udsm-dhis2-lab / iassignment Goto Github PK

License: GNU Lesser General Public License v3.0

JavaScript 3.19% TypeScript 81.29% HTML 2.51% CSS 9.72% SCSS 3.29%

iassignment's Introduction

Assignment App

DHIS2 application built for assigning various metadata including organisation units, data sets, programs etc. Aiming in simplifying the activity of assigning multiple metadata at once.

Prerequisites

Make sure your environment has the following

NodeJs (16 or higher)

Angular CLI v17 or higher

git

Installation

Clone the repository from Git

git clone https://github.com/udsm-dhis2-lab/iassignment.git

Navigate to application root folder

cd iassignment

Install all required dependencies for the app.

npm install

yarn install

Development server

Execute the following command to run the application.

npm start

yarn start

Navigate to http://localhost:4200.

NOTE: This command will require proxy-config.json file available in the root of your source code, usually this file has this format.

{
  "/api": {
    "target": "http://localhost:4200/dhis/",
    "secure": "false",
    "auth": "username:password",
    "changeOrigin": true
  },
  "/": {
    "target": "http://localhost:4200/dhis/",
    "secure": "false",
    "auth": "username:password",
    "changeOrigin": true
  }
}

We have provided proxy-config.example.json file as an example, make a copy and rename to proxy-config.json

Build

To build the application, run

npm run build

yarn build

The build artifacts will be stored in the dist/, this will include a zip file ready for deploying to any DHIS2 instance..

Further help

To get more help on the Angular CLI use ng help or go check out the Angular CLI Overview and Command Reference page.

iassignment's People

Contributors

Stargazers

Watchers

Forkers

hispsa uonafya martinakraus

iassignment's Issues

loading interactive assignments app fails on 2.40.3(dhis2)

Current Behavior:
This happens when you land on the app.

Step(s) to replicate:
Goto/Open Interactive Assignments app

Additional info:

Fails on dhis2 version: 2.40.3
Works as it should on version 2.38.3.1

CVE-2018-19838 (Medium) detected in opennms-opennms-source-23.0.0-1

CVE-2018-19838 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Library Source Files (62)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/iassignments/node_modules/node-sass/src/libsass/src/expand.hpp
/iassignments/node_modules/node-sass/src/libsass/src/expand.cpp
/iassignments/node_modules/node-sass/src/sass_types/factory.cpp
/iassignments/node_modules/node-sass/src/sass_types/boolean.cpp
/iassignments/node_modules/node-sass/src/libsass/src/util.hpp
/iassignments/node_modules/node-sass/src/sass_types/value.h
/iassignments/node_modules/node-sass/src/libsass/src/emitter.hpp
/iassignments/node_modules/node-sass/src/callback_bridge.h
/iassignments/node_modules/node-sass/src/libsass/src/file.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass.cpp
/iassignments/node_modules/node-sass/src/libsass/src/operation.hpp
/iassignments/node_modules/node-sass/src/libsass/src/operators.hpp
/iassignments/node_modules/node-sass/src/libsass/src/constants.hpp
/iassignments/node_modules/node-sass/src/libsass/src/error_handling.hpp
/iassignments/node_modules/node-sass/src/custom_importer_bridge.cpp
/iassignments/node_modules/node-sass/src/libsass/src/parser.hpp
/iassignments/node_modules/node-sass/src/libsass/src/constants.cpp
/iassignments/node_modules/node-sass/src/sass_types/list.cpp
/iassignments/node_modules/node-sass/src/libsass/src/cssize.cpp
/iassignments/node_modules/node-sass/src/libsass/src/functions.hpp
/iassignments/node_modules/node-sass/src/libsass/src/util.cpp
/iassignments/node_modules/node-sass/src/custom_function_bridge.cpp
/iassignments/node_modules/node-sass/src/custom_importer_bridge.h
/iassignments/node_modules/node-sass/src/libsass/src/bind.cpp
/iassignments/node_modules/node-sass/src/libsass/src/eval.hpp
/iassignments/node_modules/node-sass/src/libsass/src/backtrace.cpp
/iassignments/node_modules/node-sass/src/libsass/src/extend.cpp
/iassignments/node_modules/node-sass/src/sass_context_wrapper.h
/iassignments/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/iassignments/node_modules/node-sass/src/libsass/src/error_handling.cpp
/iassignments/node_modules/node-sass/src/libsass/src/debugger.hpp
/iassignments/node_modules/node-sass/src/libsass/src/emitter.cpp
/iassignments/node_modules/node-sass/src/sass_types/number.cpp
/iassignments/node_modules/node-sass/src/sass_types/color.h
/iassignments/node_modules/node-sass/src/libsass/src/sass_values.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast.hpp
/iassignments/node_modules/node-sass/src/libsass/src/output.cpp
/iassignments/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/iassignments/node_modules/node-sass/src/sass_types/null.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/iassignments/node_modules/node-sass/src/libsass/src/functions.cpp
/iassignments/node_modules/node-sass/src/libsass/src/cssize.hpp
/iassignments/node_modules/node-sass/src/libsass/src/prelexer.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_c.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_value.hpp
/iassignments/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/iassignments/node_modules/node-sass/src/libsass/src/inspect.hpp
/iassignments/node_modules/node-sass/src/sass_types/color.cpp
/iassignments/node_modules/node-sass/src/libsass/src/values.cpp
/iassignments/node_modules/node-sass/src/sass_context_wrapper.cpp
/iassignments/node_modules/node-sass/src/sass_types/list.h
/iassignments/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/iassignments/node_modules/node-sass/src/sass_types/map.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_value.cpp
/iassignments/node_modules/node-sass/src/libsass/src/context.cpp
/iassignments/node_modules/node-sass/src/sass_types/string.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass_context.cpp
/iassignments/node_modules/node-sass/src/libsass/src/prelexer.hpp
/iassignments/node_modules/node-sass/src/libsass/src/context.hpp
/iassignments/node_modules/node-sass/src/sass_types/boolean.h
/iassignments/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().

Publish Date: 2018-12-04

URL: CVE-2018-19838

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/sass/libsass/blob/3.6.0/src/ast.cpp

Release Date: 2019-07-01

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11693 (High) detected in opennms-opennms-source-23.0.0-1

CVE-2018-11693 - High Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Library Source Files (62)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/iassignments/node_modules/node-sass/src/libsass/src/expand.hpp
/iassignments/node_modules/node-sass/src/libsass/src/expand.cpp
/iassignments/node_modules/node-sass/src/sass_types/factory.cpp
/iassignments/node_modules/node-sass/src/sass_types/boolean.cpp
/iassignments/node_modules/node-sass/src/libsass/src/util.hpp
/iassignments/node_modules/node-sass/src/sass_types/value.h
/iassignments/node_modules/node-sass/src/libsass/src/emitter.hpp
/iassignments/node_modules/node-sass/src/callback_bridge.h
/iassignments/node_modules/node-sass/src/libsass/src/file.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass.cpp
/iassignments/node_modules/node-sass/src/libsass/src/operation.hpp
/iassignments/node_modules/node-sass/src/libsass/src/operators.hpp
/iassignments/node_modules/node-sass/src/libsass/src/constants.hpp
/iassignments/node_modules/node-sass/src/libsass/src/error_handling.hpp
/iassignments/node_modules/node-sass/src/custom_importer_bridge.cpp
/iassignments/node_modules/node-sass/src/libsass/src/parser.hpp
/iassignments/node_modules/node-sass/src/libsass/src/constants.cpp
/iassignments/node_modules/node-sass/src/sass_types/list.cpp
/iassignments/node_modules/node-sass/src/libsass/src/cssize.cpp
/iassignments/node_modules/node-sass/src/libsass/src/functions.hpp
/iassignments/node_modules/node-sass/src/libsass/src/util.cpp
/iassignments/node_modules/node-sass/src/custom_function_bridge.cpp
/iassignments/node_modules/node-sass/src/custom_importer_bridge.h
/iassignments/node_modules/node-sass/src/libsass/src/bind.cpp
/iassignments/node_modules/node-sass/src/libsass/src/eval.hpp
/iassignments/node_modules/node-sass/src/libsass/src/backtrace.cpp
/iassignments/node_modules/node-sass/src/libsass/src/extend.cpp
/iassignments/node_modules/node-sass/src/sass_context_wrapper.h
/iassignments/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/iassignments/node_modules/node-sass/src/libsass/src/error_handling.cpp
/iassignments/node_modules/node-sass/src/libsass/src/debugger.hpp
/iassignments/node_modules/node-sass/src/libsass/src/emitter.cpp
/iassignments/node_modules/node-sass/src/sass_types/number.cpp
/iassignments/node_modules/node-sass/src/sass_types/color.h
/iassignments/node_modules/node-sass/src/libsass/src/sass_values.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast.hpp
/iassignments/node_modules/node-sass/src/libsass/src/output.cpp
/iassignments/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/iassignments/node_modules/node-sass/src/sass_types/null.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/iassignments/node_modules/node-sass/src/libsass/src/functions.cpp
/iassignments/node_modules/node-sass/src/libsass/src/cssize.hpp
/iassignments/node_modules/node-sass/src/libsass/src/prelexer.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_c.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_value.hpp
/iassignments/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/iassignments/node_modules/node-sass/src/libsass/src/inspect.hpp
/iassignments/node_modules/node-sass/src/sass_types/color.cpp
/iassignments/node_modules/node-sass/src/libsass/src/values.cpp
/iassignments/node_modules/node-sass/src/sass_context_wrapper.cpp
/iassignments/node_modules/node-sass/src/sass_types/list.h
/iassignments/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/iassignments/node_modules/node-sass/src/sass_types/map.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_value.cpp
/iassignments/node_modules/node-sass/src/libsass/src/context.cpp
/iassignments/node_modules/node-sass/src/sass_types/string.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass_context.cpp
/iassignments/node_modules/node-sass/src/libsass/src/prelexer.hpp
/iassignments/node_modules/node-sass/src/libsass/src/context.hpp
/iassignments/node_modules/node-sass/src/sass_types/boolean.h
/iassignments/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11693

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11693

Release Date: 2018-06-04

Fix Resolution: LibSass - 3.5.5

Step up your Open Source Security Game with WhiteSource here

Supports offline storage for assignments

WS-2017-0421 (High) detected in ws-1.1.5.tgz, ws-1.1.2.tgz

WS-2017-0421 - High Severity Vulnerability

Vulnerable Libraries - ws-1.1.5.tgz, ws-1.1.2.tgz

ws-1.1.5.tgz

Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js

Library home page: https://registry.npmjs.org/ws/-/ws-1.1.5.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /tmp/git/iassignments/node_modules/webdriver-js-extender/node_modules/ws/package.json

Dependency Hierarchy:

protractor-5.3.2.tgz (Root Library)
- webdriver-js-extender-1.0.0.tgz
  - selenium-webdriver-2.53.3.tgz
    - ❌ ws-1.1.5.tgz (Vulnerable Library)

ws-1.1.2.tgz

simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455

Library home page: https://registry.npmjs.org/ws/-/ws-1.1.2.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /tmp/git/iassignments/node_modules/engine.io-client/node_modules/ws/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- socket.io-1.7.3.tgz
  - engine.io-1.8.3.tgz
    - ❌ ws-1.1.2.tgz (Vulnerable Library)

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Vulnerability Details

Affected version of ws (0.2.6--3.3.0) are vulnerable to A specially crafted value of the Sec-WebSocket-Extensions header that used Object.prototype property names as extension or parameter names could be used to make a ws server crash.

Publish Date: 2017-11-08

URL: WS-2017-0421

CVSS 2 Score Details (7.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/550/versions

Release Date: 2019-01-24

Fix Resolution: 3.3.1

Step up your Open Source Security Game with WhiteSource here

Include program count on assignment

Enable re-assign all for a entire column at hover

CVE-2018-11697 (High) detected in node-sass-v4.11.0, CSS::Sass-v3.6.0

CVE-2018-11697 - High Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11697

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11697

Release Date: 2019-09-01

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

WS-2019-0103 (Medium) detected in handlebars-4.0.12.tgz

WS-2019-0103 - Medium Severity Vulnerability

Vulnerable Library - handlebars-4.0.12.tgz

Handlebars provides the power necessary to let you build semantic templates effectively with no frustration

Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.0.12.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /tmp/git/iassignments/node_modules/handlebars/package.json

Dependency Hierarchy:

build-angular-0.6.8.tgz (Root Library)
- istanbul-0.4.5.tgz
  - ❌ handlebars-4.0.12.tgz (Vulnerable Library)

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Vulnerability Details

Handlebars.js before 4.1.0 has Remote Code Execution (RCE)

Publish Date: 2019-05-30

URL: WS-2019-0103

CVSS 2 Score Details (5.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: handlebars-lang/handlebars.js@edc6220

Release Date: 2019-05-30

Fix Resolution: 4.1.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19826 (Medium) detected in node-sass-v4.11.0

CVE-2018-19826 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Library Source Files (4)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/iassignments/node_modules/node-sass/src/binding.cpp
/iassignments/node_modules/node-sass/src/libsass/src/inspect.cpp
/iassignments/node_modules/node-sass/src/libsass/src/operators.cpp
/iassignments/node_modules/node-sass/src/libsass/src/parser.cpp

Vulnerability Details

** DISPUTED ** In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. NOTE: Upstream comments indicate this issue is closed as "won't fix" and "works as intended" by design.

Publish Date: 2018-12-03

URL: CVE-2018-19826

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19826

Release Date: 2019-09-01

Fix Resolution: Replace or update the following file: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20190 (Medium) detected in opennms-opennms-source-23.0.0-1, node-sass-v4.11.0

CVE-2018-20190 - Medium Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-17

URL: CVE-2018-20190

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20190

Release Date: 2018-12-17

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19827 (High) detected in opennms-opennms-source-23.0.0-1, CSS::Sass-v3.6.0

CVE-2018-19827 - High Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-12-03

URL: CVE-2018-19827

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: sass/libsass#2784

Release Date: 2019-08-29

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-14042 (Medium) detected in bootstrap-4.0.0-beta.2.tgz

CVE-2018-14042 - Medium Severity Vulnerability

Vulnerable Library - bootstrap-4.0.0-beta.2.tgz

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://registry.npmjs.org/bootstrap/-/bootstrap-4.0.0-beta.2.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /iassignments/node_modules/bootstrap/package.json

Dependency Hierarchy:

❌ bootstrap-4.0.0-beta.2.tgz (Vulnerable Library)

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

Publish Date: 2018-07-13

URL: CVE-2018-14042

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14042

Release Date: 2018-07-13

Fix Resolution: 4.1.2

Step up your Open Source Security Game with WhiteSource here

WS-2019-0032 (Medium) detected in js-yaml-3.12.0.tgz

WS-2019-0032 - Medium Severity Vulnerability

Vulnerable Library - js-yaml-3.12.0.tgz

YAML 1.2 parser and serializer

Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.12.0.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /tmp/git/iassignments/node_modules/js-yaml/package.json

Dependency Hierarchy:

tslint-5.9.1.tgz (Root Library)
- ❌ js-yaml-3.12.0.tgz (Vulnerable Library)

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Vulnerability Details

Versions js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

Publish Date: 2019-03-26

URL: WS-2019-0032

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/788/versions

Release Date: 2019-03-26

Fix Resolution: 3.13.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20834 (High) detected in tar-2.2.2.tgz

CVE-2018-20834 - High Severity Vulnerability

Vulnerable Library - tar-2.2.2.tgz

tar for node

Library home page: https://registry.npmjs.org/tar/-/tar-2.2.2.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /tmp/git/iassignments/node_modules/tar/package.json

Dependency Hierarchy:

build-angular-0.6.8.tgz (Root Library)
- node-sass-4.12.0.tgz
  - node-gyp-3.8.0.tgz
    - ❌ tar-2.2.2.tgz (Vulnerable Library)

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Vulnerability Details

A vulnerability was found in node-tar before version 4.4.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content.

Publish Date: 2019-04-30

URL: CVE-2018-20834

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://hackerone.com/reports/344595

Release Date: 2019-04-30

Fix Resolution: v4.4.2

Step up your Open Source Security Game with WhiteSource here

CVE-2018-14040 (Medium) detected in bootstrap-4.0.0-beta.2.tgz

CVE-2018-14040 - Medium Severity Vulnerability

Vulnerable Library - bootstrap-4.0.0-beta.2.tgz

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://registry.npmjs.org/bootstrap/-/bootstrap-4.0.0-beta.2.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /iassignments/node_modules/bootstrap/package.json

Dependency Hierarchy:

❌ bootstrap-4.0.0-beta.2.tgz (Vulnerable Library)

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

Publish Date: 2018-07-13

URL: CVE-2018-14040

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14040

Release Date: 2018-07-13

Fix Resolution: 4.1.2

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11499 (High) detected in opennms-opennms-source-23.0.0-1, node-sass-v4.11.0

CVE-2018-11499 - High Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.

Publish Date: 2018-05-26

URL: CVE-2018-11499

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11499

Release Date: 2018-05-26

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6286 (Medium) detected in opennms-opennms-source-23.0.0-1

CVE-2019-6286 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Library Source Files (62)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/iassignments/node_modules/node-sass/src/libsass/src/expand.hpp
/iassignments/node_modules/node-sass/src/libsass/src/expand.cpp
/iassignments/node_modules/node-sass/src/sass_types/factory.cpp
/iassignments/node_modules/node-sass/src/sass_types/boolean.cpp
/iassignments/node_modules/node-sass/src/libsass/src/util.hpp
/iassignments/node_modules/node-sass/src/sass_types/value.h
/iassignments/node_modules/node-sass/src/libsass/src/emitter.hpp
/iassignments/node_modules/node-sass/src/callback_bridge.h
/iassignments/node_modules/node-sass/src/libsass/src/file.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass.cpp
/iassignments/node_modules/node-sass/src/libsass/src/operation.hpp
/iassignments/node_modules/node-sass/src/libsass/src/operators.hpp
/iassignments/node_modules/node-sass/src/libsass/src/constants.hpp
/iassignments/node_modules/node-sass/src/libsass/src/error_handling.hpp
/iassignments/node_modules/node-sass/src/custom_importer_bridge.cpp
/iassignments/node_modules/node-sass/src/libsass/src/parser.hpp
/iassignments/node_modules/node-sass/src/libsass/src/constants.cpp
/iassignments/node_modules/node-sass/src/sass_types/list.cpp
/iassignments/node_modules/node-sass/src/libsass/src/cssize.cpp
/iassignments/node_modules/node-sass/src/libsass/src/functions.hpp
/iassignments/node_modules/node-sass/src/libsass/src/util.cpp
/iassignments/node_modules/node-sass/src/custom_function_bridge.cpp
/iassignments/node_modules/node-sass/src/custom_importer_bridge.h
/iassignments/node_modules/node-sass/src/libsass/src/bind.cpp
/iassignments/node_modules/node-sass/src/libsass/src/eval.hpp
/iassignments/node_modules/node-sass/src/libsass/src/backtrace.cpp
/iassignments/node_modules/node-sass/src/libsass/src/extend.cpp
/iassignments/node_modules/node-sass/src/sass_context_wrapper.h
/iassignments/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/iassignments/node_modules/node-sass/src/libsass/src/error_handling.cpp
/iassignments/node_modules/node-sass/src/libsass/src/debugger.hpp
/iassignments/node_modules/node-sass/src/libsass/src/emitter.cpp
/iassignments/node_modules/node-sass/src/sass_types/number.cpp
/iassignments/node_modules/node-sass/src/sass_types/color.h
/iassignments/node_modules/node-sass/src/libsass/src/sass_values.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast.hpp
/iassignments/node_modules/node-sass/src/libsass/src/output.cpp
/iassignments/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/iassignments/node_modules/node-sass/src/sass_types/null.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/iassignments/node_modules/node-sass/src/libsass/src/functions.cpp
/iassignments/node_modules/node-sass/src/libsass/src/cssize.hpp
/iassignments/node_modules/node-sass/src/libsass/src/prelexer.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_c.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_value.hpp
/iassignments/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/iassignments/node_modules/node-sass/src/libsass/src/inspect.hpp
/iassignments/node_modules/node-sass/src/sass_types/color.cpp
/iassignments/node_modules/node-sass/src/libsass/src/values.cpp
/iassignments/node_modules/node-sass/src/sass_context_wrapper.cpp
/iassignments/node_modules/node-sass/src/sass_types/list.h
/iassignments/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/iassignments/node_modules/node-sass/src/sass_types/map.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_value.cpp
/iassignments/node_modules/node-sass/src/libsass/src/context.cpp
/iassignments/node_modules/node-sass/src/sass_types/string.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass_context.cpp
/iassignments/node_modules/node-sass/src/libsass/src/prelexer.hpp
/iassignments/node_modules/node-sass/src/libsass/src/context.hpp
/iassignments/node_modules/node-sass/src/sass_types/boolean.h
/iassignments/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.

Publish Date: 2019-01-14

URL: CVE-2019-6286

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6286

Release Date: 2019-08-06

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

WS-2019-0063 (High) detected in js-yaml-3.12.0.tgz

WS-2019-0063 - High Severity Vulnerability

Vulnerable Library - js-yaml-3.12.0.tgz

YAML 1.2 parser and serializer

Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.12.0.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /tmp/git/iassignments/node_modules/js-yaml/package.json

Dependency Hierarchy:

tslint-5.9.1.tgz (Root Library)
- ❌ js-yaml-3.12.0.tgz (Vulnerable Library)

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Vulnerability Details

Js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file.

Publish Date: 2019-04-30

URL: WS-2019-0063

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/813

Release Date: 2019-04-30

Fix Resolution: 3.13.1

Step up your Open Source Security Game with WhiteSource here

CVE-2018-1002204 (Medium) detected in adm-zip-0.4.4.tgz

CVE-2018-1002204 - Medium Severity Vulnerability

Vulnerable Library - adm-zip-0.4.4.tgz

A Javascript implementation of zip for nodejs. Allows user to create or extract zip files both in memory or to/from disk

Library home page: https://registry.npmjs.org/adm-zip/-/adm-zip-0.4.4.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /tmp/git/iassignments/node_modules/adm-zip/package.json

Dependency Hierarchy:

protractor-5.3.2.tgz (Root Library)
- webdriver-js-extender-1.0.0.tgz
  - selenium-webdriver-2.53.3.tgz
    - ❌ adm-zip-0.4.4.tgz (Vulnerable Library)

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Vulnerability Details

adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.

Publish Date: 2018-07-25

URL: CVE-2018-1002204

CVSS 3 Score Details (5.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-1002204

Release Date: 2018-07-25

Fix Resolution: 0.4.9

Step up your Open Source Security Game with WhiteSource here

WS-2019-0019 (Medium) detected in braces-1.8.5.tgz, braces-0.1.5.tgz

WS-2019-0019 - Medium Severity Vulnerability

Vulnerable Libraries - braces-1.8.5.tgz, braces-0.1.5.tgz

braces-1.8.5.tgz

Fastest brace expansion for node.js, with the most complete support for the Bash 4.3 braces specification.

Library home page: https://registry.npmjs.org/braces/-/braces-1.8.5.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /tmp/git/iassignments/node_modules/karma/node_modules/braces/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- chokidar-1.7.0.tgz
  - anymatch-1.3.2.tgz
    - micromatch-2.3.11.tgz
      - ❌ braces-1.8.5.tgz (Vulnerable Library)

braces-0.1.5.tgz

Fastest brace expansion lib. Typically used with file paths, but can be used with any string. Expands comma-separated values (e.g. `foo/{a,b,c}/bar`) and alphabetical or numerical ranges (e.g. `{1..9}`)

Library home page: https://registry.npmjs.org/braces/-/braces-0.1.5.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /tmp/git/iassignments/node_modules/expand-braces/node_modules/braces/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- expand-braces-0.1.2.tgz
  - ❌ braces-0.1.5.tgz (Vulnerable Library)

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Vulnerability Details

Version of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.

Publish Date: 2019-03-25

URL: WS-2019-0019

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/786

Release Date: 2019-02-21

Fix Resolution: 2.3.1

Step up your Open Source Security Game with WhiteSource here

CVE-2019-1010266 (Medium) detected in lodash-3.10.1.tgz

CVE-2019-1010266 - Medium Severity Vulnerability

Vulnerable Library - lodash-3.10.1.tgz

The modern build of lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /tmp/git/iassignments/node_modules/karma/node_modules/lodash/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- ❌ lodash-3.10.1.tgz (Vulnerable Library)

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Vulnerability Details

lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.

Publish Date: 2019-07-17

URL: CVE-2019-1010266

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010266

Release Date: 2019-07-17

Fix Resolution: 4.17.11

Step up your Open Source Security Game with WhiteSource here

Add support for level selection of organisation unit to assign

Include dataset count on data assignment

CVE-2018-11694 (High) detected in opennms-opennms-source-23.0.0-1

CVE-2018-11694 - High Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Library Source Files (62)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/iassignments/node_modules/node-sass/src/libsass/src/expand.hpp
/iassignments/node_modules/node-sass/src/libsass/src/expand.cpp
/iassignments/node_modules/node-sass/src/sass_types/factory.cpp
/iassignments/node_modules/node-sass/src/sass_types/boolean.cpp
/iassignments/node_modules/node-sass/src/libsass/src/util.hpp
/iassignments/node_modules/node-sass/src/sass_types/value.h
/iassignments/node_modules/node-sass/src/libsass/src/emitter.hpp
/iassignments/node_modules/node-sass/src/callback_bridge.h
/iassignments/node_modules/node-sass/src/libsass/src/file.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass.cpp
/iassignments/node_modules/node-sass/src/libsass/src/operation.hpp
/iassignments/node_modules/node-sass/src/libsass/src/operators.hpp
/iassignments/node_modules/node-sass/src/libsass/src/constants.hpp
/iassignments/node_modules/node-sass/src/libsass/src/error_handling.hpp
/iassignments/node_modules/node-sass/src/custom_importer_bridge.cpp
/iassignments/node_modules/node-sass/src/libsass/src/parser.hpp
/iassignments/node_modules/node-sass/src/libsass/src/constants.cpp
/iassignments/node_modules/node-sass/src/sass_types/list.cpp
/iassignments/node_modules/node-sass/src/libsass/src/cssize.cpp
/iassignments/node_modules/node-sass/src/libsass/src/functions.hpp
/iassignments/node_modules/node-sass/src/libsass/src/util.cpp
/iassignments/node_modules/node-sass/src/custom_function_bridge.cpp
/iassignments/node_modules/node-sass/src/custom_importer_bridge.h
/iassignments/node_modules/node-sass/src/libsass/src/bind.cpp
/iassignments/node_modules/node-sass/src/libsass/src/eval.hpp
/iassignments/node_modules/node-sass/src/libsass/src/backtrace.cpp
/iassignments/node_modules/node-sass/src/libsass/src/extend.cpp
/iassignments/node_modules/node-sass/src/sass_context_wrapper.h
/iassignments/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/iassignments/node_modules/node-sass/src/libsass/src/error_handling.cpp
/iassignments/node_modules/node-sass/src/libsass/src/debugger.hpp
/iassignments/node_modules/node-sass/src/libsass/src/emitter.cpp
/iassignments/node_modules/node-sass/src/sass_types/number.cpp
/iassignments/node_modules/node-sass/src/sass_types/color.h
/iassignments/node_modules/node-sass/src/libsass/src/sass_values.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast.hpp
/iassignments/node_modules/node-sass/src/libsass/src/output.cpp
/iassignments/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/iassignments/node_modules/node-sass/src/sass_types/null.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/iassignments/node_modules/node-sass/src/libsass/src/functions.cpp
/iassignments/node_modules/node-sass/src/libsass/src/cssize.hpp
/iassignments/node_modules/node-sass/src/libsass/src/prelexer.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_c.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_value.hpp
/iassignments/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/iassignments/node_modules/node-sass/src/libsass/src/inspect.hpp
/iassignments/node_modules/node-sass/src/sass_types/color.cpp
/iassignments/node_modules/node-sass/src/libsass/src/values.cpp
/iassignments/node_modules/node-sass/src/sass_context_wrapper.cpp
/iassignments/node_modules/node-sass/src/sass_types/list.h
/iassignments/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/iassignments/node_modules/node-sass/src/sass_types/map.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_value.cpp
/iassignments/node_modules/node-sass/src/libsass/src/context.cpp
/iassignments/node_modules/node-sass/src/sass_types/string.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass_context.cpp
/iassignments/node_modules/node-sass/src/libsass/src/prelexer.hpp
/iassignments/node_modules/node-sass/src/libsass/src/context.hpp
/iassignments/node_modules/node-sass/src/sass_types/boolean.h
/iassignments/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11694

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11694

Release Date: 2018-06-04

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19839 (Medium) detected in CSS::Sass-v3.6.0

CVE-2018-19839 - Medium Severity Vulnerability

Vulnerable Library - CSS::Sassv3.6.0

Library home page: https://metacpan.org/pod/CSS::Sass

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Library Source Files (63)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/iassignments/node_modules/node-sass/src/libsass/src/color_maps.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass_util.hpp
/iassignments/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/iassignments/node_modules/node-sass/src/libsass/src/output.hpp
/iassignments/node_modules/node-sass/src/libsass/src/b64/cencode.h
/iassignments/node_modules/node-sass/src/libsass/src/source_map.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass_values.hpp
/iassignments/node_modules/node-sass/src/libsass/src/lexer.cpp
/iassignments/node_modules/node-sass/src/libsass/src/utf8.h
/iassignments/node_modules/node-sass/src/libsass/test/test_node.cpp
/iassignments/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/iassignments/node_modules/node-sass/src/libsass/src/plugins.cpp
/iassignments/node_modules/node-sass/src/libsass/src/node.hpp
/iassignments/node_modules/node-sass/src/libsass/include/sass/base.h
/iassignments/node_modules/node-sass/src/libsass/src/json.hpp
/iassignments/node_modules/node-sass/src/libsass/src/environment.cpp
/iassignments/node_modules/node-sass/src/libsass/src/position.hpp
/iassignments/node_modules/node-sass/src/libsass/src/extend.hpp
/iassignments/node_modules/node-sass/src/libsass/src/subset_map.hpp
/iassignments/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass_context.hpp
/iassignments/node_modules/node-sass/src/libsass/src/sass.hpp
/iassignments/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/iassignments/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/iassignments/node_modules/node-sass/src/libsass/src/utf8/core.h
/iassignments/node_modules/node-sass/src/libsass/include/sass/functions.h
/iassignments/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/iassignments/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/iassignments/node_modules/node-sass/src/libsass/src/node.cpp
/iassignments/node_modules/node-sass/src/libsass/src/cencode.c
/iassignments/node_modules/node-sass/src/libsass/src/subset_map.cpp
/iassignments/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/iassignments/node_modules/node-sass/src/libsass/src/listize.cpp
/iassignments/node_modules/node-sass/src/libsass/src/c99func.c
/iassignments/node_modules/node-sass/src/libsass/src/position.cpp
/iassignments/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/iassignments/node_modules/node-sass/src/libsass/include/sass/values.h
/iassignments/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/iassignments/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/iassignments/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/iassignments/node_modules/node-sass/src/libsass/src/paths.hpp
/iassignments/node_modules/node-sass/src/libsass/include/sass/context.h
/iassignments/node_modules/node-sass/src/libsass/src/color_maps.hpp
/iassignments/node_modules/node-sass/src/libsass/test/test_unification.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass_util.cpp
/iassignments/node_modules/node-sass/src/libsass/script/test-leaks.pl
/iassignments/node_modules/node-sass/src/libsass/src/source_map.hpp
/iassignments/node_modules/node-sass/src/libsass/src/lexer.hpp
/iassignments/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/iassignments/node_modules/node-sass/src/libsass/src/json.cpp
/iassignments/node_modules/node-sass/src/libsass/src/units.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_c.hpp
/iassignments/node_modules/node-sass/src/libsass/src/units.hpp
/iassignments/node_modules/node-sass/src/libsass/src/b64/encode.h
/iassignments/node_modules/node-sass/src/libsass/src/file.hpp
/iassignments/node_modules/node-sass/src/libsass/src/environment.hpp
/iassignments/node_modules/node-sass/src/libsass/src/utf8/checked.h
/iassignments/node_modules/node-sass/src/libsass/src/plugins.hpp
/iassignments/node_modules/node-sass/src/libsass/src/listize.hpp
/iassignments/node_modules/node-sass/src/libsass/src/debug.hpp
/iassignments/node_modules/node-sass/src/libsass/include/sass2scss.h

Vulnerability Details

In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.

Publish Date: 2018-12-04

URL: CVE-2018-19839

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19839

Fix Resolution: 3.5.5

Step up your Open Source Security Game with WhiteSource here

Selecting org unit level put level name in the assignment list instead of orgunits for that level

Current Behavior
Assignment list is showing this

WHEN selection is this

Expected Behavior

Step to replicate

Open organisation unit selection
Choose org unit level options the select any level
Make sure there is any org unit selected then update to see results

CVE-2018-16487 (High) detected in lodash-3.10.1.tgz

CVE-2018-16487 - High Severity Vulnerability

Vulnerable Library - lodash-3.10.1.tgz

The modern build of lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /tmp/git/iassignments/node_modules/karma/node_modules/lodash/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- ❌ lodash-3.10.1.tgz (Vulnerable Library)

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Vulnerability Details

A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.

Publish Date: 2019-02-01

URL: CVE-2018-16487

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16487

Release Date: 2019-02-01

Fix Resolution: 4.17.11

Step up your Open Source Security Game with WhiteSource here

CVE-2018-14041 (Medium) detected in bootstrap-4.0.0-beta.2.tgz

CVE-2018-14041 - Medium Severity Vulnerability

Vulnerable Library - bootstrap-4.0.0-beta.2.tgz

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://registry.npmjs.org/bootstrap/-/bootstrap-4.0.0-beta.2.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /iassignments/node_modules/bootstrap/package.json

Dependency Hierarchy:

❌ bootstrap-4.0.0-beta.2.tgz (Vulnerable Library)

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.

Publish Date: 2018-07-13

URL: CVE-2018-14041

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14041

Release Date: 2019-06-12

Fix Resolution: 4.1.2

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11695 (High) detected in opennms-opennms-source-23.0.0-1

CVE-2018-11695 - High Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Library Source Files (62)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/iassignments/node_modules/node-sass/src/libsass/src/expand.hpp
/iassignments/node_modules/node-sass/src/libsass/src/expand.cpp
/iassignments/node_modules/node-sass/src/sass_types/factory.cpp
/iassignments/node_modules/node-sass/src/sass_types/boolean.cpp
/iassignments/node_modules/node-sass/src/libsass/src/util.hpp
/iassignments/node_modules/node-sass/src/sass_types/value.h
/iassignments/node_modules/node-sass/src/libsass/src/emitter.hpp
/iassignments/node_modules/node-sass/src/callback_bridge.h
/iassignments/node_modules/node-sass/src/libsass/src/file.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass.cpp
/iassignments/node_modules/node-sass/src/libsass/src/operation.hpp
/iassignments/node_modules/node-sass/src/libsass/src/operators.hpp
/iassignments/node_modules/node-sass/src/libsass/src/constants.hpp
/iassignments/node_modules/node-sass/src/libsass/src/error_handling.hpp
/iassignments/node_modules/node-sass/src/custom_importer_bridge.cpp
/iassignments/node_modules/node-sass/src/libsass/src/parser.hpp
/iassignments/node_modules/node-sass/src/libsass/src/constants.cpp
/iassignments/node_modules/node-sass/src/sass_types/list.cpp
/iassignments/node_modules/node-sass/src/libsass/src/cssize.cpp
/iassignments/node_modules/node-sass/src/libsass/src/functions.hpp
/iassignments/node_modules/node-sass/src/libsass/src/util.cpp
/iassignments/node_modules/node-sass/src/custom_function_bridge.cpp
/iassignments/node_modules/node-sass/src/custom_importer_bridge.h
/iassignments/node_modules/node-sass/src/libsass/src/bind.cpp
/iassignments/node_modules/node-sass/src/libsass/src/eval.hpp
/iassignments/node_modules/node-sass/src/libsass/src/backtrace.cpp
/iassignments/node_modules/node-sass/src/libsass/src/extend.cpp
/iassignments/node_modules/node-sass/src/sass_context_wrapper.h
/iassignments/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/iassignments/node_modules/node-sass/src/libsass/src/error_handling.cpp
/iassignments/node_modules/node-sass/src/libsass/src/debugger.hpp
/iassignments/node_modules/node-sass/src/libsass/src/emitter.cpp
/iassignments/node_modules/node-sass/src/sass_types/number.cpp
/iassignments/node_modules/node-sass/src/sass_types/color.h
/iassignments/node_modules/node-sass/src/libsass/src/sass_values.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast.hpp
/iassignments/node_modules/node-sass/src/libsass/src/output.cpp
/iassignments/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/iassignments/node_modules/node-sass/src/sass_types/null.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/iassignments/node_modules/node-sass/src/libsass/src/functions.cpp
/iassignments/node_modules/node-sass/src/libsass/src/cssize.hpp
/iassignments/node_modules/node-sass/src/libsass/src/prelexer.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_c.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_value.hpp
/iassignments/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/iassignments/node_modules/node-sass/src/libsass/src/inspect.hpp
/iassignments/node_modules/node-sass/src/sass_types/color.cpp
/iassignments/node_modules/node-sass/src/libsass/src/values.cpp
/iassignments/node_modules/node-sass/src/sass_context_wrapper.cpp
/iassignments/node_modules/node-sass/src/sass_types/list.h
/iassignments/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/iassignments/node_modules/node-sass/src/sass_types/map.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_value.cpp
/iassignments/node_modules/node-sass/src/libsass/src/context.cpp
/iassignments/node_modules/node-sass/src/sass_types/string.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass_context.cpp
/iassignments/node_modules/node-sass/src/libsass/src/prelexer.hpp
/iassignments/node_modules/node-sass/src/libsass/src/context.hpp
/iassignments/node_modules/node-sass/src/sass_types/boolean.h
/iassignments/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11695

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11695

Release Date: 2018-06-04

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6284 (Medium) detected in opennms-opennms-source-23.0.0-1

CVE-2019-6284 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Library Source Files (62)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/iassignments/node_modules/node-sass/src/libsass/src/expand.hpp
/iassignments/node_modules/node-sass/src/libsass/src/expand.cpp
/iassignments/node_modules/node-sass/src/sass_types/factory.cpp
/iassignments/node_modules/node-sass/src/sass_types/boolean.cpp
/iassignments/node_modules/node-sass/src/libsass/src/util.hpp
/iassignments/node_modules/node-sass/src/sass_types/value.h
/iassignments/node_modules/node-sass/src/libsass/src/emitter.hpp
/iassignments/node_modules/node-sass/src/callback_bridge.h
/iassignments/node_modules/node-sass/src/libsass/src/file.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass.cpp
/iassignments/node_modules/node-sass/src/libsass/src/operation.hpp
/iassignments/node_modules/node-sass/src/libsass/src/operators.hpp
/iassignments/node_modules/node-sass/src/libsass/src/constants.hpp
/iassignments/node_modules/node-sass/src/libsass/src/error_handling.hpp
/iassignments/node_modules/node-sass/src/custom_importer_bridge.cpp
/iassignments/node_modules/node-sass/src/libsass/src/parser.hpp
/iassignments/node_modules/node-sass/src/libsass/src/constants.cpp
/iassignments/node_modules/node-sass/src/sass_types/list.cpp
/iassignments/node_modules/node-sass/src/libsass/src/cssize.cpp
/iassignments/node_modules/node-sass/src/libsass/src/functions.hpp
/iassignments/node_modules/node-sass/src/libsass/src/util.cpp
/iassignments/node_modules/node-sass/src/custom_function_bridge.cpp
/iassignments/node_modules/node-sass/src/custom_importer_bridge.h
/iassignments/node_modules/node-sass/src/libsass/src/bind.cpp
/iassignments/node_modules/node-sass/src/libsass/src/eval.hpp
/iassignments/node_modules/node-sass/src/libsass/src/backtrace.cpp
/iassignments/node_modules/node-sass/src/libsass/src/extend.cpp
/iassignments/node_modules/node-sass/src/sass_context_wrapper.h
/iassignments/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/iassignments/node_modules/node-sass/src/libsass/src/error_handling.cpp
/iassignments/node_modules/node-sass/src/libsass/src/debugger.hpp
/iassignments/node_modules/node-sass/src/libsass/src/emitter.cpp
/iassignments/node_modules/node-sass/src/sass_types/number.cpp
/iassignments/node_modules/node-sass/src/sass_types/color.h
/iassignments/node_modules/node-sass/src/libsass/src/sass_values.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast.hpp
/iassignments/node_modules/node-sass/src/libsass/src/output.cpp
/iassignments/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/iassignments/node_modules/node-sass/src/sass_types/null.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/iassignments/node_modules/node-sass/src/libsass/src/functions.cpp
/iassignments/node_modules/node-sass/src/libsass/src/cssize.hpp
/iassignments/node_modules/node-sass/src/libsass/src/prelexer.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_c.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_value.hpp
/iassignments/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/iassignments/node_modules/node-sass/src/libsass/src/inspect.hpp
/iassignments/node_modules/node-sass/src/sass_types/color.cpp
/iassignments/node_modules/node-sass/src/libsass/src/values.cpp
/iassignments/node_modules/node-sass/src/sass_context_wrapper.cpp
/iassignments/node_modules/node-sass/src/sass_types/list.h
/iassignments/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/iassignments/node_modules/node-sass/src/sass_types/map.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_value.cpp
/iassignments/node_modules/node-sass/src/libsass/src/context.cpp
/iassignments/node_modules/node-sass/src/sass_types/string.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass_context.cpp
/iassignments/node_modules/node-sass/src/libsass/src/prelexer.hpp
/iassignments/node_modules/node-sass/src/libsass/src/context.hpp
/iassignments/node_modules/node-sass/src/sass_types/boolean.h
/iassignments/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6284

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6284

Release Date: 2019-08-06

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11698 (High) detected in opennms-opennms-source-23.0.0-1

CVE-2018-11698 - High Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Library Source Files (62)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/iassignments/node_modules/node-sass/src/libsass/src/expand.hpp
/iassignments/node_modules/node-sass/src/libsass/src/expand.cpp
/iassignments/node_modules/node-sass/src/sass_types/factory.cpp
/iassignments/node_modules/node-sass/src/sass_types/boolean.cpp
/iassignments/node_modules/node-sass/src/libsass/src/util.hpp
/iassignments/node_modules/node-sass/src/sass_types/value.h
/iassignments/node_modules/node-sass/src/libsass/src/emitter.hpp
/iassignments/node_modules/node-sass/src/callback_bridge.h
/iassignments/node_modules/node-sass/src/libsass/src/file.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass.cpp
/iassignments/node_modules/node-sass/src/libsass/src/operation.hpp
/iassignments/node_modules/node-sass/src/libsass/src/operators.hpp
/iassignments/node_modules/node-sass/src/libsass/src/constants.hpp
/iassignments/node_modules/node-sass/src/libsass/src/error_handling.hpp
/iassignments/node_modules/node-sass/src/custom_importer_bridge.cpp
/iassignments/node_modules/node-sass/src/libsass/src/parser.hpp
/iassignments/node_modules/node-sass/src/libsass/src/constants.cpp
/iassignments/node_modules/node-sass/src/sass_types/list.cpp
/iassignments/node_modules/node-sass/src/libsass/src/cssize.cpp
/iassignments/node_modules/node-sass/src/libsass/src/functions.hpp
/iassignments/node_modules/node-sass/src/libsass/src/util.cpp
/iassignments/node_modules/node-sass/src/custom_function_bridge.cpp
/iassignments/node_modules/node-sass/src/custom_importer_bridge.h
/iassignments/node_modules/node-sass/src/libsass/src/bind.cpp
/iassignments/node_modules/node-sass/src/libsass/src/eval.hpp
/iassignments/node_modules/node-sass/src/libsass/src/backtrace.cpp
/iassignments/node_modules/node-sass/src/libsass/src/extend.cpp
/iassignments/node_modules/node-sass/src/sass_context_wrapper.h
/iassignments/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/iassignments/node_modules/node-sass/src/libsass/src/error_handling.cpp
/iassignments/node_modules/node-sass/src/libsass/src/debugger.hpp
/iassignments/node_modules/node-sass/src/libsass/src/emitter.cpp
/iassignments/node_modules/node-sass/src/sass_types/number.cpp
/iassignments/node_modules/node-sass/src/sass_types/color.h
/iassignments/node_modules/node-sass/src/libsass/src/sass_values.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast.hpp
/iassignments/node_modules/node-sass/src/libsass/src/output.cpp
/iassignments/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/iassignments/node_modules/node-sass/src/sass_types/null.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/iassignments/node_modules/node-sass/src/libsass/src/functions.cpp
/iassignments/node_modules/node-sass/src/libsass/src/cssize.hpp
/iassignments/node_modules/node-sass/src/libsass/src/prelexer.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_c.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_value.hpp
/iassignments/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/iassignments/node_modules/node-sass/src/libsass/src/inspect.hpp
/iassignments/node_modules/node-sass/src/sass_types/color.cpp
/iassignments/node_modules/node-sass/src/libsass/src/values.cpp
/iassignments/node_modules/node-sass/src/sass_context_wrapper.cpp
/iassignments/node_modules/node-sass/src/sass_types/list.h
/iassignments/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/iassignments/node_modules/node-sass/src/sass_types/map.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_value.cpp
/iassignments/node_modules/node-sass/src/libsass/src/context.cpp
/iassignments/node_modules/node-sass/src/sass_types/string.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass_context.cpp
/iassignments/node_modules/node-sass/src/libsass/src/prelexer.hpp
/iassignments/node_modules/node-sass/src/libsass/src/context.hpp
/iassignments/node_modules/node-sass/src/sass_types/boolean.h
/iassignments/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11698

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11698

Release Date: 2019-08-06

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19797 (Medium) detected in opennms-opennms-source-23.0.0-1, CSS::Sass-v3.6.0

CVE-2018-19797 - Medium Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-03

URL: CVE-2018-19797

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19797

Release Date: 2019-09-01

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20821 (Medium) detected in opennms-opennms-source-23.0.0-1, node-sass-v4.11.0

CVE-2018-20821 - Medium Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20821

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20821

Release Date: 2019-04-23

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

WS-2019-0064 (High) detected in handlebars-4.0.12.tgz

WS-2019-0064 - High Severity Vulnerability

Vulnerable Library - handlebars-4.0.12.tgz

Handlebars provides the power necessary to let you build semantic templates effectively with no frustration

Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.0.12.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /tmp/git/iassignments/node_modules/handlebars/package.json

Dependency Hierarchy:

build-angular-0.6.8.tgz (Root Library)
- istanbul-0.4.5.tgz
  - ❌ handlebars-4.0.12.tgz (Vulnerable Library)

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Vulnerability Details

Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.

Publish Date: 2019-04-30

URL: WS-2019-0064

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/755/versions

Release Date: 2019-04-30

Fix Resolution: 1.0.6-2,4.0.14,4.1.2

Step up your Open Source Security Game with WhiteSource here

CVE-2018-3721 (Medium) detected in lodash-3.10.1.tgz

CVE-2018-3721 - Medium Severity Vulnerability

Vulnerable Library - lodash-3.10.1.tgz

The modern build of lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /tmp/git/iassignments/node_modules/karma/node_modules/lodash/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- ❌ lodash-3.10.1.tgz (Vulnerable Library)

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Vulnerability Details

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.

Publish Date: 2018-06-07

URL: CVE-2018-3721

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-3721

Release Date: 2018-06-07

Fix Resolution: 4.17.5

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6283 (Medium) detected in opennms-opennms-source-23.0.0-1

CVE-2019-6283 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Library Source Files (62)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/iassignments/node_modules/node-sass/src/libsass/src/expand.hpp
/iassignments/node_modules/node-sass/src/libsass/src/expand.cpp
/iassignments/node_modules/node-sass/src/sass_types/factory.cpp
/iassignments/node_modules/node-sass/src/sass_types/boolean.cpp
/iassignments/node_modules/node-sass/src/libsass/src/util.hpp
/iassignments/node_modules/node-sass/src/sass_types/value.h
/iassignments/node_modules/node-sass/src/libsass/src/emitter.hpp
/iassignments/node_modules/node-sass/src/callback_bridge.h
/iassignments/node_modules/node-sass/src/libsass/src/file.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass.cpp
/iassignments/node_modules/node-sass/src/libsass/src/operation.hpp
/iassignments/node_modules/node-sass/src/libsass/src/operators.hpp
/iassignments/node_modules/node-sass/src/libsass/src/constants.hpp
/iassignments/node_modules/node-sass/src/libsass/src/error_handling.hpp
/iassignments/node_modules/node-sass/src/custom_importer_bridge.cpp
/iassignments/node_modules/node-sass/src/libsass/src/parser.hpp
/iassignments/node_modules/node-sass/src/libsass/src/constants.cpp
/iassignments/node_modules/node-sass/src/sass_types/list.cpp
/iassignments/node_modules/node-sass/src/libsass/src/cssize.cpp
/iassignments/node_modules/node-sass/src/libsass/src/functions.hpp
/iassignments/node_modules/node-sass/src/libsass/src/util.cpp
/iassignments/node_modules/node-sass/src/custom_function_bridge.cpp
/iassignments/node_modules/node-sass/src/custom_importer_bridge.h
/iassignments/node_modules/node-sass/src/libsass/src/bind.cpp
/iassignments/node_modules/node-sass/src/libsass/src/eval.hpp
/iassignments/node_modules/node-sass/src/libsass/src/backtrace.cpp
/iassignments/node_modules/node-sass/src/libsass/src/extend.cpp
/iassignments/node_modules/node-sass/src/sass_context_wrapper.h
/iassignments/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/iassignments/node_modules/node-sass/src/libsass/src/error_handling.cpp
/iassignments/node_modules/node-sass/src/libsass/src/debugger.hpp
/iassignments/node_modules/node-sass/src/libsass/src/emitter.cpp
/iassignments/node_modules/node-sass/src/sass_types/number.cpp
/iassignments/node_modules/node-sass/src/sass_types/color.h
/iassignments/node_modules/node-sass/src/libsass/src/sass_values.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast.hpp
/iassignments/node_modules/node-sass/src/libsass/src/output.cpp
/iassignments/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/iassignments/node_modules/node-sass/src/sass_types/null.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/iassignments/node_modules/node-sass/src/libsass/src/functions.cpp
/iassignments/node_modules/node-sass/src/libsass/src/cssize.hpp
/iassignments/node_modules/node-sass/src/libsass/src/prelexer.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_c.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_value.hpp
/iassignments/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/iassignments/node_modules/node-sass/src/libsass/src/inspect.hpp
/iassignments/node_modules/node-sass/src/sass_types/color.cpp
/iassignments/node_modules/node-sass/src/libsass/src/values.cpp
/iassignments/node_modules/node-sass/src/sass_context_wrapper.cpp
/iassignments/node_modules/node-sass/src/sass_types/list.h
/iassignments/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/iassignments/node_modules/node-sass/src/sass_types/map.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_value.cpp
/iassignments/node_modules/node-sass/src/libsass/src/context.cpp
/iassignments/node_modules/node-sass/src/sass_types/string.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass_context.cpp
/iassignments/node_modules/node-sass/src/libsass/src/prelexer.hpp
/iassignments/node_modules/node-sass/src/libsass/src/context.hpp
/iassignments/node_modules/node-sass/src/sass_types/boolean.h
/iassignments/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6283

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6284

Release Date: 2019-08-06

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

Remove additional row that appears on organisation unit level or group selection

Action required: Greenkeeper could not be activated 🚨

🚨 You need to enable Continuous Integration on Greenkeeper branches of this repository. 🚨

To enable Greenkeeper, you need to make sure that a commit status is reported on all branches. This is required by Greenkeeper because it uses your CI build statuses to figure out when to notify you about breaking changes.

Since we didn’t receive a CI status on the greenkeeper/initial branch, it’s possible that you don’t have CI set up yet. We recommend using Travis CI, but Greenkeeper will work with every other CI service as well.

If you have already set up a CI for this repository, you might need to check how it’s configured. Make sure it is set to run on all new branches. If you don’t want it to run on absolutely every branch, you can whitelist branches starting with greenkeeper/.

Once you have installed and configured CI on this repository correctly, you’ll need to re-trigger Greenkeeper’s initial pull request. To do this, please click the 'fix repo' button on account.greenkeeper.io.

CVE-2019-11358 (Medium) detected in jquery-3.3.1.tgz

CVE-2019-11358 - Medium Severity Vulnerability

Vulnerable Library - jquery-3.3.1.tgz

JavaScript library for DOM operations

Library home page: https://registry.npmjs.org/jquery/-/jquery-3.3.1.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /iassignments/node_modules/jquery/package.json

Dependency Hierarchy:

❌ jquery-3.3.1.tgz (Vulnerable Library)

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-20

URL: CVE-2019-11358

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: jquery/jquery@753d591

Release Date: 2019-03-25

Fix Resolution: Replace or update the following files: core.js, core.js

Step up your Open Source Security Game with WhiteSource here

Add notifications on background activities on performed by the app

CVE-2019-10744 (High) detected in lodash-3.10.1.tgz, lodash-4.17.11.tgz

CVE-2019-10744 - High Severity Vulnerability

Vulnerable Libraries - lodash-3.10.1.tgz, lodash-4.17.11.tgz

lodash-3.10.1.tgz

The modern build of lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /tmp/git/iassignments/node_modules/karma/node_modules/lodash/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- ❌ lodash-3.10.1.tgz (Vulnerable Library)

lodash-4.17.11.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /iassignments/node_modules/lodash/package.json

Dependency Hierarchy:

❌ lodash-4.17.11.tgz (Vulnerable Library)

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Vulnerability Details

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

Publish Date: 2019-07-26

URL: CVE-2019-10744

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: lodash/lodash@a01e4fa

Release Date: 2019-07-08

Fix Resolution: 4.17.12

Step up your Open Source Security Game with WhiteSource here

Add support for facilities included under organisation unit group selection

Listing counts of assigned data sets and programs for organisation units

Is your feature request related to a problem? Please describe.
As a user, I want to be able to see counts of assigned datasets and programs for the organisation unit

Describe the solution you'd like
user should be able to see counts of assigned data sets and programs in next column after the organisation unit list

CVE-2017-16113 (High) detected in parsejson-0.0.3.tgz

CVE-2017-16113 - High Severity Vulnerability

Vulnerable Library - parsejson-0.0.3.tgz

Method that parses a JSON string and returns a JSON object

Library home page: https://registry.npmjs.org/parsejson/-/parsejson-0.0.3.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /tmp/git/iassignments/node_modules/parsejson/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- socket.io-1.7.3.tgz
  - socket.io-client-1.7.3.tgz
    - engine.io-client-1.8.3.tgz
      - ❌ parsejson-0.0.3.tgz (Vulnerable Library)

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Vulnerability Details

The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.

Publish Date: 2018-06-07

URL: CVE-2017-16113

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Reduced application size

CVE-2018-20822 (Medium) detected in opennms-opennms-source-23.0.0-1

CVE-2018-20822 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-23.0.0-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Library Source Files (62)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/iassignments/node_modules/node-sass/src/libsass/src/expand.hpp
/iassignments/node_modules/node-sass/src/libsass/src/expand.cpp
/iassignments/node_modules/node-sass/src/sass_types/factory.cpp
/iassignments/node_modules/node-sass/src/sass_types/boolean.cpp
/iassignments/node_modules/node-sass/src/libsass/src/util.hpp
/iassignments/node_modules/node-sass/src/sass_types/value.h
/iassignments/node_modules/node-sass/src/libsass/src/emitter.hpp
/iassignments/node_modules/node-sass/src/callback_bridge.h
/iassignments/node_modules/node-sass/src/libsass/src/file.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass.cpp
/iassignments/node_modules/node-sass/src/libsass/src/operation.hpp
/iassignments/node_modules/node-sass/src/libsass/src/operators.hpp
/iassignments/node_modules/node-sass/src/libsass/src/constants.hpp
/iassignments/node_modules/node-sass/src/libsass/src/error_handling.hpp
/iassignments/node_modules/node-sass/src/custom_importer_bridge.cpp
/iassignments/node_modules/node-sass/src/libsass/src/parser.hpp
/iassignments/node_modules/node-sass/src/libsass/src/constants.cpp
/iassignments/node_modules/node-sass/src/sass_types/list.cpp
/iassignments/node_modules/node-sass/src/libsass/src/cssize.cpp
/iassignments/node_modules/node-sass/src/libsass/src/functions.hpp
/iassignments/node_modules/node-sass/src/libsass/src/util.cpp
/iassignments/node_modules/node-sass/src/custom_function_bridge.cpp
/iassignments/node_modules/node-sass/src/custom_importer_bridge.h
/iassignments/node_modules/node-sass/src/libsass/src/bind.cpp
/iassignments/node_modules/node-sass/src/libsass/src/eval.hpp
/iassignments/node_modules/node-sass/src/libsass/src/backtrace.cpp
/iassignments/node_modules/node-sass/src/libsass/src/extend.cpp
/iassignments/node_modules/node-sass/src/sass_context_wrapper.h
/iassignments/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/iassignments/node_modules/node-sass/src/libsass/src/error_handling.cpp
/iassignments/node_modules/node-sass/src/libsass/src/debugger.hpp
/iassignments/node_modules/node-sass/src/libsass/src/emitter.cpp
/iassignments/node_modules/node-sass/src/sass_types/number.cpp
/iassignments/node_modules/node-sass/src/sass_types/color.h
/iassignments/node_modules/node-sass/src/libsass/src/sass_values.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast.hpp
/iassignments/node_modules/node-sass/src/libsass/src/output.cpp
/iassignments/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/iassignments/node_modules/node-sass/src/sass_types/null.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/iassignments/node_modules/node-sass/src/libsass/src/functions.cpp
/iassignments/node_modules/node-sass/src/libsass/src/cssize.hpp
/iassignments/node_modules/node-sass/src/libsass/src/prelexer.cpp
/iassignments/node_modules/node-sass/src/libsass/src/ast.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_c.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_value.hpp
/iassignments/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/iassignments/node_modules/node-sass/src/libsass/src/inspect.hpp
/iassignments/node_modules/node-sass/src/sass_types/color.cpp
/iassignments/node_modules/node-sass/src/libsass/src/values.cpp
/iassignments/node_modules/node-sass/src/sass_context_wrapper.cpp
/iassignments/node_modules/node-sass/src/sass_types/list.h
/iassignments/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/iassignments/node_modules/node-sass/src/sass_types/map.cpp
/iassignments/node_modules/node-sass/src/libsass/src/to_value.cpp
/iassignments/node_modules/node-sass/src/libsass/src/context.cpp
/iassignments/node_modules/node-sass/src/sass_types/string.cpp
/iassignments/node_modules/node-sass/src/libsass/src/sass_context.cpp
/iassignments/node_modules/node-sass/src/libsass/src/prelexer.hpp
/iassignments/node_modules/node-sass/src/libsass/src/context.hpp
/iassignments/node_modules/node-sass/src/sass_types/boolean.h
/iassignments/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20822

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20822

Release Date: 2019-08-06

Fix Resolution: 3.6.0

Step up your Open Source Security Game with WhiteSource here

WS-2017-0247 (Low) detected in ms-0.7.2.tgz, ms-0.7.1.tgz

WS-2017-0247 - Low Severity Vulnerability

Vulnerable Libraries - ms-0.7.2.tgz, ms-0.7.1.tgz

ms-0.7.2.tgz

Tiny milisecond conversion utility

Library home page: https://registry.npmjs.org/ms/-/ms-0.7.2.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /tmp/git/iassignments/node_modules/socket.io-client/node_modules/ms/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- socket.io-1.7.3.tgz
  - engine.io-1.8.3.tgz
    - debug-2.3.3.tgz
      - ❌ ms-0.7.2.tgz (Vulnerable Library)

ms-0.7.1.tgz

Tiny ms conversion utility

Library home page: https://registry.npmjs.org/ms/-/ms-0.7.1.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /tmp/git/iassignments/node_modules/socket.io-parser/node_modules/ms/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- socket.io-1.7.3.tgz
  - socket.io-parser-2.3.1.tgz
    - debug-2.2.0.tgz
      - ❌ ms-0.7.1.tgz (Vulnerable Library)

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Vulnerability Details

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS).

Publish Date: 2017-05-15

URL: WS-2017-0247

CVSS 2 Score Details (3.4)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: vercel/ms@305f2dd

Release Date: 2017-04-12

Fix Resolution: Replace or update the following file: index.js

Step up your Open Source Security Game with WhiteSource here

Enable assign all for a entire column at hover

CVE-2017-16137 (Medium) detected in debug-2.3.3.tgz, debug-2.2.0.tgz

CVE-2017-16137 - Medium Severity Vulnerability

Vulnerable Libraries - debug-2.3.3.tgz, debug-2.2.0.tgz

debug-2.3.3.tgz

small debugging utility

Library home page: https://registry.npmjs.org/debug/-/debug-2.3.3.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /tmp/git/iassignments/node_modules/socket.io/node_modules/debug/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- socket.io-1.7.3.tgz
  - engine.io-1.8.3.tgz
    - ❌ debug-2.3.3.tgz (Vulnerable Library)

debug-2.2.0.tgz

small debugging utility

Library home page: https://registry.npmjs.org/debug/-/debug-2.2.0.tgz

Path to dependency file: /iassignments/package.json

Path to vulnerable library: /tmp/git/iassignments/node_modules/socket.io-parser/node_modules/debug/package.json

Dependency Hierarchy:

karma-1.7.1.tgz (Root Library)
- socket.io-1.7.3.tgz
  - socket.io-parser-2.3.1.tgz
    - ❌ debug-2.2.0.tgz (Vulnerable Library)

Found in HEAD commit: 8fa6633fa4980bf3e3e94e029af88fb1ecbfd963

Vulnerability Details

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.

Publish Date: 2018-06-07

URL: CVE-2017-16137

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: debug-js/debug@42a6ae0

Release Date: 2017-09-21

Fix Resolution: Replace or update the following file: node.js

Step up your Open Source Security Game with WhiteSource here

udsm-dhis2-lab / iassignment Goto Github PK

iassignment's Introduction

Assignment App

Prerequisites

Installation

Development server

Build

Further help

iassignment's People

Contributors

Stargazers

Watchers

Forkers

iassignment's Issues

CVE-2018-19838 - Medium Severity Vulnerability

CVE-2018-11693 - High Severity Vulnerability

WS-2017-0421 - High Severity Vulnerability

CVE-2018-11697 - High Severity Vulnerability

WS-2019-0103 - Medium Severity Vulnerability

CVE-2018-19826 - Medium Severity Vulnerability

CVE-2018-20190 - Medium Severity Vulnerability

CVE-2018-19827 - High Severity Vulnerability

CVE-2018-14042 - Medium Severity Vulnerability

WS-2019-0032 - Medium Severity Vulnerability

CVE-2018-20834 - High Severity Vulnerability

CVE-2018-14040 - Medium Severity Vulnerability

CVE-2018-11499 - High Severity Vulnerability

CVE-2019-6286 - Medium Severity Vulnerability

WS-2019-0063 - High Severity Vulnerability

CVE-2018-1002204 - Medium Severity Vulnerability

WS-2019-0019 - Medium Severity Vulnerability

CVE-2019-1010266 - Medium Severity Vulnerability

CVE-2018-11694 - High Severity Vulnerability

CVE-2018-19839 - Medium Severity Vulnerability

CVE-2018-16487 - High Severity Vulnerability

CVE-2018-14041 - Medium Severity Vulnerability

CVE-2018-11695 - High Severity Vulnerability

CVE-2019-6284 - Medium Severity Vulnerability

CVE-2018-11698 - High Severity Vulnerability

CVE-2018-19797 - Medium Severity Vulnerability

CVE-2018-20821 - Medium Severity Vulnerability

WS-2019-0064 - High Severity Vulnerability

CVE-2018-3721 - Medium Severity Vulnerability

CVE-2019-6283 - Medium Severity Vulnerability

CVE-2019-11358 - Medium Severity Vulnerability

CVE-2019-10744 - High Severity Vulnerability

CVE-2017-16113 - High Severity Vulnerability

CVE-2018-20822 - Medium Severity Vulnerability

WS-2017-0247 - Low Severity Vulnerability

CVE-2017-16137 - Medium Severity Vulnerability

Recommend Projects

Recommend Topics

Recommend Org

Jobs