-parser-10.1.0.tgz, yargs-parser-4.2.1.tgz, yargs-parser-5.0.0.tgz

yargs-parser-16.1.0.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-16.1.0.tgz

Path to dependency file: /tmp/ws-scm/webpack-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/webpack-mpa/node_modules/stylelint/node_modules/yargs-parser/package.json

Dependency Hierarchy:

  • stylelint-13.2.1.tgz (Root Library)
    • meow-6.0.1.tgz
      • yargs-parser-16.1.0.tgz (Vulnerable Library)
yargs-parser-10.1.0.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-10.1.0.tgz

Path to dependency file: /tmp/ws-scm/webpack-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/webpack-mpa/node_modules/asset-resolver/node_modules/yargs-parser/package.json

Dependency Hierarchy:

  • critical-1.3.9.tgz (Root Library)
    • meow-5.0.0.tgz
      • yargs-parser-10.1.0.tgz (Vulnerable Library)
yargs-parser-4.2.1.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-4.2.1.tgz

Path to dependency file: /tmp/ws-scm/webpack-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/webpack-mpa/node_modules/browser-sync/node_modules/yargs-parser/package.json

Dependency Hierarchy:

  • browser-sync-2.26.7.tgz (Root Library)
    • yargs-6.4.0.tgz
      • yargs-parser-4.2.1.tgz (Vulnerable Library)
yargs-parser-5.0.0.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-5.0.0.tgz

Path to dependency file: /tmp/ws-scm/webpack-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/webpack-mpa/node_modules/sass-graph/node_modules/yargs-parser/package.json

Dependency Hierarchy:

  • node-sass-4.13.1.tgz (Root Library)
    • sass-graph-2.2.4.tgz
      • yargs-7.1.0.tgz
        • yargs-parser-5.0.0.tgz (Vulnerable Library)

Found in HEAD commit: de12a1d5acc7e0ce1aa9fd1c8fb6669812a5a056

Vulnerability Details

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.

Publish Date: 2020-03-16

URL: CVE-2020-7608

CVSS 3 Score Details (5.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: N/A
    • Attack Complexity: N/A
    • Privileges Required: N/A
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608

Release Date: 2020-03-16

Fix Resolution: v18.1.1;13.1.2;15.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20821 (Medium) detected in node-sass-v4.11.0

CVE-2018-20821 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 6562e357ec8914e0e324a6785b327bd9d810c9b7

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/base.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operation.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.hpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/contrib/plugin.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_superselector.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/paths.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_unification.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/json.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/checked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/string.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass2scss.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/factory.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/value.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.cpp
  • /webpack-mpa/node_modules/node-sass/src/callback_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/functions.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_function_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/bind.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/backtrace.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debugger.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cencode.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/base64vlq.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/number.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/c99func.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/values.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass2scss.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/null.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/context.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/script/test-leaks.pl
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/b64/encode.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.hpp
  • /webpack-mpa/node_modules/node-sass/src/binding.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20821

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2015-9521 (Medium) detected in jquery-2.1.4.min.js, jquery-1.9.1.js

CVE-2015-9521 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-2.1.4.min.js, jquery-1.9.1.js

jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/webpack-mpa/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /webpack-mpa/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

  • jquery-2.1.4.min.js (Vulnerable Library)
jquery-1.9.1.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.js

Path to dependency file: /tmp/ws-scm/webpack-mpa/node_modules/tinycolor2/test/index.html

Path to vulnerable library: /webpack-mpa/node_modules/tinycolor2/test/../demo/jquery-1.9.1.js,/webpack-mpa/node_modules/tinycolor2/demo/jquery-1.9.1.js

Dependency Hierarchy:

  • jquery-1.9.1.js (Vulnerable Library)

Found in HEAD commit: fa0dfaa8d5eb7d362c85483d359571a3cab4d7bb

Vulnerability Details

The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.

Publish Date: 2019-10-23

URL: CVE-2015-9521

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: jquery/jquery@b078a62

Release Date: 2019-10-23

Fix Resolution: 2.2.0

Step up your Open Source Security Game with WhiteSource here

CVE-2020-11022 (Medium) detected in multiple libraries

CVE-2020-11022 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-3.4.0.min.js, jquery-2.1.4.min.js, jquery-1.9.1.js

jquery-3.4.0.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.0/jquery.min.js

Path to dependency file: /tmp/ws-scm/webpack-mpa/node_modules/js-base64/test/index.html

Path to vulnerable library: /webpack-mpa/node_modules/js-base64/test/index.html

Dependency Hierarchy:

  • jquery-3.4.0.min.js (Vulnerable Library)
jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/webpack-mpa/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /webpack-mpa/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

  • jquery-2.1.4.min.js (Vulnerable Library)
jquery-1.9.1.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.js

Path to dependency file: /tmp/ws-scm/webpack-mpa/node_modules/tinycolor2/test/index.html

Path to vulnerable library: /webpack-mpa/node_modules/tinycolor2/test/../demo/jquery-1.9.1.js,/webpack-mpa/node_modules/tinycolor2/demo/jquery-1.9.1.js

Dependency Hierarchy:

  • jquery-1.9.1.js (Vulnerable Library)

Found in HEAD commit: 36da6ff5bb358675b28c71fa5ac8223b208e3ca7

Vulnerability Details

In jQuery before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

CVSS 3 Score Details (5.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: N/A
    • Attack Complexity: N/A
    • Privileges Required: N/A
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

Step up your Open Source Security Game with WhiteSource here

Error on execute command WMPA

TypeError [ERR_INVALID_ARG_TYPE]: The "path" argument must be one of type string, Buffer, or URL. Received type undefined

CVE-2018-19827 (High) detected in node-sass-v4.11.0

CVE-2018-19827 - High Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 6562e357ec8914e0e324a6785b327bd9d810c9b7

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/base.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operation.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.hpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/contrib/plugin.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_superselector.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/paths.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_unification.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/json.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/checked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/string.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass2scss.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/factory.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/value.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.cpp
  • /webpack-mpa/node_modules/node-sass/src/callback_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/functions.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_function_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/bind.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/backtrace.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debugger.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cencode.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/base64vlq.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/number.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/c99func.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/values.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass2scss.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/null.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/context.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/script/test-leaks.pl
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/b64/encode.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.hpp
  • /webpack-mpa/node_modules/node-sass/src/binding.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-12-03

URL: CVE-2018-19827

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19826 (Medium) detected in node-sass-v4.11.0

CVE-2018-19826 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 6562e357ec8914e0e324a6785b327bd9d810c9b7

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/base.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operation.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.hpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/contrib/plugin.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_superselector.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/paths.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_unification.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/json.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/checked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/string.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass2scss.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/factory.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/value.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.cpp
  • /webpack-mpa/node_modules/node-sass/src/callback_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/functions.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_function_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/bind.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/backtrace.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debugger.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cencode.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/base64vlq.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/number.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/c99func.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/values.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass2scss.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/null.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/context.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/script/test-leaks.pl
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/b64/encode.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.hpp
  • /webpack-mpa/node_modules/node-sass/src/binding.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters.

Publish Date: 2018-12-03

URL: CVE-2018-19826

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

WS-2020-0068 (Medium) detected in multiple libraries

WS-2020-0068 - Medium Severity Vulnerability

Vulnerable Libraries - yargs-parser-10.1.0.tgz, yargs-parser-13.1.2.tgz, yargs-parser-4.2.1.tgz

yargs-parser-10.1.0.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-10.1.0.tgz

Path to dependency file: /tmp/ws-scm/webpack-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/webpack-mpa/node_modules/asset-resolver/node_modules/yargs-parser/package.json

Dependency Hierarchy:

  • critical-1.3.9.tgz (Root Library)
    • meow-5.0.0.tgz
      • yargs-parser-10.1.0.tgz (Vulnerable Library)
yargs-parser-13.1.2.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-13.1.2.tgz

Path to dependency file: /tmp/ws-scm/webpack-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/webpack-mpa/node_modules/yargs-parser/package.json

Dependency Hierarchy:

  • optisize-1.0.0.tgz (Root Library)
    • yargs-13.3.2.tgz
      • yargs-parser-13.1.2.tgz (Vulnerable Library)
yargs-parser-4.2.1.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-4.2.1.tgz

Path to dependency file: /tmp/ws-scm/webpack-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/webpack-mpa/node_modules/browser-sync/node_modules/yargs-parser/package.json

Dependency Hierarchy:

  • browser-sync-2.26.7.tgz (Root Library)
    • yargs-6.4.0.tgz
      • yargs-parser-4.2.1.tgz (Vulnerable Library)

Found in HEAD commit: 56601a362269953ce181968e59cfa5b5d0b3a61b

Vulnerability Details

Affected versions of yargs-parser are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument --foo.proto.bar baz' adds a bar property with value baz to all objects. This is only exploitable if attackers have control over the arguments being passed to yargs-parser.

Publish Date: 2020-05-01

URL: WS-2020-0068

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: N/A
    • Attack Complexity: N/A
    • Privileges Required: N/A
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/package/yargs-parser

Release Date: 2020-05-04

Fix Resolution: https://www.npmjs.com/package/yargs-parser/v/18.1.2,https://www.npmjs.com/package/yargs-parser/v/15.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19839 (Medium) detected in node-sass-v4.11.0

CVE-2018-19839 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 6562e357ec8914e0e324a6785b327bd9d810c9b7

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/base.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operation.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.hpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/contrib/plugin.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_superselector.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/paths.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_unification.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/json.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/checked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/string.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass2scss.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/factory.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/value.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.cpp
  • /webpack-mpa/node_modules/node-sass/src/callback_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/functions.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_function_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/bind.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/backtrace.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debugger.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cencode.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/base64vlq.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/number.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/c99func.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/values.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass2scss.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/null.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/context.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/script/test-leaks.pl
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/b64/encode.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.hpp
  • /webpack-mpa/node_modules/node-sass/src/binding.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.

Publish Date: 2018-12-04

URL: CVE-2018-19839

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19839

Fix Resolution: 3.5.5

Step up your Open Source Security Game with WhiteSource here

WS-2020-0042 (Medium) detected in acorn-6.4.0.tgz, acorn-2.7.0.tgz

WS-2020-0042 - Medium Severity Vulnerability

Vulnerable Libraries - acorn-6.4.0.tgz, acorn-2.7.0.tgz

acorn-6.4.0.tgz

ECMAScript parser

Library home page: https://registry.npmjs.org/acorn/-/acorn-6.4.0.tgz

Path to dependency file: /tmp/ws-scm/webpack-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/webpack-mpa/node_modules/eslint-config-recommended/node_modules/acorn/package.json

Dependency Hierarchy:

  • eslint-config-recommended-4.0.0.tgz (Root Library)
    • eslint-config-esnext-4.0.0.tgz
      • eslint-5.16.0.tgz
        • espree-5.0.1.tgz
          • acorn-6.4.0.tgz (Vulnerable Library)
acorn-2.7.0.tgz

ECMAScript parser

Library home page: https://registry.npmjs.org/acorn/-/acorn-2.7.0.tgz

Path to dependency file: /tmp/ws-scm/webpack-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/webpack-mpa/node_modules/jsdom/node_modules/acorn/package.json

Dependency Hierarchy:

  • spritesh-1.2.1.tgz (Root Library)
    • cheerio-0.20.0.tgz
      • jsdom-7.2.2.tgz
        • acorn-globals-1.0.9.tgz
          • acorn-2.7.0.tgz (Vulnerable Library)

Found in HEAD commit: 89b67d92593de5746b20ee2f29ec3ccdc8326ea7

Vulnerability Details

acorn is vulnerable to REGEX DoS. A regex of the form /[x-\ud800]/u causes the parser to enter an infinite loop. attackers may leverage the vulnerability leading to a Denial of Service since the string is not valid UTF16 and it results in it being sanitized before reaching the parser.

Publish Date: 2020-03-08

URL: WS-2020-0042

CVSS 3 Score Details (5.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: N/A
    • Attack Complexity: N/A
    • Privileges Required: N/A
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/1488

Release Date: 2020-03-08

Fix Resolution: 7.1.1

Step up your Open Source Security Game with WhiteSource here

CVE-2015-9251 (Medium) detected in multiple libraries

CVE-2015-9251 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-2.1.4.min.js, jquery-1.9.1.js, jquery-1.7.1.min.js

jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/webpack-mpa/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /webpack-mpa/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

  • jquery-2.1.4.min.js (Vulnerable Library)
jquery-1.9.1.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.js

Path to dependency file: /tmp/ws-scm/webpack-mpa/node_modules/tinycolor2/index.html

Path to vulnerable library: /webpack-mpa/node_modules/tinycolor2/demo/jquery-1.9.1.js,/webpack-mpa/node_modules/tinycolor2/test/../demo/jquery-1.9.1.js

Dependency Hierarchy:

  • jquery-1.9.1.js (Vulnerable Library)
jquery-1.7.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/webpack-mpa/node_modules/vm-browserify/example/run/index.html

Path to vulnerable library: /webpack-mpa/node_modules/vm-browserify/example/run/index.html

Dependency Hierarchy:

  • jquery-1.7.1.min.js (Vulnerable Library)

Found in HEAD commit: 8b39c112f82dbc91fff837dd14751007b9e4839d

Vulnerability Details

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Publish Date: 2018-01-18

URL: CVE-2015-9251

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251

Release Date: 2018-01-18

Fix Resolution: jQuery - v3.0.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11697 (High) detected in node-sass-v4.11.0

CVE-2018-11697 - High Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 6562e357ec8914e0e324a6785b327bd9d810c9b7

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/base.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operation.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.hpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/contrib/plugin.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_superselector.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/paths.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_unification.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/json.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/checked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/string.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass2scss.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/factory.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/value.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.cpp
  • /webpack-mpa/node_modules/node-sass/src/callback_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/functions.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_function_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/bind.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/backtrace.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debugger.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cencode.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/base64vlq.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/number.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/c99func.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/values.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass2scss.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/null.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/context.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/script/test-leaks.pl
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/b64/encode.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.hpp
  • /webpack-mpa/node_modules/node-sass/src/binding.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11697

CVSS 3 Score Details (8.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2019-20149 (Medium) detected in multiple libraries

CVE-2019-20149 - Medium Severity Vulnerability

Vulnerable Libraries - kind-of-3.2.2.tgz, kind-of-4.0.0.tgz, kind-of-6.0.2.tgz, kind-of-5.1.0.tgz

kind-of-3.2.2.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz

Path to dependency file: /tmp/ws-scm/webpack-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/webpack-mpa/node_modules/is-number/node_modules/kind-of/package.json

Dependency Hierarchy:

  • browser-sync-2.26.7.tgz (Root Library)
    • micromatch-3.1.10.tgz
      • snapdragon-0.8.2.tgz
        • base-0.11.2.tgz
          • class-utils-0.3.6.tgz
            • static-extend-0.1.2.tgz
              • object-copy-0.1.0.tgz
                • kind-of-3.2.2.tgz (Vulnerable Library)
kind-of-4.0.0.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-4.0.0.tgz

Path to dependency file: /tmp/ws-scm/webpack-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/webpack-mpa/node_modules/has-values/node_modules/kind-of/package.json

Dependency Hierarchy:

  • browser-sync-2.26.7.tgz (Root Library)
    • micromatch-3.1.10.tgz
      • snapdragon-0.8.2.tgz
        • base-0.11.2.tgz
          • cache-base-1.0.1.tgz
            • has-value-1.0.0.tgz
              • has-values-1.0.0.tgz
                • kind-of-4.0.0.tgz (Vulnerable Library)
kind-of-6.0.2.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz

Path to dependency file: /tmp/ws-scm/webpack-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/webpack-mpa/node_modules/kind-of/package.json

Dependency Hierarchy:

  • browser-sync-2.26.7.tgz (Root Library)
    • micromatch-3.1.10.tgz
      • kind-of-6.0.2.tgz (Vulnerable Library)
kind-of-5.1.0.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz

Path to dependency file: /tmp/ws-scm/webpack-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/webpack-mpa/node_modules/is-descriptor/node_modules/kind-of/package.json

Dependency Hierarchy:

  • browser-sync-2.26.7.tgz (Root Library)
    • micromatch-3.1.10.tgz
      • snapdragon-0.8.2.tgz
        • define-property-0.2.5.tgz
          • is-descriptor-0.1.6.tgz
            • kind-of-5.1.0.tgz (Vulnerable Library)

Found in HEAD commit: 179d7c4c5720f802bf9389c8c42b4ba41d22c46e

Vulnerability Details

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.

Publish Date: 2019-12-30

URL: CVE-2019-20149

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

WDS

Try setting up a server using webpack dev server. This would be useful for people without apache (or similar) server installed and configured.
Add a new script: yarn serve

CVE-2019-11358 (Medium) detected in jquery-2.1.4.min.js, jquery-1.9.1.js

CVE-2019-11358 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-2.1.4.min.js, jquery-1.9.1.js

jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/webpack-mpa/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /webpack-mpa/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

  • jquery-2.1.4.min.js (Vulnerable Library)
jquery-1.9.1.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.js

Path to dependency file: /tmp/ws-scm/webpack-mpa/node_modules/tinycolor2/index.html

Path to vulnerable library: /webpack-mpa/node_modules/tinycolor2/demo/jquery-1.9.1.js,/webpack-mpa/node_modules/tinycolor2/test/../demo/jquery-1.9.1.js

Dependency Hierarchy:

  • jquery-1.9.1.js (Vulnerable Library)

Found in HEAD commit: 8b39c112f82dbc91fff837dd14751007b9e4839d

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-20

URL: CVE-2019-11358

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: jquery/jquery@753d591

Release Date: 2019-03-25

Fix Resolution: Replace or update the following files: core.js, core.js

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11695 (High) detected in node-sass-v4.11.0

CVE-2018-11695 - High Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 6562e357ec8914e0e324a6785b327bd9d810c9b7

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/base.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operation.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.hpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/contrib/plugin.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_superselector.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/paths.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_unification.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/json.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/checked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/string.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass2scss.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/factory.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/value.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.cpp
  • /webpack-mpa/node_modules/node-sass/src/callback_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/functions.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_function_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/bind.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/backtrace.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debugger.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cencode.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/base64vlq.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/number.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/c99func.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/values.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass2scss.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/null.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/context.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/script/test-leaks.pl
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/b64/encode.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.hpp
  • /webpack-mpa/node_modules/node-sass/src/binding.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11695

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2019-10742 (Medium) detected in axios-0.17.1.tgz

CVE-2019-10742 - Medium Severity Vulnerability

Vulnerable Library - axios-0.17.1.tgz

Promise based HTTP client for the browser and node.js

Library home page: https://registry.npmjs.org/axios/-/axios-0.17.1.tgz

Path to dependency file: /webpack-mpa/package.json

Path to vulnerable library: /tmp/git/webpack-mpa/node_modules/axios/package.json

Dependency Hierarchy:

  • browser-sync-2.26.5.tgz (Root Library)
    • localtunnel-1.9.1.tgz
      • axios-0.17.1.tgz (Vulnerable Library)

Found in HEAD commit: 9b51618267b863f961fc4eb11bec486cf0c1fc12

Vulnerability Details

Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.

Publish Date: 2019-05-07

URL: CVE-2019-10742

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

Publish dot files to NPM

Configuration and helper files should be published to NPM as they are part of the build and the development process.

CVE-2020-8116 (Medium) detected in dot-prop-4.2.0.tgz

CVE-2020-8116 - Medium Severity Vulnerability

Vulnerable Library - dot-prop-4.2.0.tgz

Get, set, or delete a property from a nested object using a dot path

Library home page: https://registry.npmjs.org/dot-prop/-/dot-prop-4.2.0.tgz

Path to dependency file: /tmp/ws-scm/webpack-mpa/package.json

Path to vulnerable library: /tmp/ws-scm/webpack-mpa/node_modules/dot-prop/package.json

Dependency Hierarchy:

  • postcss-merge-rules-4.0.3.tgz (Root Library)
    • postcss-selector-parser-3.1.1.tgz
      • dot-prop-4.2.0.tgz (Vulnerable Library)

Found in HEAD commit: 365a011029592107ca187b27a584fc3c92713864

Vulnerability Details

Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

Publish Date: 2020-02-04

URL: CVE-2020-8116

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8116

Release Date: 2020-02-04

Fix Resolution: dot-prop - 5.1.1

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20834 (High) detected in tar-2.2.2.tgz

CVE-2018-20834 - High Severity Vulnerability

Vulnerable Library - tar-2.2.2.tgz

tar for node

Library home page: https://registry.npmjs.org/tar/-/tar-2.2.2.tgz

Path to dependency file: /webpack-mpa/package.json

Path to vulnerable library: /tmp/git/webpack-mpa/node_modules/node-gyp/node_modules/tar/package.json

Dependency Hierarchy:

  • node-sass-4.12.0.tgz (Root Library)
    • node-gyp-3.8.0.tgz
      • tar-2.2.2.tgz (Vulnerable Library)

Found in HEAD commit: 4fd6175a1807b74f868b145d3260850b99cb7993

Vulnerability Details

A vulnerability was found in node-tar before version 4.4.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content.

Publish Date: 2019-04-30

URL: CVE-2018-20834

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://hackerone.com/reports/344595

Release Date: 2019-04-30

Fix Resolution: v4.4.2

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20822 (Medium) detected in node-sass-v4.11.0

CVE-2018-20822 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 6562e357ec8914e0e324a6785b327bd9d810c9b7

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/base.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operation.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.hpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/contrib/plugin.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_superselector.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/paths.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_unification.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/json.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/checked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/string.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass2scss.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/factory.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/value.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.cpp
  • /webpack-mpa/node_modules/node-sass/src/callback_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/functions.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_function_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/bind.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/backtrace.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debugger.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cencode.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/base64vlq.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/number.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/c99func.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/values.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass2scss.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/null.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/context.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/script/test-leaks.pl
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/b64/encode.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.hpp
  • /webpack-mpa/node_modules/node-sass/src/binding.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20822

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6284 (Medium) detected in node-sass-v4.11.0

CVE-2019-6284 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 6562e357ec8914e0e324a6785b327bd9d810c9b7

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/base.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operation.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.hpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/contrib/plugin.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_superselector.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/paths.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_unification.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/json.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/checked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/string.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass2scss.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/factory.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/value.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.cpp
  • /webpack-mpa/node_modules/node-sass/src/callback_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/functions.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_function_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/bind.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/backtrace.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debugger.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cencode.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/base64vlq.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/number.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/c99func.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/values.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass2scss.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/null.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/context.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/script/test-leaks.pl
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/b64/encode.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.hpp
  • /webpack-mpa/node_modules/node-sass/src/binding.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6284

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19797 (Medium) detected in node-sass-v4.11.0

CVE-2018-19797 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 6562e357ec8914e0e324a6785b327bd9d810c9b7

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/base.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operation.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.hpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/contrib/plugin.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_superselector.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/paths.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_unification.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/json.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/checked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/string.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass2scss.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/factory.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/value.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.cpp
  • /webpack-mpa/node_modules/node-sass/src/callback_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/functions.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_function_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/bind.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/backtrace.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debugger.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cencode.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/base64vlq.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/number.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/c99func.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/values.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass2scss.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/null.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/context.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/script/test-leaks.pl
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/b64/encode.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.hpp
  • /webpack-mpa/node_modules/node-sass/src/binding.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-03

URL: CVE-2018-19797

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20190 (Medium) detected in node-sass-v4.11.0

CVE-2018-20190 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 6562e357ec8914e0e324a6785b327bd9d810c9b7

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/base.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operation.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.hpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/contrib/plugin.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_superselector.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/paths.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_unification.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/json.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/checked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/string.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass2scss.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/factory.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/value.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.cpp
  • /webpack-mpa/node_modules/node-sass/src/callback_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/functions.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_function_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/bind.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/backtrace.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debugger.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cencode.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/base64vlq.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/number.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/c99func.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/values.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass2scss.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/null.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/context.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/script/test-leaks.pl
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/b64/encode.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.hpp
  • /webpack-mpa/node_modules/node-sass/src/binding.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-17

URL: CVE-2018-20190

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

WS-2019-0158 (Medium) detected in static-eval-0.2.4.tgz

WS-2019-0158 - Medium Severity Vulnerability

Vulnerable Library - static-eval-0.2.4.tgz

evaluate statically-analyzable expressions

Library home page: https://registry.npmjs.org/static-eval/-/static-eval-0.2.4.tgz

Path to dependency file: /webpack-mpa/package.json

Path to vulnerable library: /tmp/git/webpack-mpa/node_modules/static-eval/package.json

Dependency Hierarchy:

  • webpack-spritesmith-1.0.1.tgz (Root Library)
    • spritesmith-3.3.1.tgz
      • pixelsmith-2.2.1.tgz
        • ndarray-fill-1.0.2.tgz
          • cwise-1.0.10.tgz
            • static-module-1.5.0.tgz
              • static-eval-0.2.4.tgz (Vulnerable Library)

Found in HEAD commit: cc0c109ddb19458f05093b4972c1018d2da20b1b

Vulnerability Details

static-eval before 2.0.2 pass untrusted user input directly to the global function constructor. leads to Arbitrary Code Execution

Publish Date: 2019-07-15

URL: WS-2019-0158

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/758

Release Date: 2019-07-15

Fix Resolution: 2.0.2

Step up your Open Source Security Game with WhiteSource here

CVE-2013-0340 (Medium) detected in src-73.0.3635.0

CVE-2013-0340 - Medium Severity Vulnerability

Vulnerable Library - src73.0.3635.0

Library home page: https://chromium.googlesource.com/chromium/src

Found in HEAD commit: 9bf89d9e6ce3a6d42435c43d5b9bbc4d276fe3c3

Library Source Files (51)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /webpack-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/expat_external.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/xpathInternals.h
  • /webpack-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/catalog.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/SAX.h
  • /webpack-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/encoding.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/xmlwriter.h
  • /webpack-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/pattern.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/schematron.h
  • /webpack-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/c14n.h
  • /webpack-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/xinclude.h
  • /webpack-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/dict.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/xmlmemory.h
  • /webpack-mpa/node_modules/sharp/vendor/include/webp/encode.h
  • /webpack-mpa/node_modules/sharp/vendor/include/webp/mux.h
  • /webpack-mpa/node_modules/sharp/vendor/include/expat.h
  • /webpack-mpa/node_modules/sharp/vendor/include/webp/demux.h
  • /webpack-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/parserInternals.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/xmlschemas.h
  • /webpack-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/xmlregexp.h
  • /webpack-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/parser.h
  • /webpack-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/webp/mux_types.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/schemasInternals.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/relaxng.h
  • /webpack-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/webp/types.h
  • /webpack-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/xmlmodule.h
  • /webpack-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/nanohttp.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/xmlsave.h
  • /webpack-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/xmlunicode.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/xmlschemastypes.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/DOCBparser.h
  • /webpack-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/hash.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/xmlstring.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/SAX2.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libpng16/pngconf.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/uri.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/xmlIO.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/valid.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/debugXML.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/xpointer.h
  • /webpack-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/chvalid.h
  • /webpack-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/threads.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/HTMLparser.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/xmlreader.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libpng16/png.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/HTMLtree.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/xmlautomata.h
  • /webpack-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/nanoftp.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/xlink.h
  • /webpack-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/xmlerror.h
  • /webpack-mpa/node_modules/create-pwa/node_modules/sharp/vendor/include/libxml2/libxml/xpath.h
  • /webpack-mpa/node_modules/sharp/vendor/include/libxml2/libxml/list.h

Vulnerability Details

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.

Publish Date: 2014-01-21

URL: CVE-2013-0340

CVSS 2 Score Details (6.8)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://security.gentoo.org/glsa/201701-21

Release Date: 2017-01-11

Fix Resolution: All Expat users should upgrade to the latest version >= expat-2.2.0-r1

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11694 (High) detected in node-sass-v4.11.0

CVE-2018-11694 - High Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 6562e357ec8914e0e324a6785b327bd9d810c9b7

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/base.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operation.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.hpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/contrib/plugin.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_superselector.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/paths.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_unification.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/json.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/checked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/string.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass2scss.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/factory.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/value.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.cpp
  • /webpack-mpa/node_modules/node-sass/src/callback_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/functions.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_function_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/bind.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/backtrace.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debugger.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cencode.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/base64vlq.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/number.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/c99func.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/values.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass2scss.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/null.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/context.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/script/test-leaks.pl
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/b64/encode.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.hpp
  • /webpack-mpa/node_modules/node-sass/src/binding.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11694

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Improve documentation

Add usage details about the svg sprite:

  1. How to include it and use the icons
  2. Replace imagemin with optisize and link to its repository.

CVE-2018-16487 (High) detected in multiple libraries

CVE-2018-16487 - High Severity Vulnerability

Vulnerable Libraries - lodash-4.17.10.tgz, lodash-3.10.1.tgz, lodash-2.4.2.tgz

lodash-4.17.10.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz

Path to dependency file: /webpack-mpa/package.json

Path to vulnerable library: /tmp/git/webpack-mpa/node_modules/asset-resolver/node_modules/lodash/package.json

Dependency Hierarchy:

  • critical-1.3.4.tgz (Root Library)
    • postcss-image-inliner-2.0.0.tgz
      • asset-resolver-1.0.3.tgz
        • lodash-4.17.10.tgz (Vulnerable Library)
lodash-3.10.1.tgz

The modern build of lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz

Path to dependency file: /webpack-mpa/package.json

Path to vulnerable library: /tmp/git/webpack-mpa/node_modules/oust/node_modules/lodash/package.json

Dependency Hierarchy:

  • critical-1.3.4.tgz (Root Library)
    • oust-0.4.0.tgz
      • cheerio-0.19.0.tgz
        • lodash-3.10.1.tgz (Vulnerable Library)
lodash-2.4.2.tgz

A utility library delivering consistency, customization, performance, & extras.

Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz

Path to dependency file: /webpack-mpa/package.json

Path to vulnerable library: /tmp/git/webpack-mpa/node_modules/cave/node_modules/lodash/package.json

Dependency Hierarchy:

  • critical-1.3.4.tgz (Root Library)
    • inline-critical-4.0.7.tgz
      • cave-2.0.0.tgz
        • lodash-2.4.2.tgz (Vulnerable Library)

Found in HEAD commit: 6562e357ec8914e0e324a6785b327bd9d810c9b7

Vulnerability Details

A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.

Publish Date: 2019-02-01

URL: CVE-2018-16487

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16487

Release Date: 2019-02-01

Fix Resolution: 4.17.11

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11499 (High) detected in node-sass-v4.11.0

CVE-2018-11499 - High Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 6562e357ec8914e0e324a6785b327bd9d810c9b7

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/base.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operation.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.hpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/contrib/plugin.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_superselector.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/paths.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_unification.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/json.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/checked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/string.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass2scss.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/factory.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/value.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.cpp
  • /webpack-mpa/node_modules/node-sass/src/callback_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/functions.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_function_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/bind.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/backtrace.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debugger.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cencode.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/base64vlq.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/number.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/c99func.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/values.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass2scss.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/null.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/context.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/script/test-leaks.pl
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/b64/encode.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.hpp
  • /webpack-mpa/node_modules/node-sass/src/binding.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.

Publish Date: 2018-05-26

URL: CVE-2018-11499

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11693 (High) detected in node-sass-v4.11.0

CVE-2018-11693 - High Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 6562e357ec8914e0e324a6785b327bd9d810c9b7

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/base.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operation.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.hpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/contrib/plugin.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_superselector.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/error_handling.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/emitter.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/output.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/paths.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_unification.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_util.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/json.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/check_nesting.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/units.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8/checked.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/listize.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/string.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/prelexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass2scss.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/eval.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/expand.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/factory.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/boolean.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/source_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/value.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/utf8_string.cpp
  • /webpack-mpa/node_modules/node-sass/src/callback_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/node.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/operators.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/parser.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/constants.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/list.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cssize.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/functions.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/util.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_function_bridge.cpp
  • /webpack-mpa/node_modules/node-sass/src/custom_importer_bridge.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/bind.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/inspect.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_functions.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/backtrace.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/extend.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debugger.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/cencode.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/base64vlq.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/number.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/color.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/c99func.c
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/position.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_values.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/values.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass2scss.cpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/null.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/include/sass/context.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/ast.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/color_maps.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_context_wrapper.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/script/test-leaks.pl
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/lexer.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_c.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/to_value.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/b64/encode.h
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/file.hpp
  • /webpack-mpa/node_modules/node-sass/src/sass_types/map.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/environment.hpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/plugins.hpp
  • /webpack-mpa/node_modules/node-sass/src/binding.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/sass_context.cpp
  • /webpack-mpa/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11693

CVSS 3 Score Details (8.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2017-16226 (High) detected in static-eval-0.2.4.tgz

CVE-2017-16226 - High Severity Vulnerability

Vulnerable Library - static-eval-0.2.4.tgz

evaluate statically-analyzable expressions

Library home page: https://registry.npmjs.org/static-eval/-/static-eval-0.2.4.tgz

Path to dependency file: /webpack-mpa/package.json

Path to vulnerable library: /tmp/git/webpack-mpa/node_modules/static-eval/package.json

Dependency Hierarchy:

  • webpack-spritesmith-1.0.1.tgz (Root Library)
    • spritesmith-3.3.1.tgz
      • pixelsmith-2.2.1.tgz
        • ndarray-fill-1.0.2.tgz
          • cwise-1.0.10.tgz
            • static-module-1.5.0.tgz
              • static-eval-0.2.4.tgz (Vulnerable Library)

Found in HEAD commit: 6562e357ec8914e0e324a6785b327bd9d810c9b7

Vulnerability Details

The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.

Publish Date: 2018-06-07

URL: CVE-2017-16226

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/548

Release Date: 2017-10-18

Fix Resolution: Update to version 2.0.0 or later.

Step up your Open Source Security Game with WhiteSource here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.