tyhal / tyhal.com Goto Github PK

View Code? Open in Web Editor NEW

3.0 3.0 2.0 988 KB

personal website sandbox, I use this to try new tech stacks, not to have a 'finished' website

Home Page: http://tyhal.com

License: MIT License

HTML 2.00% Kotlin 98.00%

website

tyhal.com's People

Contributors

Stargazers

Watchers

Forkers

fossabot lgtm-migrator

tyhal.com's Issues

CVE-2019-6283 (Medium) detected in node-sass-v4.12.0

CVE-2019-6283 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 23bce4da7dd489875a9f77f29a81dae4f845a4ef

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/tyhal.com/node_modules/node-sass/src/libsass/src/expand.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/color_maps.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_util.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/tyhal.com/node_modules/node-sass/src/libsass/src/output.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_values.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/util.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/emitter.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/lexer.cpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_node.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/plugins.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/base.h
/tyhal.com/node_modules/node-sass/src/libsass/src/position.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/subset_map.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operation.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/error_handling.hpp
/tyhal.com/node_modules/node-sass/src/custom_importer_bridge.cpp
/tyhal.com/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/functions.hpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/eval.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/tyhal.com/node_modules/node-sass/src/sass_context_wrapper.h
/tyhal.com/node_modules/node-sass/src/libsass/src/error_handling.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/node.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/parser.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/subset_map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/emitter.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/listize.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/output.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/functions.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cssize.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/prelexer.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/paths.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/inspect.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/color.cpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_unification.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/values.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_util.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/source_map.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/list.h
/tyhal.com/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/json.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/units.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/units.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/context.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8/checked.h
/tyhal.com/node_modules/node-sass/src/libsass/src/listize.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/string.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/prelexer.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/context.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/boolean.h
/tyhal.com/node_modules/node-sass/src/libsass/include/sass2scss.h
/tyhal.com/node_modules/node-sass/src/libsass/src/eval.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/expand.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/factory.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operators.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/boolean.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/source_map.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/value.h
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/tyhal.com/node_modules/node-sass/src/callback_bridge.h
/tyhal.com/node_modules/node-sass/src/libsass/src/file.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/node.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/environment.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/extend.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_context.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operators.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/constants.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/parser.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/constants.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/list.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cssize.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/functions.h
/tyhal.com/node_modules/node-sass/src/libsass/src/util.cpp
/tyhal.com/node_modules/node-sass/src/custom_function_bridge.cpp
/tyhal.com/node_modules/node-sass/src/custom_importer_bridge.h
/tyhal.com/node_modules/node-sass/src/libsass/src/bind.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/inspect.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/backtrace.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/extend.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/tyhal.com/node_modules/node-sass/src/libsass/src/debugger.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cencode.c
/tyhal.com/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/number.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/color.h
/tyhal.com/node_modules/node-sass/src/libsass/src/c99func.c
/tyhal.com/node_modules/node-sass/src/libsass/src/position.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_values.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/values.h
/tyhal.com/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/null.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/context.h
/tyhal.com/node_modules/node-sass/src/libsass/src/to_c.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_value.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/color_maps.hpp
/tyhal.com/node_modules/node-sass/src/sass_context_wrapper.cpp
/tyhal.com/node_modules/node-sass/src/libsass/script/test-leaks.pl
/tyhal.com/node_modules/node-sass/src/libsass/src/lexer.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_c.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_value.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/b64/encode.h
/tyhal.com/node_modules/node-sass/src/libsass/src/file.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/environment.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/plugins.hpp
/tyhal.com/node_modules/node-sass/src/binding.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_context.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6283

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Whats Best: Renovate, Whitesource, Synk, Dependabot, Fossa

Dependency

Fastest Response (Renovate vs Dependabot)

Renovate, < 5 Minutes

Reporting (Renovate vs Dependabot)

Dependabot, has the changelog and the % of failures when updating from version X to version Y

Security

Merge Request Scanning (Synk vs Whitesource)

Synk - WhiteSource has however been giving the most CVEs but doesn't autoresolve them

Synk keeps CVE secret and gives you a better run down with Docker image scanning

Whats missing?

Upgrading inside Dockerfiles:

RUN pip install something==1.0.0

RUN apt-get install curl=7.*

Other notes

Renovate and Whitesource both dump additional files at the root of the project :(

Synk Dependency Update Notes

Would be nice to create an issue to say "Hey I'm working now or something"
Website loading has been slow recently
No Dockerfile support to see if you have a vulnerable dependency

WS-2019-0019 (Medium) detected in braces-1.8.5.tgz

WS-2019-0019 - Medium Severity Vulnerability

Vulnerable Library - braces-1.8.5.tgz

Fastest brace expansion for node.js, with the most complete support for the Bash 4.3 braces specification.

Library home page: https://registry.npmjs.org/braces/-/braces-1.8.5.tgz

Path to dependency file: /tyhal.com/package.json

Path to vulnerable library: /tmp/git/tyhal.com/node_modules/jest-runtime/node_modules/braces/package.json

Dependency Hierarchy:

react-scripts-2.1.5.tgz (Root Library)
- babel-jest-23.6.0.tgz
  - babel-plugin-istanbul-4.1.6.tgz
    - test-exclude-4.2.3.tgz
      - micromatch-2.3.11.tgz
        
        ❌ braces-1.8.5.tgz (Vulnerable Library)

Found in HEAD commit: 23bce4da7dd489875a9f77f29a81dae4f845a4ef

Vulnerability Details

Version of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.

Publish Date: 2019-03-25

URL: WS-2019-0019

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/786

Release Date: 2019-02-21

Fix Resolution: 2.3.1

Step up your Open Source Security Game with WhiteSource here

be able to print out all the recipes as a PDF -> cooking book 👌

Create icons for teaspoon and cups on recipe

WS-2019-0100 (Medium) detected in fstream-1.0.11.tgz

WS-2019-0100 - Medium Severity Vulnerability

Vulnerable Library - fstream-1.0.11.tgz

Advanced file system stream things

Library home page: https://registry.npmjs.org/fstream/-/fstream-1.0.11.tgz

Path to dependency file: /tyhal.com/package.json

Path to vulnerable library: /tmp/git/tyhal.com/node_modules/npm/node_modules/fstream/package.json

Dependency Hierarchy:

node-sass-chokidar-1.3.4.tgz (Root Library)
- node-sass-4.11.0.tgz
  - node-gyp-3.8.0.tgz
    - ❌ fstream-1.0.11.tgz (Vulnerable Library)

Found in HEAD commit: 23bce4da7dd489875a9f77f29a81dae4f845a4ef

Vulnerability Details

Versions of fstream prior to 1.0.12 are vulnerable to Arbitrary File Overwrite.

Publish Date: 2019-05-23

URL: WS-2019-0100

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/886

Release Date: 2019-05-23

Fix Resolution: 1.0.12

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11694 (High) detected in node-sass-4.14.1.tgz, node-sassv4.13.1

CVE-2018-11694 - High Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz, node-sassv4.13.1

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-sass/package.json

Dependency Hierarchy:

node-sass-chokidar-1.5.0.tgz (Root Library)
- ❌ node-sass-4.14.1.tgz (Vulnerable Library)

Found in HEAD commit: 23bce4da7dd489875a9f77f29a81dae4f845a4ef

Found in base branch: master

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11694

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/sass/libsass/releases/tag/3.6.0

Release Date: 2018-06-04

Fix Resolution: libsass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

WS-2019-0032 (Medium) detected in js-yaml-3.12.1.tgz

WS-2019-0032 - Medium Severity Vulnerability

Vulnerable Library - js-yaml-3.12.1.tgz

YAML 1.2 parser and serializer

Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.12.1.tgz

Path to dependency file: /tyhal.com/package.json

Path to vulnerable library: /tmp/git/tyhal.com/node_modules/js-yaml/package.json

Dependency Hierarchy:

react-scripts-2.1.5.tgz (Root Library)
- eslint-5.12.0.tgz
  - ❌ js-yaml-3.12.1.tgz (Vulnerable Library)

Found in HEAD commit: 23bce4da7dd489875a9f77f29a81dae4f845a4ef

Vulnerability Details

Versions js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

Publish Date: 2019-03-26

URL: WS-2019-0032

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/788/versions

Release Date: 2019-03-26

Fix Resolution: 3.13.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19826 (Medium) detected in node-sass-v4.12.0

CVE-2018-19826 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 23bce4da7dd489875a9f77f29a81dae4f845a4ef

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/tyhal.com/node_modules/node-sass/src/libsass/src/expand.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/color_maps.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_util.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/tyhal.com/node_modules/node-sass/src/libsass/src/output.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_values.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/util.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/emitter.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/lexer.cpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_node.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/plugins.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/base.h
/tyhal.com/node_modules/node-sass/src/libsass/src/position.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/subset_map.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operation.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/error_handling.hpp
/tyhal.com/node_modules/node-sass/src/custom_importer_bridge.cpp
/tyhal.com/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/functions.hpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/eval.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/tyhal.com/node_modules/node-sass/src/sass_context_wrapper.h
/tyhal.com/node_modules/node-sass/src/libsass/src/error_handling.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/node.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/parser.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/subset_map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/emitter.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/listize.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/output.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/functions.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cssize.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/prelexer.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/paths.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/inspect.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/color.cpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_unification.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/values.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_util.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/source_map.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/list.h
/tyhal.com/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/json.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/units.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/units.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/context.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8/checked.h
/tyhal.com/node_modules/node-sass/src/libsass/src/listize.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/string.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/prelexer.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/context.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/boolean.h
/tyhal.com/node_modules/node-sass/src/libsass/include/sass2scss.h
/tyhal.com/node_modules/node-sass/src/libsass/src/eval.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/expand.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/factory.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operators.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/boolean.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/source_map.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/value.h
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/tyhal.com/node_modules/node-sass/src/callback_bridge.h
/tyhal.com/node_modules/node-sass/src/libsass/src/file.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/node.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/environment.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/extend.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_context.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operators.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/constants.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/parser.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/constants.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/list.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cssize.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/functions.h
/tyhal.com/node_modules/node-sass/src/libsass/src/util.cpp
/tyhal.com/node_modules/node-sass/src/custom_function_bridge.cpp
/tyhal.com/node_modules/node-sass/src/custom_importer_bridge.h
/tyhal.com/node_modules/node-sass/src/libsass/src/bind.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/inspect.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/backtrace.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/extend.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/tyhal.com/node_modules/node-sass/src/libsass/src/debugger.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cencode.c
/tyhal.com/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/number.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/color.h
/tyhal.com/node_modules/node-sass/src/libsass/src/c99func.c
/tyhal.com/node_modules/node-sass/src/libsass/src/position.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_values.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/values.h
/tyhal.com/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/null.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/context.h
/tyhal.com/node_modules/node-sass/src/libsass/src/to_c.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_value.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/color_maps.hpp
/tyhal.com/node_modules/node-sass/src/sass_context_wrapper.cpp
/tyhal.com/node_modules/node-sass/src/libsass/script/test-leaks.pl
/tyhal.com/node_modules/node-sass/src/libsass/src/lexer.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_c.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_value.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/b64/encode.h
/tyhal.com/node_modules/node-sass/src/libsass/src/file.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/environment.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/plugins.hpp
/tyhal.com/node_modules/node-sass/src/binding.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_context.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

** DISPUTED ** In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. NOTE: Upstream comments indicate this issue is closed as "won't fix" and "works as intended" by design.

Publish Date: 2018-12-03

URL: CVE-2018-19826

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Add dropdown for mobile

CVE-2018-11693 (High) detected in node-sass-v4.12.0

CVE-2018-11693 - High Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 23bce4da7dd489875a9f77f29a81dae4f845a4ef

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/tyhal.com/node_modules/node-sass/src/libsass/src/expand.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/color_maps.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_util.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/tyhal.com/node_modules/node-sass/src/libsass/src/output.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_values.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/util.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/emitter.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/lexer.cpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_node.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/plugins.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/base.h
/tyhal.com/node_modules/node-sass/src/libsass/src/position.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/subset_map.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operation.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/error_handling.hpp
/tyhal.com/node_modules/node-sass/src/custom_importer_bridge.cpp
/tyhal.com/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/functions.hpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/eval.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/tyhal.com/node_modules/node-sass/src/sass_context_wrapper.h
/tyhal.com/node_modules/node-sass/src/libsass/src/error_handling.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/node.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/parser.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/subset_map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/emitter.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/listize.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/output.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/functions.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cssize.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/prelexer.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/paths.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/inspect.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/color.cpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_unification.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/values.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_util.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/source_map.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/list.h
/tyhal.com/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/json.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/units.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/units.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/context.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8/checked.h
/tyhal.com/node_modules/node-sass/src/libsass/src/listize.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/string.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/prelexer.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/context.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/boolean.h
/tyhal.com/node_modules/node-sass/src/libsass/include/sass2scss.h
/tyhal.com/node_modules/node-sass/src/libsass/src/eval.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/expand.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/factory.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operators.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/boolean.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/source_map.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/value.h
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/tyhal.com/node_modules/node-sass/src/callback_bridge.h
/tyhal.com/node_modules/node-sass/src/libsass/src/file.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/node.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/environment.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/extend.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_context.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operators.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/constants.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/parser.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/constants.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/list.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cssize.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/functions.h
/tyhal.com/node_modules/node-sass/src/libsass/src/util.cpp
/tyhal.com/node_modules/node-sass/src/custom_function_bridge.cpp
/tyhal.com/node_modules/node-sass/src/custom_importer_bridge.h
/tyhal.com/node_modules/node-sass/src/libsass/src/bind.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/inspect.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/backtrace.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/extend.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/tyhal.com/node_modules/node-sass/src/libsass/src/debugger.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cencode.c
/tyhal.com/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/number.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/color.h
/tyhal.com/node_modules/node-sass/src/libsass/src/c99func.c
/tyhal.com/node_modules/node-sass/src/libsass/src/position.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_values.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/values.h
/tyhal.com/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/null.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/context.h
/tyhal.com/node_modules/node-sass/src/libsass/src/to_c.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_value.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/color_maps.hpp
/tyhal.com/node_modules/node-sass/src/sass_context_wrapper.cpp
/tyhal.com/node_modules/node-sass/src/libsass/script/test-leaks.pl
/tyhal.com/node_modules/node-sass/src/libsass/src/lexer.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_c.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_value.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/b64/encode.h
/tyhal.com/node_modules/node-sass/src/libsass/src/file.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/environment.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/plugins.hpp
/tyhal.com/node_modules/node-sass/src/binding.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_context.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11693

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Able to load different resource folders and deploy to different domains

TODO switch resources folder based on a variable in the env file loaded so that the content AND the location can be changed instead of just deploying the same site in a different location

CVE-2018-19839 (Medium) detected in node-sass-v4.12.0

CVE-2018-19839 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 23bce4da7dd489875a9f77f29a81dae4f845a4ef

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/tyhal.com/node_modules/node-sass/src/libsass/src/expand.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/color_maps.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_util.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/tyhal.com/node_modules/node-sass/src/libsass/src/output.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_values.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/util.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/emitter.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/lexer.cpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_node.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/plugins.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/base.h
/tyhal.com/node_modules/node-sass/src/libsass/src/position.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/subset_map.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operation.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/error_handling.hpp
/tyhal.com/node_modules/node-sass/src/custom_importer_bridge.cpp
/tyhal.com/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/functions.hpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/eval.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/tyhal.com/node_modules/node-sass/src/sass_context_wrapper.h
/tyhal.com/node_modules/node-sass/src/libsass/src/error_handling.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/node.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/parser.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/subset_map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/emitter.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/listize.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/output.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/functions.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cssize.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/prelexer.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/paths.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/inspect.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/color.cpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_unification.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/values.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_util.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/source_map.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/list.h
/tyhal.com/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/json.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/units.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/units.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/context.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8/checked.h
/tyhal.com/node_modules/node-sass/src/libsass/src/listize.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/string.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/prelexer.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/context.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/boolean.h
/tyhal.com/node_modules/node-sass/src/libsass/include/sass2scss.h
/tyhal.com/node_modules/node-sass/src/libsass/src/eval.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/expand.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/factory.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operators.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/boolean.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/source_map.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/value.h
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/tyhal.com/node_modules/node-sass/src/callback_bridge.h
/tyhal.com/node_modules/node-sass/src/libsass/src/file.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/node.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/environment.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/extend.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_context.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operators.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/constants.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/parser.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/constants.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/list.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cssize.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/functions.h
/tyhal.com/node_modules/node-sass/src/libsass/src/util.cpp
/tyhal.com/node_modules/node-sass/src/custom_function_bridge.cpp
/tyhal.com/node_modules/node-sass/src/custom_importer_bridge.h
/tyhal.com/node_modules/node-sass/src/libsass/src/bind.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/inspect.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/backtrace.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/extend.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/tyhal.com/node_modules/node-sass/src/libsass/src/debugger.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cencode.c
/tyhal.com/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/number.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/color.h
/tyhal.com/node_modules/node-sass/src/libsass/src/c99func.c
/tyhal.com/node_modules/node-sass/src/libsass/src/position.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_values.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/values.h
/tyhal.com/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/null.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/context.h
/tyhal.com/node_modules/node-sass/src/libsass/src/to_c.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_value.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/color_maps.hpp
/tyhal.com/node_modules/node-sass/src/sass_context_wrapper.cpp
/tyhal.com/node_modules/node-sass/src/libsass/script/test-leaks.pl
/tyhal.com/node_modules/node-sass/src/libsass/src/lexer.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_c.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_value.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/b64/encode.h
/tyhal.com/node_modules/node-sass/src/libsass/src/file.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/environment.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/plugins.hpp
/tyhal.com/node_modules/node-sass/src/binding.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_context.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.

Publish Date: 2018-12-04

URL: CVE-2018-19839

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19839

Fix Resolution: 3.5.5

Step up your Open Source Security Game with WhiteSource here

CVE-2019-10744 (High) detected in lodash-4.17.11.tgz

CVE-2019-10744 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.11.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz

Path to dependency file: /tyhal.com/package.json

Path to vulnerable library: /tmp/git/tyhal.com/node_modules/lodash/package.json

Dependency Hierarchy:

node-sass-chokidar-1.3.5.tgz (Root Library)
- node-sass-4.12.0.tgz
  - ❌ lodash-4.17.11.tgz (Vulnerable Library)

Found in HEAD commit: 58f9e00203d21b32fac2fd32e59aeadfce6bc1cb

Vulnerability Details

A Prototype Pollution vulnerability was found in lodash through version 4.17.11.

Publish Date: 2019-07-08

URL: CVE-2019-10744

CVSS 2 Score Details (7.4)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: lodash/lodash@a01e4fa

Release Date: 2019-07-08

Fix Resolution: 4.17.12

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19797 (Medium) detected in node-sass-v4.12.0

CVE-2018-19797 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 23bce4da7dd489875a9f77f29a81dae4f845a4ef

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/tyhal.com/node_modules/node-sass/src/libsass/src/expand.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/color_maps.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_util.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/tyhal.com/node_modules/node-sass/src/libsass/src/output.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_values.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/util.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/emitter.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/lexer.cpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_node.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/plugins.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/base.h
/tyhal.com/node_modules/node-sass/src/libsass/src/position.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/subset_map.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operation.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/error_handling.hpp
/tyhal.com/node_modules/node-sass/src/custom_importer_bridge.cpp
/tyhal.com/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/functions.hpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/eval.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/tyhal.com/node_modules/node-sass/src/sass_context_wrapper.h
/tyhal.com/node_modules/node-sass/src/libsass/src/error_handling.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/node.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/parser.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/subset_map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/emitter.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/listize.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/output.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/functions.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cssize.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/prelexer.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/paths.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/inspect.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/color.cpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_unification.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/values.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_util.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/source_map.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/list.h
/tyhal.com/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/json.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/units.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/units.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/context.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8/checked.h
/tyhal.com/node_modules/node-sass/src/libsass/src/listize.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/string.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/prelexer.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/context.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/boolean.h
/tyhal.com/node_modules/node-sass/src/libsass/include/sass2scss.h
/tyhal.com/node_modules/node-sass/src/libsass/src/eval.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/expand.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/factory.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operators.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/boolean.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/source_map.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/value.h
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/tyhal.com/node_modules/node-sass/src/callback_bridge.h
/tyhal.com/node_modules/node-sass/src/libsass/src/file.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/node.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/environment.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/extend.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_context.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operators.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/constants.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/parser.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/constants.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/list.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cssize.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/functions.h
/tyhal.com/node_modules/node-sass/src/libsass/src/util.cpp
/tyhal.com/node_modules/node-sass/src/custom_function_bridge.cpp
/tyhal.com/node_modules/node-sass/src/custom_importer_bridge.h
/tyhal.com/node_modules/node-sass/src/libsass/src/bind.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/inspect.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/backtrace.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/extend.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/tyhal.com/node_modules/node-sass/src/libsass/src/debugger.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cencode.c
/tyhal.com/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/number.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/color.h
/tyhal.com/node_modules/node-sass/src/libsass/src/c99func.c
/tyhal.com/node_modules/node-sass/src/libsass/src/position.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_values.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/values.h
/tyhal.com/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/null.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/context.h
/tyhal.com/node_modules/node-sass/src/libsass/src/to_c.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_value.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/color_maps.hpp
/tyhal.com/node_modules/node-sass/src/sass_context_wrapper.cpp
/tyhal.com/node_modules/node-sass/src/libsass/script/test-leaks.pl
/tyhal.com/node_modules/node-sass/src/libsass/src/lexer.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_c.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_value.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/b64/encode.h
/tyhal.com/node_modules/node-sass/src/libsass/src/file.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/environment.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/plugins.hpp
/tyhal.com/node_modules/node-sass/src/binding.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_context.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-03

URL: CVE-2018-19797

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20190 (Medium) detected in node-sass-v4.12.0

CVE-2018-20190 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 23bce4da7dd489875a9f77f29a81dae4f845a4ef

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/tyhal.com/node_modules/node-sass/src/libsass/src/expand.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/color_maps.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_util.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/tyhal.com/node_modules/node-sass/src/libsass/src/output.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_values.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/util.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/emitter.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/lexer.cpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_node.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/plugins.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/base.h
/tyhal.com/node_modules/node-sass/src/libsass/src/position.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/subset_map.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operation.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/error_handling.hpp
/tyhal.com/node_modules/node-sass/src/custom_importer_bridge.cpp
/tyhal.com/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/functions.hpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/eval.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/tyhal.com/node_modules/node-sass/src/sass_context_wrapper.h
/tyhal.com/node_modules/node-sass/src/libsass/src/error_handling.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/node.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/parser.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/subset_map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/emitter.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/listize.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/output.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/functions.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cssize.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/prelexer.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/paths.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/inspect.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/color.cpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_unification.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/values.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_util.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/source_map.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/list.h
/tyhal.com/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/json.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/units.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/units.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/context.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8/checked.h
/tyhal.com/node_modules/node-sass/src/libsass/src/listize.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/string.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/prelexer.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/context.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/boolean.h
/tyhal.com/node_modules/node-sass/src/libsass/include/sass2scss.h
/tyhal.com/node_modules/node-sass/src/libsass/src/eval.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/expand.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/factory.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operators.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/boolean.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/source_map.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/value.h
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/tyhal.com/node_modules/node-sass/src/callback_bridge.h
/tyhal.com/node_modules/node-sass/src/libsass/src/file.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/node.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/environment.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/extend.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_context.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operators.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/constants.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/parser.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/constants.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/list.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cssize.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/functions.h
/tyhal.com/node_modules/node-sass/src/libsass/src/util.cpp
/tyhal.com/node_modules/node-sass/src/custom_function_bridge.cpp
/tyhal.com/node_modules/node-sass/src/custom_importer_bridge.h
/tyhal.com/node_modules/node-sass/src/libsass/src/bind.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/inspect.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/backtrace.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/extend.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/tyhal.com/node_modules/node-sass/src/libsass/src/debugger.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cencode.c
/tyhal.com/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/number.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/color.h
/tyhal.com/node_modules/node-sass/src/libsass/src/c99func.c
/tyhal.com/node_modules/node-sass/src/libsass/src/position.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_values.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/values.h
/tyhal.com/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/null.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/context.h
/tyhal.com/node_modules/node-sass/src/libsass/src/to_c.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_value.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/color_maps.hpp
/tyhal.com/node_modules/node-sass/src/sass_context_wrapper.cpp
/tyhal.com/node_modules/node-sass/src/libsass/script/test-leaks.pl
/tyhal.com/node_modules/node-sass/src/libsass/src/lexer.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_c.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_value.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/b64/encode.h
/tyhal.com/node_modules/node-sass/src/libsass/src/file.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/environment.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/plugins.hpp
/tyhal.com/node_modules/node-sass/src/binding.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_context.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-17

URL: CVE-2018-20190

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Addresss of CSS for Font wrong

Currently 404s trying to use absolute path

Change assets to be static for prod builds rather than referencing image links

Compare cloudflare with cloudfront

https://www.terraform.io/docs/providers/cloudflare/index.html

CVE-2018-19827 (High) detected in node-sass-4.14.1.tgz, node-sassv4.13.1

CVE-2018-19827 - High Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz, node-sassv4.13.1

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-sass/package.json

Dependency Hierarchy:

node-sass-chokidar-1.5.0.tgz (Root Library)
- ❌ node-sass-4.14.1.tgz (Vulnerable Library)

Found in HEAD commit: 23bce4da7dd489875a9f77f29a81dae4f845a4ef

Found in base branch: master

Vulnerability Details

In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-12-03

URL: CVE-2018-19827

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/sass/libsass/releases/tag/3.6.0

Release Date: 2018-12-03

Fix Resolution: libsass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

Work out list colors

CVE-2018-11697 (High) detected in node-sassv4.13.1, CSS::Sassv3.6.0

CVE-2018-11697 - High Severity Vulnerability

Vulnerable Libraries - node-sassv4.13.1, CSS::Sassv3.6.0

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11697

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/sass/libsass/releases/tag/3.6.0

Release Date: 2018-06-04

Fix Resolution: libsass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

Dependabot couldn't find a <anything>.tf for this project

Dependabot couldn't find a .tf for this project.

Dependabot requires a .tf to evaluate your project's current Terraform dependencies. It had expected to find one at the path: /terraform/<anything>.tf.

If this isn't a Terraform project, or if it is a library, you may wish to disable updates for it from within Dependabot.

You can mention @dependabot in the comments below to contact the Dependabot team.

CVE-2018-20834 (High) detected in tar-2.2.2.tgz

CVE-2018-20834 - High Severity Vulnerability

Vulnerable Library - tar-2.2.2.tgz

tar for node

Library home page: https://registry.npmjs.org/tar/-/tar-2.2.2.tgz

Path to dependency file: /tyhal.com/package.json

Path to vulnerable library: /tmp/git/tyhal.com/node_modules/node-gyp/node_modules/tar/package.json

Dependency Hierarchy:

node-sass-chokidar-1.3.5.tgz (Root Library)
- node-sass-4.12.0.tgz
  - node-gyp-3.8.0.tgz
    - ❌ tar-2.2.2.tgz (Vulnerable Library)

Found in HEAD commit: 9a521721bc8f6bc5e55c71e9f7538a1ce10d8656

Vulnerability Details

A vulnerability was found in node-tar before version 4.4.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content.

Publish Date: 2019-04-30

URL: CVE-2018-20834

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://hackerone.com/reports/344595

Release Date: 2019-04-30

Fix Resolution: v4.4.2

Step up your Open Source Security Game with WhiteSource here

Add standard js badge

Font too small

Embedded ascii cinema for demos

WS-2019-0063 (High) detected in js-yaml-3.12.1.tgz

WS-2019-0063 - High Severity Vulnerability

Vulnerable Library - js-yaml-3.12.1.tgz

YAML 1.2 parser and serializer

Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.12.1.tgz

Path to dependency file: /tyhal.com/package.json

Path to vulnerable library: /tmp/git/tyhal.com/node_modules/js-yaml/package.json

Dependency Hierarchy:

react-scripts-2.1.5.tgz (Root Library)
- eslint-5.12.0.tgz
  - ❌ js-yaml-3.12.1.tgz (Vulnerable Library)

Found in HEAD commit: 23bce4da7dd489875a9f77f29a81dae4f845a4ef

Vulnerability Details

Js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file.

Publish Date: 2019-04-30

URL: WS-2019-0063

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/813

Release Date: 2019-04-30

Fix Resolution: 3.13.1

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6284 (Medium) detected in node-sass-v4.12.0

CVE-2019-6284 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 23bce4da7dd489875a9f77f29a81dae4f845a4ef

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/tyhal.com/node_modules/node-sass/src/libsass/src/expand.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/color_maps.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_util.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/tyhal.com/node_modules/node-sass/src/libsass/src/output.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_values.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/util.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/emitter.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/lexer.cpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_node.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/plugins.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/base.h
/tyhal.com/node_modules/node-sass/src/libsass/src/position.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/subset_map.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operation.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/error_handling.hpp
/tyhal.com/node_modules/node-sass/src/custom_importer_bridge.cpp
/tyhal.com/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/functions.hpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/eval.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/tyhal.com/node_modules/node-sass/src/sass_context_wrapper.h
/tyhal.com/node_modules/node-sass/src/libsass/src/error_handling.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/node.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/parser.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/subset_map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/emitter.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/listize.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/output.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/functions.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cssize.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/prelexer.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/paths.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/inspect.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/color.cpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_unification.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/values.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_util.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/source_map.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/list.h
/tyhal.com/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/json.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/units.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/units.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/context.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8/checked.h
/tyhal.com/node_modules/node-sass/src/libsass/src/listize.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/string.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/prelexer.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/context.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/boolean.h
/tyhal.com/node_modules/node-sass/src/libsass/include/sass2scss.h
/tyhal.com/node_modules/node-sass/src/libsass/src/eval.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/expand.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/factory.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operators.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/boolean.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/source_map.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/value.h
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/tyhal.com/node_modules/node-sass/src/callback_bridge.h
/tyhal.com/node_modules/node-sass/src/libsass/src/file.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/node.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/environment.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/extend.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_context.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operators.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/constants.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/parser.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/constants.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/list.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cssize.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/functions.h
/tyhal.com/node_modules/node-sass/src/libsass/src/util.cpp
/tyhal.com/node_modules/node-sass/src/custom_function_bridge.cpp
/tyhal.com/node_modules/node-sass/src/custom_importer_bridge.h
/tyhal.com/node_modules/node-sass/src/libsass/src/bind.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/inspect.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/backtrace.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/extend.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/tyhal.com/node_modules/node-sass/src/libsass/src/debugger.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cencode.c
/tyhal.com/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/number.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/color.h
/tyhal.com/node_modules/node-sass/src/libsass/src/c99func.c
/tyhal.com/node_modules/node-sass/src/libsass/src/position.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_values.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/values.h
/tyhal.com/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/null.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/context.h
/tyhal.com/node_modules/node-sass/src/libsass/src/to_c.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_value.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/color_maps.hpp
/tyhal.com/node_modules/node-sass/src/sass_context_wrapper.cpp
/tyhal.com/node_modules/node-sass/src/libsass/script/test-leaks.pl
/tyhal.com/node_modules/node-sass/src/libsass/src/lexer.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_c.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_value.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/b64/encode.h
/tyhal.com/node_modules/node-sass/src/libsass/src/file.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/environment.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/plugins.hpp
/tyhal.com/node_modules/node-sass/src/binding.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_context.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6284

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

use # links so refresh doesn't break

Temporary until I have a nodejs backend

Fix 404 page from "Something has gone wrong"

CVE-2018-11695 (High) detected in node-sass-4.13.0.tgz

CVE-2018-11695 - High Severity Vulnerability

Vulnerable Library - node-sass-4.13.0.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.13.0.tgz

Path to dependency file: tyhal.com/package.json

Path to vulnerable library: tyhal.com/node_modules/node-sass/package.json

Dependency Hierarchy:

node-sass-chokidar-1.4.0.tgz (Root Library)
- ❌ node-sass-4.13.0.tgz (Vulnerable Library)

Found in HEAD commit: 23bce4da7dd489875a9f77f29a81dae4f845a4ef

Found in base branch: master

Vulnerability Details

An issue was discovered in LibSass <3.5.3. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11695

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: sass/libsass#2664

Release Date: 2018-06-04

Fix Resolution: Libsass:3.5.3, Node-sass:4.9.0

Step up your Open Source Security Game with WhiteSource here

Make github pages CI job to show hosting for free

Currently the only cost for me is the domain management, if you are ok with not being able to choose it then 👌

CVE-2018-20821 (Medium) detected in node-sass-v4.12.0

CVE-2018-20821 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 23bce4da7dd489875a9f77f29a81dae4f845a4ef

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/tyhal.com/node_modules/node-sass/src/libsass/src/expand.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/color_maps.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_util.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/tyhal.com/node_modules/node-sass/src/libsass/src/output.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_values.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/util.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/emitter.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/lexer.cpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_node.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/plugins.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/base.h
/tyhal.com/node_modules/node-sass/src/libsass/src/position.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/subset_map.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operation.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/error_handling.hpp
/tyhal.com/node_modules/node-sass/src/custom_importer_bridge.cpp
/tyhal.com/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/functions.hpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/eval.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/tyhal.com/node_modules/node-sass/src/sass_context_wrapper.h
/tyhal.com/node_modules/node-sass/src/libsass/src/error_handling.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/node.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/parser.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/subset_map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/emitter.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/listize.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/output.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/functions.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cssize.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/prelexer.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/paths.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/inspect.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/color.cpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_unification.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/values.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_util.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/source_map.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/list.h
/tyhal.com/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/json.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/units.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/units.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/context.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8/checked.h
/tyhal.com/node_modules/node-sass/src/libsass/src/listize.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/string.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/prelexer.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/context.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/boolean.h
/tyhal.com/node_modules/node-sass/src/libsass/include/sass2scss.h
/tyhal.com/node_modules/node-sass/src/libsass/src/eval.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/expand.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/factory.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operators.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/boolean.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/source_map.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/value.h
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/tyhal.com/node_modules/node-sass/src/callback_bridge.h
/tyhal.com/node_modules/node-sass/src/libsass/src/file.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/node.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/environment.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/extend.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_context.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operators.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/constants.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/parser.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/constants.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/list.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cssize.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/functions.h
/tyhal.com/node_modules/node-sass/src/libsass/src/util.cpp
/tyhal.com/node_modules/node-sass/src/custom_function_bridge.cpp
/tyhal.com/node_modules/node-sass/src/custom_importer_bridge.h
/tyhal.com/node_modules/node-sass/src/libsass/src/bind.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/inspect.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/backtrace.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/extend.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/tyhal.com/node_modules/node-sass/src/libsass/src/debugger.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cencode.c
/tyhal.com/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/number.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/color.h
/tyhal.com/node_modules/node-sass/src/libsass/src/c99func.c
/tyhal.com/node_modules/node-sass/src/libsass/src/position.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_values.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/values.h
/tyhal.com/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/null.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/context.h
/tyhal.com/node_modules/node-sass/src/libsass/src/to_c.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_value.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/color_maps.hpp
/tyhal.com/node_modules/node-sass/src/sass_context_wrapper.cpp
/tyhal.com/node_modules/node-sass/src/libsass/script/test-leaks.pl
/tyhal.com/node_modules/node-sass/src/libsass/src/lexer.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_c.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_value.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/b64/encode.h
/tyhal.com/node_modules/node-sass/src/libsass/src/file.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/environment.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/plugins.hpp
/tyhal.com/node_modules/node-sass/src/binding.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_context.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20821

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6286 (Medium) detected in node-sass-v4.12.0

CVE-2019-6286 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 23bce4da7dd489875a9f77f29a81dae4f845a4ef

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/tyhal.com/node_modules/node-sass/src/libsass/src/expand.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/color_maps.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_util.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/tyhal.com/node_modules/node-sass/src/libsass/src/output.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_values.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/util.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/emitter.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/lexer.cpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_node.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/plugins.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/base.h
/tyhal.com/node_modules/node-sass/src/libsass/src/position.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/subset_map.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operation.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/error_handling.hpp
/tyhal.com/node_modules/node-sass/src/custom_importer_bridge.cpp
/tyhal.com/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/functions.hpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/eval.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/tyhal.com/node_modules/node-sass/src/sass_context_wrapper.h
/tyhal.com/node_modules/node-sass/src/libsass/src/error_handling.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/node.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/parser.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/subset_map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/emitter.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/listize.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/output.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/functions.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cssize.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/prelexer.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/paths.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/inspect.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/color.cpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_unification.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/values.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_util.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/source_map.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/list.h
/tyhal.com/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/json.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/units.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/units.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/context.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8/checked.h
/tyhal.com/node_modules/node-sass/src/libsass/src/listize.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/string.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/prelexer.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/context.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/boolean.h
/tyhal.com/node_modules/node-sass/src/libsass/include/sass2scss.h
/tyhal.com/node_modules/node-sass/src/libsass/src/eval.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/expand.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/factory.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operators.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/boolean.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/source_map.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/value.h
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/tyhal.com/node_modules/node-sass/src/callback_bridge.h
/tyhal.com/node_modules/node-sass/src/libsass/src/file.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/node.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/environment.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/extend.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_context.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operators.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/constants.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/parser.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/constants.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/list.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cssize.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/functions.h
/tyhal.com/node_modules/node-sass/src/libsass/src/util.cpp
/tyhal.com/node_modules/node-sass/src/custom_function_bridge.cpp
/tyhal.com/node_modules/node-sass/src/custom_importer_bridge.h
/tyhal.com/node_modules/node-sass/src/libsass/src/bind.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/inspect.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/backtrace.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/extend.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/tyhal.com/node_modules/node-sass/src/libsass/src/debugger.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cencode.c
/tyhal.com/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/number.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/color.h
/tyhal.com/node_modules/node-sass/src/libsass/src/c99func.c
/tyhal.com/node_modules/node-sass/src/libsass/src/position.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_values.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/values.h
/tyhal.com/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/null.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/context.h
/tyhal.com/node_modules/node-sass/src/libsass/src/to_c.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_value.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/color_maps.hpp
/tyhal.com/node_modules/node-sass/src/sass_context_wrapper.cpp
/tyhal.com/node_modules/node-sass/src/libsass/script/test-leaks.pl
/tyhal.com/node_modules/node-sass/src/libsass/src/lexer.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_c.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_value.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/b64/encode.h
/tyhal.com/node_modules/node-sass/src/libsass/src/file.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/environment.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/plugins.hpp
/tyhal.com/node_modules/node-sass/src/binding.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_context.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.

Publish Date: 2019-01-14

URL: CVE-2019-6286

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

WS-2019-0064 (High) detected in handlebars-4.1.0.tgz

WS-2019-0064 - High Severity Vulnerability

Vulnerable Library - handlebars-4.1.0.tgz

Handlebars provides the power necessary to let you build semantic templates effectively with no frustration

Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.1.0.tgz

Path to dependency file: /tyhal.com/package.json

Path to vulnerable library: /tmp/git/tyhal.com/node_modules/handlebars/package.json

Dependency Hierarchy:

react-scripts-2.1.5.tgz (Root Library)
- jest-23.6.0.tgz
  - jest-cli-23.6.0.tgz
    - istanbul-api-1.3.7.tgz
      - istanbul-reports-1.5.1.tgz
        
        ❌ handlebars-4.1.0.tgz (Vulnerable Library)

Found in HEAD commit: 23bce4da7dd489875a9f77f29a81dae4f845a4ef

Vulnerability Details

Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.

Publish Date: 2019-04-30

URL: WS-2019-0064

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/755/versions

Release Date: 2019-04-30

Fix Resolution: 1.0.6-2,4.0.14,4.1.2

Step up your Open Source Security Game with WhiteSource here

WS-2019-0047 (Medium) detected in tar-2.2.1.tgz

WS-2019-0047 - Medium Severity Vulnerability

Vulnerable Library - tar-2.2.1.tgz

tar for node

Library home page: https://registry.npmjs.org/tar/-/tar-2.2.1.tgz

Path to dependency file: /tyhal.com/package.json

Path to vulnerable library: /tmp/git/tyhal.com/node_modules/npm/node_modules/node-gyp/node_modules/tar/package.json

Dependency Hierarchy:

npm-6.9.0.tgz (Root Library)
- node-gyp-3.8.0.tgz
  - ❌ tar-2.2.1.tgz (Vulnerable Library)

Found in HEAD commit: 23bce4da7dd489875a9f77f29a81dae4f845a4ef

Vulnerability Details

Versions of node-tar prior to 4.4.2 are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file.

Publish Date: 2019-04-05

URL: WS-2019-0047

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/803

Release Date: 2019-04-05

Fix Resolution: 4.4.2

Step up your Open Source Security Game with WhiteSource here

HTTPS using cloudfront

CVE-2018-20822 (Medium) detected in node-sass-v4.12.0

CVE-2018-20822 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 23bce4da7dd489875a9f77f29a81dae4f845a4ef

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/tyhal.com/node_modules/node-sass/src/libsass/src/expand.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/color_maps.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_util.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/tyhal.com/node_modules/node-sass/src/libsass/src/output.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_values.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/util.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/emitter.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/lexer.cpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_node.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/plugins.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/base.h
/tyhal.com/node_modules/node-sass/src/libsass/src/position.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/subset_map.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operation.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/error_handling.hpp
/tyhal.com/node_modules/node-sass/src/custom_importer_bridge.cpp
/tyhal.com/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/functions.hpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/eval.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/tyhal.com/node_modules/node-sass/src/sass_context_wrapper.h
/tyhal.com/node_modules/node-sass/src/libsass/src/error_handling.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/node.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/parser.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/subset_map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/emitter.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/listize.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/output.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/functions.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cssize.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/prelexer.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/paths.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/inspect.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/color.cpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_unification.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/values.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_util.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/source_map.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/list.h
/tyhal.com/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/json.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/units.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/units.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/context.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8/checked.h
/tyhal.com/node_modules/node-sass/src/libsass/src/listize.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/string.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/prelexer.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/context.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/boolean.h
/tyhal.com/node_modules/node-sass/src/libsass/include/sass2scss.h
/tyhal.com/node_modules/node-sass/src/libsass/src/eval.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/expand.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/factory.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operators.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/boolean.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/source_map.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/value.h
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/tyhal.com/node_modules/node-sass/src/callback_bridge.h
/tyhal.com/node_modules/node-sass/src/libsass/src/file.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/node.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/environment.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/extend.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_context.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operators.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/constants.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/parser.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/constants.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/list.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cssize.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/functions.h
/tyhal.com/node_modules/node-sass/src/libsass/src/util.cpp
/tyhal.com/node_modules/node-sass/src/custom_function_bridge.cpp
/tyhal.com/node_modules/node-sass/src/custom_importer_bridge.h
/tyhal.com/node_modules/node-sass/src/libsass/src/bind.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/inspect.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/backtrace.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/extend.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/tyhal.com/node_modules/node-sass/src/libsass/src/debugger.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cencode.c
/tyhal.com/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/number.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/color.h
/tyhal.com/node_modules/node-sass/src/libsass/src/c99func.c
/tyhal.com/node_modules/node-sass/src/libsass/src/position.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_values.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/values.h
/tyhal.com/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/null.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/context.h
/tyhal.com/node_modules/node-sass/src/libsass/src/to_c.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_value.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/color_maps.hpp
/tyhal.com/node_modules/node-sass/src/sass_context_wrapper.cpp
/tyhal.com/node_modules/node-sass/src/libsass/script/test-leaks.pl
/tyhal.com/node_modules/node-sass/src/libsass/src/lexer.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_c.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_value.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/b64/encode.h
/tyhal.com/node_modules/node-sass/src/libsass/src/file.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/environment.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/plugins.hpp
/tyhal.com/node_modules/node-sass/src/binding.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_context.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20822

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Account Ranking

Like Steam Showcases but to consolidate accounts that have progress

Duolingo:
https://www.duolingo.com/2017-06-30/users?username=

CodinGame
Github
Kaggle

WS-2018-0236 (Medium) detected in mem-1.1.0.tgz

WS-2018-0236 - Medium Severity Vulnerability

Vulnerable Library - mem-1.1.0.tgz

Memoize functions - An optimization used to speed up consecutive function calls by caching the result of calls with identical input

Library home page: https://registry.npmjs.org/mem/-/mem-1.1.0.tgz

Path to dependency file: /tyhal.com/package.json

Path to vulnerable library: /tmp/git/tyhal.com/node_modules/npm/node_modules/mem/package.json

Dependency Hierarchy:

npm-6.10.0.tgz (Root Library)
- libnpx-10.2.0.tgz
  - yargs-11.0.0.tgz
    - os-locale-2.1.0.tgz
      - ❌ mem-1.1.0.tgz (Vulnerable Library)

Found in HEAD commit: 2184255eb9c4f417b3cf268fd7294259c52fcbb9

Vulnerability Details

In nodejs-mem before version 4.0.0 there is a memory leak due to old results not being removed from the cache despite reaching maxAge. Exploitation of this can lead to exhaustion of memory and subsequent denial of service.

Publish Date: 2019-05-30

URL: WS-2018-0236

CVSS 2 Score Details (5.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1623744

Release Date: 2019-05-30

Fix Resolution: 4.0.0

Step up your Open Source Security Game with WhiteSource here

CVE-2019-10746 (High) detected in mixin-deep-1.3.1.tgz

CVE-2019-10746 - High Severity Vulnerability

Vulnerable Library - mixin-deep-1.3.1.tgz

Deeply mix the properties of objects into the first object. Like merge-deep, but doesn't clone.

Library home page: https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.1.tgz

Path to dependency file: /tyhal.com/package.json

Path to vulnerable library: /tmp/git/tyhal.com/node_modules/mixin-deep/package.json

Dependency Hierarchy:

node-sass-chokidar-1.3.5.tgz (Root Library)
- chokidar-2.0.4.tgz
  - braces-2.3.2.tgz
    - snapdragon-0.8.2.tgz
      - base-0.11.2.tgz
        
        ❌ mixin-deep-1.3.1.tgz (Vulnerable Library)

Found in HEAD commit: 294ccdde56fee06e542a5cf23a87355e8341b56f

Vulnerability Details

mixin-deep before 1.3.2 is vulnerable to Prototype Pollution.

Publish Date: 2019-07-11

URL: CVE-2019-10746

CVSS 2 Score Details (7.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: jonschlinkert/mixin-deep@8f464c8

Release Date: 2019-07-11

Fix Resolution: 1.3.2

Step up your Open Source Security Game with WhiteSource here

Mobile Viewport

CVE-2018-11698 (High) detected in node-sass-4.14.1.tgz, node-sassv4.13.1

CVE-2018-11698 - High Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz, node-sassv4.13.1

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-sass/package.json

Dependency Hierarchy:

node-sass-chokidar-1.5.0.tgz (Root Library)
- ❌ node-sass-4.14.1.tgz (Vulnerable Library)

Found in HEAD commit: 23bce4da7dd489875a9f77f29a81dae4f845a4ef

Found in base branch: master

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11698

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/sass/libsass/releases/tag/3.5.5

Release Date: 2018-06-04

Fix Resolution: libsass - 3.5.5;node-sass - 4.14.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11499 (High) detected in node-sassv4.13.1

CVE-2018-11499 - High Severity Vulnerability

Vulnerable Library - node-sassv4.13.1

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 23bce4da7dd489875a9f77f29a81dae4f845a4ef

Found in base branch: master

Vulnerable Source Files (1)

/tyhal.com/node_modules/node-sass/src/libsass/src/parser.cpp

Vulnerability Details

A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.

Publish Date: 2018-05-26

URL: CVE-2018-11499

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/sass/libsass/releases/tag/3.6.0

Release Date: 2018-05-26

Fix Resolution: libsass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2019-13173 (High) detected in fstream-1.0.11.tgz

CVE-2019-13173 - High Severity Vulnerability

Vulnerable Library - fstream-1.0.11.tgz

Advanced file system stream things

Library home page: https://registry.npmjs.org/fstream/-/fstream-1.0.11.tgz

Path to dependency file: /tyhal.com/package.json

Path to vulnerable library: /tmp/git/tyhal.com/node_modules/npm/node_modules/fstream/package.json

Dependency Hierarchy:

npm-6.9.2.tgz (Root Library)
- node-gyp-3.8.0.tgz
  - ❌ fstream-1.0.11.tgz (Vulnerable Library)

Found in HEAD commit: 58f9e00203d21b32fac2fd32e59aeadfce6bc1cb

Vulnerability Details

fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.

Publish Date: 2019-07-02

URL: CVE-2019-13173

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13173

Release Date: 2019-07-02

Fix Resolution: 1.0.12

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19838 (Medium) detected in node-sass-v4.12.0

CVE-2018-19838 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 23bce4da7dd489875a9f77f29a81dae4f845a4ef

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/tyhal.com/node_modules/node-sass/src/libsass/src/expand.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/color_maps.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_util.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/tyhal.com/node_modules/node-sass/src/libsass/src/output.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_values.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/util.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/emitter.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/lexer.cpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_node.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/plugins.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/base.h
/tyhal.com/node_modules/node-sass/src/libsass/src/position.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/subset_map.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operation.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/error_handling.hpp
/tyhal.com/node_modules/node-sass/src/custom_importer_bridge.cpp
/tyhal.com/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/functions.hpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/eval.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/tyhal.com/node_modules/node-sass/src/sass_context_wrapper.h
/tyhal.com/node_modules/node-sass/src/libsass/src/error_handling.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/node.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/parser.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/subset_map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/emitter.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/listize.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/output.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/functions.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cssize.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/prelexer.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/paths.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/inspect.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/color.cpp
/tyhal.com/node_modules/node-sass/src/libsass/test/test_unification.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/values.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_util.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/source_map.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/list.h
/tyhal.com/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/json.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/units.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/units.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/context.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8/checked.h
/tyhal.com/node_modules/node-sass/src/libsass/src/listize.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/string.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/prelexer.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/context.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/boolean.h
/tyhal.com/node_modules/node-sass/src/libsass/include/sass2scss.h
/tyhal.com/node_modules/node-sass/src/libsass/src/eval.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/expand.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/factory.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operators.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/boolean.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/source_map.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/value.h
/tyhal.com/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/tyhal.com/node_modules/node-sass/src/callback_bridge.h
/tyhal.com/node_modules/node-sass/src/libsass/src/file.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/node.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/environment.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/extend.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_context.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/operators.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/constants.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/parser.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/constants.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/list.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cssize.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/functions.h
/tyhal.com/node_modules/node-sass/src/libsass/src/util.cpp
/tyhal.com/node_modules/node-sass/src/custom_function_bridge.cpp
/tyhal.com/node_modules/node-sass/src/custom_importer_bridge.h
/tyhal.com/node_modules/node-sass/src/libsass/src/bind.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/inspect.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/backtrace.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/extend.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/tyhal.com/node_modules/node-sass/src/libsass/src/debugger.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/cencode.c
/tyhal.com/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/number.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/color.h
/tyhal.com/node_modules/node-sass/src/libsass/src/c99func.c
/tyhal.com/node_modules/node-sass/src/libsass/src/position.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_values.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/values.h
/tyhal.com/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/tyhal.com/node_modules/node-sass/src/sass_types/null.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/ast.cpp
/tyhal.com/node_modules/node-sass/src/libsass/include/sass/context.h
/tyhal.com/node_modules/node-sass/src/libsass/src/to_c.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_value.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/color_maps.hpp
/tyhal.com/node_modules/node-sass/src/sass_context_wrapper.cpp
/tyhal.com/node_modules/node-sass/src/libsass/script/test-leaks.pl
/tyhal.com/node_modules/node-sass/src/libsass/src/lexer.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_c.hpp
/tyhal.com/node_modules/node-sass/src/sass_types/map.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/to_value.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/b64/encode.h
/tyhal.com/node_modules/node-sass/src/libsass/src/file.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/environment.hpp
/tyhal.com/node_modules/node-sass/src/libsass/src/plugins.hpp
/tyhal.com/node_modules/node-sass/src/binding.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/sass_context.cpp
/tyhal.com/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().

Publish Date: 2018-12-04

URL: CVE-2018-19838

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19838

Fix Resolution: 3.5.5

Step up your Open Source Security Game with WhiteSource here

tyhal / tyhal.com Goto Github PK

tyhal.com's People

Contributors

Stargazers

Watchers

Forkers

tyhal.com's Issues

CVE-2019-6283 - Medium Severity Vulnerability

Dependency

Security

Whats missing?

Other notes

Synk Dependency Update Notes

WS-2019-0019 - Medium Severity Vulnerability

WS-2019-0100 - Medium Severity Vulnerability

CVE-2018-11694 - High Severity Vulnerability

WS-2019-0032 - Medium Severity Vulnerability

CVE-2018-19826 - Medium Severity Vulnerability

CVE-2018-11693 - High Severity Vulnerability

CVE-2018-19839 - Medium Severity Vulnerability

CVE-2019-10744 - High Severity Vulnerability

CVE-2018-19797 - Medium Severity Vulnerability

CVE-2018-20190 - Medium Severity Vulnerability

CVE-2018-19827 - High Severity Vulnerability

CVE-2018-11697 - High Severity Vulnerability

CVE-2018-20834 - High Severity Vulnerability

WS-2019-0063 - High Severity Vulnerability

CVE-2019-6284 - Medium Severity Vulnerability

CVE-2018-11695 - High Severity Vulnerability

CVE-2018-20821 - Medium Severity Vulnerability

CVE-2019-6286 - Medium Severity Vulnerability

WS-2019-0064 - High Severity Vulnerability

WS-2019-0047 - Medium Severity Vulnerability

CVE-2018-20822 - Medium Severity Vulnerability

WS-2018-0236 - Medium Severity Vulnerability

CVE-2019-10746 - High Severity Vulnerability

CVE-2018-11698 - High Severity Vulnerability

CVE-2018-11499 - High Severity Vulnerability

CVE-2019-13173 - High Severity Vulnerability

CVE-2018-19838 - Medium Severity Vulnerability

Recommend Projects

Recommend Topics

Recommend Org

Jobs