GithubHelp home page GithubHelp logo

website's Introduction

Skungee

Discord License Commit

Spigot Socket API and Bungeecord Skript Addon.

Building

Open a command prompt

The following will clone Skungee to your current directory location. To change the current directory as to where you want it cloned, type cd PATH replace PATH with the directory path location.

Then type the clone command git clone https://github.com/TheLimeGlass/Skungee.git

Now to build Skungee you simply need to run the gradle build command. You can find the compiled JAR file in ./build/libs of the gradle folder when complete.

Note: If you do not have [Gradle] installed then use ./gradlew for Unix systems or Git Bash and windows systems have executable gradlew.bat.

API

You can use Skungee without Skript being required. You can use Skungee as an advanced socket protocol between Bungeecord and Spigot. Check out the tutorial here https://github.com/Skungee/Skungee/wiki/Using-the-Skungee-API

Contributing

The only guideline we have is to follow Google's Java coding style https://google.github.io/styleguide/javaguide.html Pull requests and contributions are welcome.

website's People

Contributors

mend-bolt-for-github[bot] avatar thelimeglass avatar

Watchers

avatar avatar

website's Issues

CVE-2017-16137 (Medium) detected in debug-2.2.0.tgz

CVE-2017-16137 - Medium Severity Vulnerability

Vulnerable Library - debug-2.2.0.tgz

small debugging utility

Library home page: https://registry.npmjs.org/debug/-/debug-2.2.0.tgz

Path to dependency file: /tmp/ws-scm/Website/package.json

Path to vulnerable library: /tmp/ws-scm/Website/node_modules/debug/package.json

Dependency Hierarchy:

  • connect-3.4.1.tgz (Root Library)
    • debug-2.2.0.tgz (Vulnerable Library)

Found in HEAD commit: 192315db4ed122ba7d7919df34e543ab6e35646b

Vulnerability Details

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.

Publish Date: 2018-06-07

URL: CVE-2017-16137

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: debug-js/debug@42a6ae0

Release Date: 2017-09-21

Fix Resolution: Replace or update the following file: node.js

Step up your Open Source Security Game with WhiteSource here

CVE-2017-16026 (Medium) detected in request-2.9.203.tgz

CVE-2017-16026 - Medium Severity Vulnerability

Vulnerable Library - request-2.9.203.tgz

Simplified HTTP request client.

Library home page: https://registry.npmjs.org/request/-/request-2.9.203.tgz

Path to dependency file: /tmp/ws-scm/Website/package.json

Path to vulnerable library: /tmp/ws-scm/Website/node_modules/request/package.json

Dependency Hierarchy:

  • winston-0.6.2.tgz (Root Library)
    • request-2.9.203.tgz (Vulnerable Library)

Found in HEAD commit: 192315db4ed122ba7d7919df34e543ab6e35646b

Vulnerability Details

Request is an http client. If a request is made using multipart, and the body type is a number, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0.

Publish Date: 2018-06-04

URL: CVE-2017-16026

CVSS 3 Score Details (5.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-16026

Release Date: 2018-06-04

Fix Resolution: 2.47.1,2.67.1

Step up your Open Source Security Game with WhiteSource here

CVE-2017-16082 (High) detected in pg-4.1.1.tgz

CVE-2017-16082 - High Severity Vulnerability

Vulnerable Library - pg-4.1.1.tgz

PostgreSQL client - pure javascript & libpq with the same API

Library home page: https://registry.npmjs.org/pg/-/pg-4.1.1.tgz

Path to dependency file: /tmp/ws-scm/Website/package.json

Path to vulnerable library: /Website/node_modules/pg/package.json

Dependency Hierarchy:

  • pg-4.1.1.tgz (Vulnerable Library)

Found in HEAD commit: 192315db4ed122ba7d7919df34e543ab6e35646b

Vulnerability Details

A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious.

Publish Date: 2018-06-07

URL: CVE-2017-16082

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/521

Release Date: 2017-08-13

Fix Resolution: Version 2.x.x: Update to version 2.11.2 or later. * Version 3.x.x: Update to version 3.6.4 or later. * Version 4.x.x: Update to version 4.5.7 or later. * Version 5.x.x: Update to version 5.2.1 or later. * Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. ) * Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )

Step up your Open Source Security Game with WhiteSource here

CVE-2012-6708 (Medium) detected in jquery-1.7.1.min.js

CVE-2012-6708 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.7.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/Website/static/index.html

Path to vulnerable library: /Website/static/index.html

Dependency Hierarchy:

  • jquery-1.7.1.min.js (Vulnerable Library)

Found in HEAD commit: 192315db4ed122ba7d7919df34e543ab6e35646b

Vulnerability Details

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

Publish Date: 2018-01-18

URL: CVE-2012-6708

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6708

Release Date: 2018-01-18

Fix Resolution: jQuery - v1.9.0

Step up your Open Source Security Game with WhiteSource here

WS-2017-0247 (Low) detected in ms-0.7.1.tgz

WS-2017-0247 - Low Severity Vulnerability

Vulnerable Library - ms-0.7.1.tgz

Tiny ms conversion utility

Library home page: https://registry.npmjs.org/ms/-/ms-0.7.1.tgz

Path to dependency file: /tmp/ws-scm/Website/package.json

Path to vulnerable library: /tmp/ws-scm/Website/node_modules/ms/package.json

Dependency Hierarchy:

  • connect-3.4.1.tgz (Root Library)
    • debug-2.2.0.tgz
      • ms-0.7.1.tgz (Vulnerable Library)

Found in HEAD commit: 192315db4ed122ba7d7919df34e543ab6e35646b

Vulnerability Details

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS).

Publish Date: 2017-05-15

URL: WS-2017-0247

CVSS 2 Score Details (3.4)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: vercel/ms@305f2dd

Release Date: 2017-04-12

Fix Resolution: Replace or update the following file: index.js

Step up your Open Source Security Game with WhiteSource here

WS-2016-0090 (Medium) detected in jquery-1.7.1.min.js

WS-2016-0090 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.7.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/Website/static/index.html

Path to vulnerable library: /Website/static/index.html

Dependency Hierarchy:

  • jquery-1.7.1.min.js (Vulnerable Library)

Found in HEAD commit: 192315db4ed122ba7d7919df34e543ab6e35646b

Vulnerability Details

JQuery, before 2.2.0, is vulnerable to Cross-site Scripting (XSS) attacks via text/javascript response with arbitrary code execution.

Publish Date: 2016-11-27

URL: WS-2016-0090

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: jquery/jquery@b078a62

Release Date: 2019-04-08

Fix Resolution: 2.2.0

Step up your Open Source Security Game with WhiteSource here

WS-2018-0590 (High) detected in diff-3.2.0.tgz

WS-2018-0590 - High Severity Vulnerability

Vulnerable Library - diff-3.2.0.tgz

A javascript text diff implementation.

Library home page: https://registry.npmjs.org/diff/-/diff-3.2.0.tgz

Path to dependency file: /tmp/ws-scm/Website/package.json

Path to vulnerable library: /Website/node_modules/diff/package.json

Dependency Hierarchy:

  • diff-3.2.0.tgz (Vulnerable Library)

Found in HEAD commit: 192315db4ed122ba7d7919df34e543ab6e35646b

Vulnerability Details

A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

Publish Date: 2019-06-11

URL: WS-2018-0590

CVSS 2 Score Details (7.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: kpdecker/jsdiff@2aec429

Release Date: 2019-06-11

Fix Resolution: 3.5.0

Step up your Open Source Security Game with WhiteSource here

WS-2017-0236 (Medium) detected in growl-1.9.2.tgz

WS-2017-0236 - Medium Severity Vulnerability

Vulnerable Library - growl-1.9.2.tgz

Growl unobtrusive notifications

Library home page: https://registry.npmjs.org/growl/-/growl-1.9.2.tgz

Path to dependency file: /tmp/ws-scm/Website/package.json

Path to vulnerable library: /Website/node_modules/growl/package.json

Dependency Hierarchy:

  • growl-1.9.2.tgz (Vulnerable Library)

Found in HEAD commit: 192315db4ed122ba7d7919df34e543ab6e35646b

Vulnerability Details

Affected versions of the package are vulnerable to Arbitrary Code Injection.

Publish Date: 2017-05-01

URL: WS-2017-0236

CVSS 2 Score Details (5.6)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: tj/node-growl@d9f6ea2

Release Date: 2016-09-05

Fix Resolution: Replace or update the following files: package.json, growl.js

Step up your Open Source Security Game with WhiteSource here

CVE-2015-9251 (Medium) detected in jquery-1.7.1.min.js

CVE-2015-9251 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.7.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/Website/static/index.html

Path to vulnerable library: /Website/static/index.html

Dependency Hierarchy:

  • jquery-1.7.1.min.js (Vulnerable Library)

Found in HEAD commit: 192315db4ed122ba7d7919df34e543ab6e35646b

Vulnerability Details

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Publish Date: 2018-01-18

URL: CVE-2015-9251

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251

Release Date: 2018-01-18

Fix Resolution: jQuery - v3.0.0

Step up your Open Source Security Game with WhiteSource here

WS-2017-0330 (Medium) detected in mime-1.3.6.tgz

WS-2017-0330 - Medium Severity Vulnerability

Vulnerable Library - mime-1.3.6.tgz

A comprehensive library for mime-type mapping

Library home page: https://registry.npmjs.org/mime/-/mime-1.3.6.tgz

Path to dependency file: /tmp/ws-scm/Website/package.json

Path to vulnerable library: /tmp/ws-scm/Website/node_modules/mime/package.json

Dependency Hierarchy:

  • st-1.1.0.tgz (Root Library)
    • mime-1.3.6.tgz (Vulnerable Library)

Found in HEAD commit: 192315db4ed122ba7d7919df34e543ab6e35646b

Vulnerability Details

Affected version of mime (1.0.0 throw 1.4.0 and 2.0.0 throw 2.0.2), are vulnerable to regular expression denial of service.

Publish Date: 2017-09-27

URL: WS-2017-0330

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: broofa/mime@1df903f

Release Date: 2019-04-03

Fix Resolution: 1.4.1,2.0.3

Step up your Open Source Security Game with WhiteSource here

CVE-2017-16224 (Medium) detected in st-1.1.0.tgz

CVE-2017-16224 - Medium Severity Vulnerability

Vulnerable Library - st-1.1.0.tgz

A module for serving static files. Does etags, caching, etc.

Library home page: https://registry.npmjs.org/st/-/st-1.1.0.tgz

Path to dependency file: /tmp/ws-scm/Website/package.json

Path to vulnerable library: /Website/node_modules/st/package.json

Dependency Hierarchy:

  • st-1.1.0.tgz (Vulnerable Library)

Found in HEAD commit: 192315db4ed122ba7d7919df34e543ab6e35646b

Vulnerability Details

st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 (redirect) to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers treat as a proper redirect as // is translated into the current schema being used. Mitigating factor: In order for this to work, st must be serving from the root of a server (/) rather than the typical sub directory (/static/) and the redirect URL will end with some form of URL encoded .. ("%2e%2e", "%2e.", ".%2e").

Publish Date: 2018-06-07

URL: CVE-2017-16224

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: isaacs/st@579960c

Release Date: 2017-10-13

Fix Resolution: Replace or update the following files: common.js, st.js, basic.js

Step up your Open Source Security Game with WhiteSource here

CVE-2017-16138 (High) detected in mime-1.3.6.tgz

CVE-2017-16138 - High Severity Vulnerability

Vulnerable Library - mime-1.3.6.tgz

A comprehensive library for mime-type mapping

Library home page: https://registry.npmjs.org/mime/-/mime-1.3.6.tgz

Path to dependency file: /tmp/ws-scm/Website/package.json

Path to vulnerable library: /tmp/ws-scm/Website/node_modules/mime/package.json

Dependency Hierarchy:

  • st-1.1.0.tgz (Root Library)
    • mime-1.3.6.tgz (Vulnerable Library)

Found in HEAD commit: 192315db4ed122ba7d7919df34e543ab6e35646b

Vulnerability Details

The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.

Publish Date: 2018-06-07

URL: CVE-2017-16138

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2017-16042 (High) detected in growl-1.9.2.tgz

CVE-2017-16042 - High Severity Vulnerability

Vulnerable Library - growl-1.9.2.tgz

Growl unobtrusive notifications

Library home page: https://registry.npmjs.org/growl/-/growl-1.9.2.tgz

Path to dependency file: /tmp/ws-scm/Website/package.json

Path to vulnerable library: /Website/node_modules/growl/package.json

Dependency Hierarchy:

  • growl-1.9.2.tgz (Vulnerable Library)

Found in HEAD commit: 192315db4ed122ba7d7919df34e543ab6e35646b

Vulnerability Details

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.

Publish Date: 2018-06-04

URL: CVE-2017-16042

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-16042

Release Date: 2018-06-04

Fix Resolution: 1.10.2

Step up your Open Source Security Game with WhiteSource here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.