silinternational / wecarry-ui Goto Github PK

View Code? Open in Web Editor NEW

0.0 6.0 2.0 2.44 MB

UI for WeCarry App

License: MIT License

JavaScript 23.42% CSS 0.43% Makefile 0.12% Svelte 74.63% SCSS 1.40%

wecarry-ui's Introduction

Archived

WeCarry has been discontinued and will not be developed further

WeCarry app

Dependencies

Node and Make

Local development

This project utilizes Rollup for its builds

Ensure your etc/hosts has a wecarry.local and minio alias to localhost cp .env.example .env and update the values as needed

Install the project dependencies and start a local server

make

Navigate to http://wecarry.local:5001. You should see your app running. Edit a component file in src, save it, and the page will automatically reload with your changes.

Testing social providers (oauth)

In order to utilize the social auth capabilities, BASE_API_URL and the locally running api's HOST must be localhost instead of wecarry.local. These vars are found in the .env and docker-compose.yml respectively.

Breakpoint testing

To see what Bootstrap responsive breakpoint you are currently viewing, add the following to the Footer.svelte:

<script>
// ADD THIS:
import BootstrapWidthIndicator from 'components/BootstrapWidthIndicator.svelte'
</script>

...

<footer ...>
    ...

    // AND ADD THIS:
    <span class="mx-2 text-muted float-right"><BootstrapWidthIndicator /></span>
</footer>

Deployment

make build

The contents of the dist folder can then be deployed to your host

wecarry-ui's People

Contributors

Watchers

Forkers

da1238 isabella232

wecarry-ui's Issues

CVE-2018-11697 (High) detected in node-sass-v4.11.0, CSS::Sass-v3.6.0

CVE-2018-11697 - High Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11697

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11697

Release Date: 2019-09-01

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11698 (High) detected in opennms-opennms-source-23.0.0-1

CVE-2018-11698 - High Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 6d24c1b58a9533d2a48780e78bd3ceb7ce595d2b

Library Source Files (65)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/wecarry-ui/node_modules/node-sass/src/libsass/src/expand.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/expand.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/factory.cpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./yoshinoya.js
/wecarry-ui/node_modules/node-sass/src/sass_types/boolean.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/util.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/value.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/emitter.hpp
/wecarry-ui/node_modules/node-sass/src/callback_bridge.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/file.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/operation.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/operators.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/constants.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/error_handling.hpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./dankogai.js
/wecarry-ui/node_modules/node-sass/src/custom_importer_bridge.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/parser.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/constants.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/list.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/cssize.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/functions.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/util.cpp
/wecarry-ui/node_modules/node-sass/src/custom_function_bridge.cpp
/wecarry-ui/node_modules/node-sass/src/custom_importer_bridge.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/bind.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/eval.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/backtrace.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/extend.cpp
/wecarry-ui/node_modules/node-sass/src/sass_context_wrapper.h
/wecarry-ui/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/error_handling.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/debugger.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/emitter.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/number.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/color.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_values.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/output.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/null.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/functions.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/cssize.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/prelexer.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_c.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_value.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/inspect.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/color.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/values.cpp
/wecarry-ui/node_modules/node-sass/src/sass_context_wrapper.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/list.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./es5.js
/wecarry-ui/node_modules/node-sass/src/sass_types/map.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_value.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/context.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/string.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_context.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/prelexer.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/context.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/boolean.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11698

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11698

Release Date: 2019-08-06

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

Expiration dates render as "Invalid Date" in Safari

All expiration dates render as "Invalid Date" in Safari.

Safari:

Firefox:

There’s an error in the console, but it shows up in Firefox, too. Firefox doesn’t have the bug.
TypeError: 'handleEvent' property of event listener should be callable

CVE-2018-11694 (High) detected in opennms-opennms-source-23.0.0-1

CVE-2018-11694 - High Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 6d24c1b58a9533d2a48780e78bd3ceb7ce595d2b

Library Source Files (65)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/wecarry-ui/node_modules/node-sass/src/libsass/src/expand.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/expand.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/factory.cpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./yoshinoya.js
/wecarry-ui/node_modules/node-sass/src/sass_types/boolean.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/util.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/value.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/emitter.hpp
/wecarry-ui/node_modules/node-sass/src/callback_bridge.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/file.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/operation.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/operators.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/constants.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/error_handling.hpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./dankogai.js
/wecarry-ui/node_modules/node-sass/src/custom_importer_bridge.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/parser.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/constants.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/list.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/cssize.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/functions.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/util.cpp
/wecarry-ui/node_modules/node-sass/src/custom_function_bridge.cpp
/wecarry-ui/node_modules/node-sass/src/custom_importer_bridge.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/bind.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/eval.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/backtrace.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/extend.cpp
/wecarry-ui/node_modules/node-sass/src/sass_context_wrapper.h
/wecarry-ui/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/error_handling.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/debugger.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/emitter.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/number.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/color.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_values.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/output.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/null.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/functions.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/cssize.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/prelexer.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_c.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_value.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/inspect.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/color.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/values.cpp
/wecarry-ui/node_modules/node-sass/src/sass_context_wrapper.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/list.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./es5.js
/wecarry-ui/node_modules/node-sass/src/sass_types/map.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_value.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/context.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/string.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_context.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/prelexer.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/context.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/boolean.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11694

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11694

Release Date: 2018-06-04

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6286 (Medium) detected in opennms-opennms-source-23.0.0-1

CVE-2019-6286 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 6d24c1b58a9533d2a48780e78bd3ceb7ce595d2b

Library Source Files (65)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/wecarry-ui/node_modules/node-sass/src/libsass/src/expand.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/expand.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/factory.cpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./yoshinoya.js
/wecarry-ui/node_modules/node-sass/src/sass_types/boolean.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/util.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/value.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/emitter.hpp
/wecarry-ui/node_modules/node-sass/src/callback_bridge.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/file.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/operation.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/operators.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/constants.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/error_handling.hpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./dankogai.js
/wecarry-ui/node_modules/node-sass/src/custom_importer_bridge.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/parser.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/constants.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/list.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/cssize.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/functions.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/util.cpp
/wecarry-ui/node_modules/node-sass/src/custom_function_bridge.cpp
/wecarry-ui/node_modules/node-sass/src/custom_importer_bridge.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/bind.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/eval.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/backtrace.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/extend.cpp
/wecarry-ui/node_modules/node-sass/src/sass_context_wrapper.h
/wecarry-ui/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/error_handling.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/debugger.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/emitter.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/number.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/color.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_values.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/output.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/null.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/functions.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/cssize.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/prelexer.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_c.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_value.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/inspect.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/color.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/values.cpp
/wecarry-ui/node_modules/node-sass/src/sass_context_wrapper.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/list.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./es5.js
/wecarry-ui/node_modules/node-sass/src/sass_types/map.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_value.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/context.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/string.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_context.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/prelexer.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/context.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/boolean.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.

Publish Date: 2019-01-14

URL: CVE-2019-6286

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6286

Release Date: 2019-08-06

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7660 (High) detected in serialize-javascript-2.1.2.tgz

CVE-2020-7660 - High Severity Vulnerability

Vulnerable Library - serialize-javascript-2.1.2.tgz

Serialize JavaScript to a superset of JSON that includes regular expressions and functions.

Library home page: https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-2.1.2.tgz

Path to dependency file: wecarry-ui/package.json

Path to vulnerable library: wecarry-ui/node_modules/serialize-javascript/package.json

Dependency Hierarchy:

rollup-plugin-terser-5.3.0.tgz (Root Library)
- ❌ serialize-javascript-2.1.2.tgz (Vulnerable Library)

Found in HEAD commit: 96919076eeb1f56b450786b3b3585dfdde719381

Found in base branch: develop

Vulnerability Details

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".

Publish Date: 2020-06-01

URL: CVE-2020-7660

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7660

Release Date: 2020-06-01

Fix Resolution: serialize-javascript - 3.1.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11499 (High) detected in opennms-opennms-source-23.0.0-1, node-sass-v4.11.0

CVE-2018-11499 - High Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.

Publish Date: 2018-05-26

URL: CVE-2018-11499

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11499

Release Date: 2018-05-26

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2021-23343 (High) detected in path-parse-1.0.6.tgz

CVE-2021-23343 - High Severity Vulnerability

Vulnerable Library - path-parse-1.0.6.tgz

Node.js path.parse() ponyfill

Library home page: https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz

Path to dependency file: wecarry-ui/package.json

Path to vulnerable library: wecarry-ui/node_modules/path-parse/package.json

Dependency Hierarchy:

rollup-plugin-commonjs-10.1.0.tgz (Root Library)
- resolve-1.15.1.tgz
  - ❌ path-parse-1.0.6.tgz (Vulnerable Library)

Found in HEAD commit: 96919076eeb1f56b450786b3b3585dfdde719381

Found in base branch: develop

Vulnerability Details

All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.

Publish Date: 2021-05-04

URL: CVE-2021-23343

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2021-23382 (Medium) detected in postcss-7.0.29.tgz

CVE-2021-23382 - Medium Severity Vulnerability

Vulnerable Library - postcss-7.0.29.tgz

Tool for transforming styles with JS plugins

Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.29.tgz

Path to dependency file: wecarry-ui/package.json

Path to vulnerable library: wecarry-ui/node_modules/postcss/package.json

Dependency Hierarchy:

❌ postcss-7.0.29.tgz (Vulnerable Library)

Found in HEAD commit: 96919076eeb1f56b450786b3b3585dfdde719381

Found in base branch: develop

Vulnerability Details

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /*\s* sourceMappingURL=(.*).

Publish Date: 2021-04-26

URL: CVE-2021-23382

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23382

Release Date: 2021-04-26

Fix Resolution: postcss - 8.2.13

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20190 (Medium) detected in opennms-opennms-source-23.0.0-1, node-sass-v4.11.0

CVE-2018-20190 - Medium Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-17

URL: CVE-2018-20190

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20190

Release Date: 2018-12-17

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2019-18797 (Medium) detected in node-sass-v4.11.0

CVE-2019-18797 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: f86597c80fb98a419c755cef3dd79f4d396a180e

Library Source Files (66)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/wecarry-ui/node_modules/node-sass/src/libsass/src/expand.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/expand.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/factory.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/operators.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/boolean.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/util.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/value.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/emitter.hpp
/wecarry-ui/node_modules/node-sass/src/callback_bridge.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/file.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/operation.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/operators.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/constants.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/error_handling.hpp
/wecarry-ui/node_modules/node-sass/src/custom_importer_bridge.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/parser.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/constants.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/list.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/cssize.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/functions.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/util.cpp
/wecarry-ui/node_modules/node-sass/src/custom_function_bridge.cpp
/wecarry-ui/node_modules/node-sass/src/custom_importer_bridge.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/bind.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/eval.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/inspect.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/backtrace.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/extend.cpp
/wecarry-ui/node_modules/node-sass/src/sass_context_wrapper.h
/wecarry-ui/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/error_handling.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/parser.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/debugger.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/emitter.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/number.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/color.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_values.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/output.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/null.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/functions.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/cssize.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/prelexer.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_c.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_value.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/inspect.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/color.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/values.cpp
/wecarry-ui/node_modules/node-sass/src/sass_context_wrapper.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/list.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/map.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_value.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/context.cpp
/wecarry-ui/node_modules/node-sass/src/binding.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/string.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_context.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/prelexer.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/context.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/boolean.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.

Publish Date: 2019-11-06

URL: CVE-2019-18797

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18797

Release Date: 2019-11-06

Fix Resolution: 3.6.3

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19826 (Medium) detected in node-sass-v4.11.0

CVE-2018-19826 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 6d24c1b58a9533d2a48780e78bd3ceb7ce595d2b

Library Source Files (4)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/wecarry-ui/node_modules/node-sass/src/binding.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/inspect.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/operators.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/parser.cpp

Vulnerability Details

** DISPUTED ** In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. NOTE: Upstream comments indicate this issue is closed as "won't fix" and "works as intended" by design.

Publish Date: 2018-12-03

URL: CVE-2018-19826

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19826

Release Date: 2019-09-01

Fix Resolution: Replace or update the following file: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19797 (Medium) detected in opennms-opennms-source-23.0.0-1, CSS::Sass-v3.6.0

CVE-2018-19797 - Medium Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-03

URL: CVE-2018-19797

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19797

Release Date: 2019-09-01

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2019-16769 (Low) detected in serialize-javascript-1.9.1.tgz

CVE-2019-16769 - Low Severity Vulnerability

Vulnerable Library - serialize-javascript-1.9.1.tgz

Serialize JavaScript to a superset of JSON that includes regular expressions and functions.

Library home page: https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-1.9.1.tgz

Path to dependency file: /tmp/ws-scm/wecarry-ui/package.json

Path to vulnerable library: /tmp/ws-scm/wecarry-ui/node_modules/serialize-javascript/package.json

Dependency Hierarchy:

rollup-plugin-terser-5.1.2.tgz (Root Library)
- ❌ serialize-javascript-1.9.1.tgz (Vulnerable Library)

Found in HEAD commit: 6c726fdcf67fcaa0224536e32b34a3f003755197

Vulnerability Details

The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.

Publish Date: 2019-12-05

URL: CVE-2019-16769

CVSS 2 Score Details (3.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16769

Release Date: 2019-12-05

Fix Resolution: v2.1.1

Step up your Open Source Security Game with WhiteSource here

CVE-2021-23362 (Medium) detected in hosted-git-info-2.8.8.tgz

CVE-2021-23362 - Medium Severity Vulnerability

Vulnerable Library - hosted-git-info-2.8.8.tgz

Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab

Library home page: https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.8.tgz

Path to dependency file: wecarry-ui/package.json

Path to vulnerable library: wecarry-ui/node_modules/hosted-git-info/package.json

Dependency Hierarchy:

npm-run-all-4.1.5.tgz (Root Library)
- read-pkg-3.0.0.tgz
  - normalize-package-data-2.5.0.tgz
    - ❌ hosted-git-info-2.8.8.tgz (Vulnerable Library)

Found in HEAD commit: 96919076eeb1f56b450786b3b3585dfdde719381

Found in base branch: develop

Vulnerability Details

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.

Publish Date: 2021-03-23

URL: CVE-2021-23362

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-43f8-2h32-f4cj

Release Date: 2021-03-23

Fix Resolution: hosted-git-info - 2.8.9,3.0.8

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19838 (Medium) detected in opennms-opennms-source-23.0.0-1

CVE-2018-19838 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 6d24c1b58a9533d2a48780e78bd3ceb7ce595d2b

Library Source Files (65)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/wecarry-ui/node_modules/node-sass/src/libsass/src/expand.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/expand.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/factory.cpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./yoshinoya.js
/wecarry-ui/node_modules/node-sass/src/sass_types/boolean.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/util.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/value.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/emitter.hpp
/wecarry-ui/node_modules/node-sass/src/callback_bridge.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/file.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/operation.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/operators.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/constants.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/error_handling.hpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./dankogai.js
/wecarry-ui/node_modules/node-sass/src/custom_importer_bridge.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/parser.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/constants.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/list.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/cssize.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/functions.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/util.cpp
/wecarry-ui/node_modules/node-sass/src/custom_function_bridge.cpp
/wecarry-ui/node_modules/node-sass/src/custom_importer_bridge.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/bind.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/eval.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/backtrace.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/extend.cpp
/wecarry-ui/node_modules/node-sass/src/sass_context_wrapper.h
/wecarry-ui/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/error_handling.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/debugger.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/emitter.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/number.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/color.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_values.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/output.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/null.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/functions.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/cssize.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/prelexer.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_c.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_value.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/inspect.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/color.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/values.cpp
/wecarry-ui/node_modules/node-sass/src/sass_context_wrapper.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/list.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./es5.js
/wecarry-ui/node_modules/node-sass/src/sass_types/map.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_value.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/context.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/string.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_context.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/prelexer.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/context.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/boolean.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().

Publish Date: 2018-12-04

URL: CVE-2018-19838

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/sass/libsass/blob/3.6.0/src/ast.cpp

Release Date: 2019-07-01

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

WS-2016-0090 (Medium) detected in jquery-2.1.4.min.js

WS-2016-0090 - Medium Severity Vulnerability

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/wecarry-ui/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /wecarry-ui/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: 6d24c1b58a9533d2a48780e78bd3ceb7ce595d2b

Vulnerability Details

JQuery, before 2.2.0, is vulnerable to Cross-site Scripting (XSS) attacks via text/javascript response with arbitrary code execution.

Publish Date: 2016-11-27

URL: WS-2016-0090

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: jquery/jquery@b078a62

Release Date: 2019-04-08

Fix Resolution: 2.2.0

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7598 (High) detected in minimist-0.0.8.tgz, minimist-1.2.0.tgz

CVE-2020-7598 - High Severity Vulnerability

Vulnerable Libraries - minimist-0.0.8.tgz, minimist-1.2.0.tgz

minimist-0.0.8.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz

Dependency Hierarchy:

sass-1.26.3.tgz (Root Library)
- chokidar-2.1.8.tgz
  - fsevents-1.2.11.tgz
    - node-pre-gyp-0.14.0.tgz
      - mkdirp-0.5.1.tgz
        
        ❌ minimist-0.0.8.tgz (Vulnerable Library)

minimist-1.2.0.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz

Dependency Hierarchy:

sass-1.26.3.tgz (Root Library)
- chokidar-2.1.8.tgz
  - fsevents-1.2.11.tgz
    - node-pre-gyp-0.14.0.tgz
      - rc-1.2.8.tgz
        
        ❌ minimist-1.2.0.tgz (Vulnerable Library)

Found in HEAD commit: 747a8ce586de2e5a083f5ca706cbb7d7b133fb9b

Vulnerability Details

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.

Publish Date: 2020-03-11

URL: CVE-2020-7598

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94

Release Date: 2020-03-11

Fix Resolution: minimist - 0.2.1,1.2.2

Step up your Open Source Security Game with WhiteSource here

CVE-2020-11022 (Medium) detected in jquery-3.4.1.tgz

CVE-2020-11022 - Medium Severity Vulnerability

Vulnerable Library - jquery-3.4.1.tgz

JavaScript library for DOM operations

Library home page: https://registry.npmjs.org/jquery/-/jquery-3.4.1.tgz

Path to dependency file: /tmp/ws-scm/wecarry-ui/package.json

Path to vulnerable library: /wecarry-ui/node_modules/jquery/package.json

Dependency Hierarchy:

❌ jquery-3.4.1.tgz (Vulnerable Library)

Found in HEAD commit: 731bcbedd9be600bc466f01c7e4c10d9d482de02

Vulnerability Details

In jQuery before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

CVSS 3 Score Details (5.0)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

Step up your Open Source Security Game with WhiteSource here

CVE-2019-20149 (Medium) detected in multiple libraries

CVE-2019-20149 - Medium Severity Vulnerability

Vulnerable Libraries - kind-of-3.2.2.tgz, kind-of-4.0.0.tgz, kind-of-6.0.2.tgz, kind-of-5.1.0.tgz

kind-of-3.2.2.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz

Path to dependency file: /tmp/ws-scm/wecarry-ui/package.json

Path to vulnerable library: /tmp/ws-scm/wecarry-ui/node_modules/is-accessor-descriptor/node_modules/kind-of/package.json

Dependency Hierarchy:

sass-1.24.0.tgz (Root Library)
- chokidar-2.1.8.tgz
  - braces-2.3.2.tgz
    - fill-range-4.0.0.tgz
      - is-number-3.0.0.tgz
        
        ❌ kind-of-3.2.2.tgz (Vulnerable Library)

kind-of-4.0.0.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-4.0.0.tgz

Path to dependency file: /tmp/ws-scm/wecarry-ui/package.json

Path to vulnerable library: /tmp/ws-scm/wecarry-ui/node_modules/has-values/node_modules/kind-of/package.json

Dependency Hierarchy:

sass-1.24.0.tgz (Root Library)
- chokidar-2.1.8.tgz
  - braces-2.3.2.tgz
    - snapdragon-0.8.2.tgz
      - base-0.11.2.tgz
        
        cache-base-1.0.1.tgz
        
        has-value-1.0.0.tgz
        
        has-values-1.0.0.tgz
        
        ❌ kind-of-4.0.0.tgz (Vulnerable Library)

kind-of-6.0.2.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz

Path to dependency file: /tmp/ws-scm/wecarry-ui/package.json

Path to vulnerable library: /tmp/ws-scm/wecarry-ui/node_modules/kind-of/package.json

Dependency Hierarchy:

sass-1.24.0.tgz (Root Library)
- chokidar-2.1.8.tgz
  - anymatch-2.0.0.tgz
    - micromatch-3.1.10.tgz
      - ❌ kind-of-6.0.2.tgz (Vulnerable Library)

kind-of-5.1.0.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz

Path to dependency file: /tmp/ws-scm/wecarry-ui/package.json

Path to vulnerable library: /tmp/ws-scm/wecarry-ui/node_modules/is-descriptor/node_modules/kind-of/package.json

Dependency Hierarchy:

sass-1.24.0.tgz (Root Library)
- chokidar-2.1.8.tgz
  - braces-2.3.2.tgz
    - snapdragon-0.8.2.tgz
      - define-property-0.2.5.tgz
        
        is-descriptor-0.1.6.tgz
        
        ❌ kind-of-5.1.0.tgz (Vulnerable Library)

Found in HEAD commit: f5f37fa907868779d475a8c9297e47a35bc9b06d

Vulnerability Details

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.

Publish Date: 2019-12-30

URL: CVE-2019-20149

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

CVE-2021-23368 (Medium) detected in postcss-7.0.29.tgz

CVE-2021-23368 - Medium Severity Vulnerability

Vulnerable Library - postcss-7.0.29.tgz

Tool for transforming styles with JS plugins

Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.29.tgz

Path to dependency file: wecarry-ui/package.json

Path to vulnerable library: wecarry-ui/node_modules/postcss/package.json

Dependency Hierarchy:

❌ postcss-7.0.29.tgz (Vulnerable Library)

Found in HEAD commit: 96919076eeb1f56b450786b3b3585dfdde719381

Found in base branch: develop

Vulnerability Details

The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.

Publish Date: 2021-04-12

URL: CVE-2021-23368

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23368

Release Date: 2021-04-12

Fix Resolution: postcss -8.2.10

Step up your Open Source Security Game with WhiteSource here

GA may not implemented properly for SPA

https://github.com/silinternational/wecarry-ui/blob/develop/src/data/analytics.js#L28 does not follow the guideline to ga('set', 'page', <pagename>) as outlined in https://developers.google.com/analytics/devguides/collection/analyticsjs/single-page-applications#tracking_virtual_pageviews.

GA should be checked to see if the reports are wrong.

CVE-2018-11695 (High) detected in opennms-opennms-source-23.0.0-1

CVE-2018-11695 - High Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 6d24c1b58a9533d2a48780e78bd3ceb7ce595d2b

Library Source Files (65)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/wecarry-ui/node_modules/node-sass/src/libsass/src/expand.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/expand.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/factory.cpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./yoshinoya.js
/wecarry-ui/node_modules/node-sass/src/sass_types/boolean.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/util.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/value.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/emitter.hpp
/wecarry-ui/node_modules/node-sass/src/callback_bridge.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/file.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/operation.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/operators.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/constants.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/error_handling.hpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./dankogai.js
/wecarry-ui/node_modules/node-sass/src/custom_importer_bridge.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/parser.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/constants.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/list.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/cssize.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/functions.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/util.cpp
/wecarry-ui/node_modules/node-sass/src/custom_function_bridge.cpp
/wecarry-ui/node_modules/node-sass/src/custom_importer_bridge.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/bind.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/eval.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/backtrace.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/extend.cpp
/wecarry-ui/node_modules/node-sass/src/sass_context_wrapper.h
/wecarry-ui/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/error_handling.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/debugger.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/emitter.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/number.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/color.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_values.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/output.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/null.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/functions.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/cssize.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/prelexer.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_c.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_value.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/inspect.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/color.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/values.cpp
/wecarry-ui/node_modules/node-sass/src/sass_context_wrapper.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/list.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./es5.js
/wecarry-ui/node_modules/node-sass/src/sass_types/map.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_value.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/context.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/string.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_context.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/prelexer.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/context.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/boolean.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11695

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11695

Release Date: 2018-06-04

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20822 (Medium) detected in opennms-opennms-source-23.0.0-1

CVE-2018-20822 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 6d24c1b58a9533d2a48780e78bd3ceb7ce595d2b

Library Source Files (65)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/wecarry-ui/node_modules/node-sass/src/libsass/src/expand.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/expand.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/factory.cpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./yoshinoya.js
/wecarry-ui/node_modules/node-sass/src/sass_types/boolean.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/util.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/value.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/emitter.hpp
/wecarry-ui/node_modules/node-sass/src/callback_bridge.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/file.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/operation.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/operators.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/constants.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/error_handling.hpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./dankogai.js
/wecarry-ui/node_modules/node-sass/src/custom_importer_bridge.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/parser.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/constants.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/list.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/cssize.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/functions.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/util.cpp
/wecarry-ui/node_modules/node-sass/src/custom_function_bridge.cpp
/wecarry-ui/node_modules/node-sass/src/custom_importer_bridge.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/bind.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/eval.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/backtrace.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/extend.cpp
/wecarry-ui/node_modules/node-sass/src/sass_context_wrapper.h
/wecarry-ui/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/error_handling.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/debugger.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/emitter.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/number.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/color.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_values.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/output.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/null.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/functions.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/cssize.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/prelexer.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_c.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_value.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/inspect.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/color.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/values.cpp
/wecarry-ui/node_modules/node-sass/src/sass_context_wrapper.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/list.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./es5.js
/wecarry-ui/node_modules/node-sass/src/sass_types/map.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_value.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/context.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/string.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_context.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/prelexer.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/context.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/boolean.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20822

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20822

Release Date: 2019-08-06

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6283 (Medium) detected in opennms-opennms-source-23.0.0-1

CVE-2019-6283 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 6d24c1b58a9533d2a48780e78bd3ceb7ce595d2b

Library Source Files (65)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/wecarry-ui/node_modules/node-sass/src/libsass/src/expand.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/expand.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/factory.cpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./yoshinoya.js
/wecarry-ui/node_modules/node-sass/src/sass_types/boolean.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/util.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/value.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/emitter.hpp
/wecarry-ui/node_modules/node-sass/src/callback_bridge.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/file.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/operation.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/operators.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/constants.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/error_handling.hpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./dankogai.js
/wecarry-ui/node_modules/node-sass/src/custom_importer_bridge.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/parser.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/constants.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/list.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/cssize.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/functions.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/util.cpp
/wecarry-ui/node_modules/node-sass/src/custom_function_bridge.cpp
/wecarry-ui/node_modules/node-sass/src/custom_importer_bridge.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/bind.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/eval.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/backtrace.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/extend.cpp
/wecarry-ui/node_modules/node-sass/src/sass_context_wrapper.h
/wecarry-ui/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/error_handling.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/debugger.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/emitter.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/number.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/color.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_values.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/output.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/null.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/functions.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/cssize.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/prelexer.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_c.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_value.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/inspect.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/color.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/values.cpp
/wecarry-ui/node_modules/node-sass/src/sass_context_wrapper.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/list.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./es5.js
/wecarry-ui/node_modules/node-sass/src/sass_types/map.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_value.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/context.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/string.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_context.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/prelexer.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/context.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/boolean.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6283

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6284

Release Date: 2019-08-06

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2020-11023 (Medium) detected in jquery-3.4.1.tgz

CVE-2020-11023 - Medium Severity Vulnerability

Vulnerable Library - jquery-3.4.1.tgz

JavaScript library for DOM operations

Library home page: https://registry.npmjs.org/jquery/-/jquery-3.4.1.tgz

Path to dependency file: /tmp/ws-scm/wecarry-ui/package.json

Path to vulnerable library: /wecarry-ui/node_modules/jquery/package.json

Dependency Hierarchy:

❌ jquery-3.4.1.tgz (Vulnerable Library)

Found in HEAD commit: 731bcbedd9be600bc466f01c7e4c10d9d482de02

Vulnerability Details

In jQuery before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11023

CVSS 3 Score Details (6.9)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-jpcq-cgw6-v4j6

Release Date: 2020-04-29

Fix Resolution: 3.5.0

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6284 (Medium) detected in opennms-opennms-source-23.0.0-1

CVE-2019-6284 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 6d24c1b58a9533d2a48780e78bd3ceb7ce595d2b

Library Source Files (65)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/wecarry-ui/node_modules/node-sass/src/libsass/src/expand.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/expand.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/factory.cpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./yoshinoya.js
/wecarry-ui/node_modules/node-sass/src/sass_types/boolean.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/util.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/value.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/emitter.hpp
/wecarry-ui/node_modules/node-sass/src/callback_bridge.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/file.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/operation.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/operators.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/constants.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/error_handling.hpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./dankogai.js
/wecarry-ui/node_modules/node-sass/src/custom_importer_bridge.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/parser.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/constants.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/list.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/cssize.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/functions.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/util.cpp
/wecarry-ui/node_modules/node-sass/src/custom_function_bridge.cpp
/wecarry-ui/node_modules/node-sass/src/custom_importer_bridge.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/bind.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/eval.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/backtrace.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/extend.cpp
/wecarry-ui/node_modules/node-sass/src/sass_context_wrapper.h
/wecarry-ui/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/error_handling.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/debugger.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/emitter.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/number.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/color.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_values.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/output.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/null.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/functions.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/cssize.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/prelexer.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_c.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_value.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/inspect.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/color.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/values.cpp
/wecarry-ui/node_modules/node-sass/src/sass_context_wrapper.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/list.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./es5.js
/wecarry-ui/node_modules/node-sass/src/sass_types/map.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_value.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/context.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/string.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_context.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/prelexer.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/context.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/boolean.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6284

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6284

Release Date: 2019-08-06

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11693 (High) detected in opennms-opennms-source-23.0.0-1

CVE-2018-11693 - High Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 6d24c1b58a9533d2a48780e78bd3ceb7ce595d2b

Library Source Files (65)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/wecarry-ui/node_modules/node-sass/src/libsass/src/expand.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/expand.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/factory.cpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./yoshinoya.js
/wecarry-ui/node_modules/node-sass/src/sass_types/boolean.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/util.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/value.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/emitter.hpp
/wecarry-ui/node_modules/node-sass/src/callback_bridge.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/file.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/operation.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/operators.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/constants.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/error_handling.hpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./dankogai.js
/wecarry-ui/node_modules/node-sass/src/custom_importer_bridge.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/parser.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/constants.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/list.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/cssize.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/functions.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/util.cpp
/wecarry-ui/node_modules/node-sass/src/custom_function_bridge.cpp
/wecarry-ui/node_modules/node-sass/src/custom_importer_bridge.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/bind.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/eval.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/backtrace.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/extend.cpp
/wecarry-ui/node_modules/node-sass/src/sass_context_wrapper.h
/wecarry-ui/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/error_handling.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/debugger.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/emitter.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/number.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/color.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_values.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/output.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/null.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/functions.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/cssize.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/prelexer.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_c.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_value.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/inspect.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/color.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/values.cpp
/wecarry-ui/node_modules/node-sass/src/sass_context_wrapper.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/list.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/wecarry-ui/node_modules/js-base64/.attic/test-moment/./es5.js
/wecarry-ui/node_modules/node-sass/src/sass_types/map.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_value.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/context.cpp
/wecarry-ui/node_modules/node-sass/src/sass_types/string.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_context.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/prelexer.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/context.hpp
/wecarry-ui/node_modules/node-sass/src/sass_types/boolean.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11693

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11693

Release Date: 2018-06-04

Fix Resolution: LibSass - 3.5.5

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19839 (Medium) detected in CSS::Sass-v3.6.0

CVE-2018-19839 - Medium Severity Vulnerability

Vulnerable Library - CSS::Sassv3.6.0

Library home page: https://metacpan.org/pod/CSS::Sass

Found in HEAD commit: 6d24c1b58a9533d2a48780e78bd3ceb7ce595d2b

Library Source Files (63)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/wecarry-ui/node_modules/node-sass/src/libsass/src/color_maps.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_util.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/output.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/b64/cencode.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/source_map.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_values.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/lexer.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/utf8.h
/wecarry-ui/node_modules/node-sass/src/libsass/test/test_node.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/plugins.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/node.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/include/sass/base.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/json.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/environment.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/position.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/extend.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/subset_map.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_context.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/utf8/core.h
/wecarry-ui/node_modules/node-sass/src/libsass/include/sass/functions.h
/wecarry-ui/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/node.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/cencode.c
/wecarry-ui/node_modules/node-sass/src/libsass/src/subset_map.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/listize.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/c99func.c
/wecarry-ui/node_modules/node-sass/src/libsass/src/position.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/include/sass/values.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/paths.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/include/sass/context.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/color_maps.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/test/test_unification.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/sass_util.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/script/test-leaks.pl
/wecarry-ui/node_modules/node-sass/src/libsass/src/source_map.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/lexer.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/json.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/units.cpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/to_c.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/units.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/b64/encode.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/file.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/environment.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/utf8/checked.h
/wecarry-ui/node_modules/node-sass/src/libsass/src/plugins.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/listize.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/src/debug.hpp
/wecarry-ui/node_modules/node-sass/src/libsass/include/sass2scss.h

Vulnerability Details

In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.

Publish Date: 2018-12-04

URL: CVE-2018-19839

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19839

Fix Resolution: 3.5.5

Step up your Open Source Security Game with WhiteSource here

CVE-2019-11358 (Medium) detected in jquery-2.1.4.min.js

CVE-2019-11358 - Medium Severity Vulnerability

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/wecarry-ui/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /wecarry-ui/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: 6d24c1b58a9533d2a48780e78bd3ceb7ce595d2b

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-20

URL: CVE-2019-11358

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: jquery/jquery@753d591

Release Date: 2019-03-25

Fix Resolution: Replace or update the following files: core.js, core.js

Step up your Open Source Security Game with WhiteSource here

WS-2017-0421 (High) detected in ws-1.1.5.tgz

WS-2017-0421 - High Severity Vulnerability

Vulnerable Library - ws-1.1.5.tgz

Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js

Library home page: https://registry.npmjs.org/ws/-/ws-1.1.5.tgz

Path to dependency file: /handcarry-ui/package.json

Path to vulnerable library: /tmp/git/handcarry-ui/node_modules/ws/package.json

Dependency Hierarchy:

rollup-plugin-livereload-1.0.1.tgz (Root Library)
- livereload-0.8.0.tgz
  - ❌ ws-1.1.5.tgz (Vulnerable Library)

Found in HEAD commit: 87681cf3c99a0c9f847b5eee447c7fd1eacfbc48

Vulnerability Details

Affected version of ws (0.2.6--3.3.0) are vulnerable to A specially crafted value of the Sec-WebSocket-Extensions header that used Object.prototype property names as extension or parameter names could be used to make a ws server crash.

Publish Date: 2017-11-08

URL: WS-2017-0421

CVSS 2 Score Details (7.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/550/versions

Release Date: 2019-01-24

Fix Resolution: 3.3.1

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20821 (Medium) detected in opennms-opennms-source-23.0.0-1, node-sass-v4.11.0

CVE-2018-20821 - Medium Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20821

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20821

Release Date: 2019-04-23

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19827 (High) detected in opennms-opennms-source-23.0.0-1, CSS::Sass-v3.6.0

CVE-2018-19827 - High Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-12-03

URL: CVE-2018-19827

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: sass/libsass#2784

Release Date: 2019-08-29

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2015-9251 (Medium) detected in jquery-2.1.4.min.js

CVE-2015-9251 - Medium Severity Vulnerability

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/wecarry-ui/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /wecarry-ui/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: 6d24c1b58a9533d2a48780e78bd3ceb7ce595d2b

Vulnerability Details

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Publish Date: 2018-01-18

URL: CVE-2015-9251

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251

Release Date: 2018-01-18

Fix Resolution: jQuery - v3.0.0

Step up your Open Source Security Game with WhiteSource here

silinternational / wecarry-ui Goto Github PK

wecarry-ui's Introduction

Archived

WeCarry app

Dependencies

Local development

Testing social providers (oauth)

Breakpoint testing

Deployment

wecarry-ui's People

Contributors

Watchers

Forkers

wecarry-ui's Issues

CVE-2018-11697 - High Severity Vulnerability

CVE-2018-11698 - High Severity Vulnerability

CVE-2018-11694 - High Severity Vulnerability

CVE-2019-6286 - Medium Severity Vulnerability

CVE-2020-7660 - High Severity Vulnerability

CVE-2018-11499 - High Severity Vulnerability

CVE-2021-23343 - High Severity Vulnerability

CVE-2021-23382 - Medium Severity Vulnerability

CVE-2018-20190 - Medium Severity Vulnerability

CVE-2019-18797 - Medium Severity Vulnerability

CVE-2018-19826 - Medium Severity Vulnerability

CVE-2018-19797 - Medium Severity Vulnerability

CVE-2019-16769 - Low Severity Vulnerability

CVE-2021-23362 - Medium Severity Vulnerability

CVE-2018-19838 - Medium Severity Vulnerability

WS-2016-0090 - Medium Severity Vulnerability

CVE-2020-7598 - High Severity Vulnerability

CVE-2020-11022 - Medium Severity Vulnerability

CVE-2019-20149 - Medium Severity Vulnerability

CVE-2021-23368 - Medium Severity Vulnerability

CVE-2018-11695 - High Severity Vulnerability

CVE-2018-20822 - Medium Severity Vulnerability

CVE-2019-6283 - Medium Severity Vulnerability

CVE-2020-11023 - Medium Severity Vulnerability

CVE-2019-6284 - Medium Severity Vulnerability

CVE-2018-11693 - High Severity Vulnerability

CVE-2018-19839 - Medium Severity Vulnerability

CVE-2019-11358 - Medium Severity Vulnerability

WS-2017-0421 - High Severity Vulnerability

CVE-2018-20821 - Medium Severity Vulnerability

CVE-2018-19827 - High Severity Vulnerability

CVE-2015-9251 - Medium Severity Vulnerability

Recommend Projects

Recommend Topics

Recommend Org

Jobs