GithubHelp home page GithubHelp logo

codekin.tech's Introduction

☠️ archived

checkout my latest work here https://veritem.me

codekin

CI Tests

My Porgramming garden on the internet

Maintainers

Licence

This Project is under MIT licence

codekin.tech's People

Contributors

dependabot[bot] avatar github-actions[bot] avatar hirwablessing avatar mend-bolt-for-github[bot] avatar renovate-bot avatar veritem avatar

Stargazers

avatar avatar

Forkers

hirwablessing ishgervais best-verie sauvejeanluc ntwari-egide

codekin.tech's Issues

CVE-2021-23382 (Medium) detected in postcss-6.0.23.tgz

CVE-2021-23382 - Medium Severity Vulnerability

Vulnerable Library - postcss-6.0.23.tgz

Tool for transforming styles with JS plugins

Library home page: https://registry.npmjs.org/postcss/-/postcss-6.0.23.tgz

Path to dependency file: codekin.tech/package.json

Path to vulnerable library: codekin.tech/node_modules/postcss-functions/node_modules/postcss/package.json

Dependency Hierarchy:

  • tailwindcss-2.1.4.tgz (Root Library)
    • postcss-functions-3.0.0.tgz
      • postcss-6.0.23.tgz (Vulnerable Library)

Found in HEAD commit: 97f904496220a079745bf198bb4cb1bcc34d59df

Found in base branch: main

Vulnerability Details

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /*\s* sourceMappingURL=(.*).

Publish Date: 2021-04-26

URL: CVE-2021-23382

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23382

Release Date: 2021-04-26

Fix Resolution: postcss - 8.2.13

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7753 (High) detected in trim-0.0.1.tgz

CVE-2020-7753 - High Severity Vulnerability

Vulnerable Library - trim-0.0.1.tgz

Trim string whitespace

Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz

Path to dependency file: codekin.tech/package.json

Path to vulnerable library: codekin.tech/node_modules/trim/package.json

Dependency Hierarchy:

  • loader-1.6.22.tgz (Root Library)
    • mdx-1.6.22.tgz
      • remark-parse-8.0.3.tgz
        • trim-0.0.1.tgz (Vulnerable Library)

Found in HEAD commit: 97f904496220a079745bf198bb4cb1bcc34d59df

Found in base branch: main

Vulnerability Details

All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().

Publish Date: 2020-10-27

URL: CVE-2020-7753

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: component/trim#8

Release Date: 2020-10-27

Fix Resolution: trim - 0.0.3

Step up your Open Source Security Game with WhiteSource here

CVE-2021-32723 (Medium) detected in prismjs-1.23.0.tgz

CVE-2021-32723 - Medium Severity Vulnerability

Vulnerable Library - prismjs-1.23.0.tgz

Lightweight, robust, elegant syntax highlighting. A spin-off project from Dabblet.

Library home page: https://registry.npmjs.org/prismjs/-/prismjs-1.23.0.tgz

Path to dependency file: codekin.tech/package.json

Path to vulnerable library: codekin.tech/node_modules/mdx-prism/node_modules/prismjs/package.json

Dependency Hierarchy:

  • mdx-prism-0.3.3.tgz (Root Library)
    • refractor-3.3.0.tgz
      • prismjs-1.23.0.tgz (Vulnerable Library)

Found in base branch: main

Vulnerability Details

Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight. This problem has been fixed in Prism v1.24. As a workaround, do not use ASCIIDoc or ERB to highlight untrusted text. Other languages are not affected and can be used to highlight untrusted text.

Publish Date: 2021-06-28

URL: CVE-2021-32723

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-gj77-59wh-66hg

Release Date: 2021-06-28

Fix Resolution: prismjs - 1.24.0

Step up your Open Source Security Game with WhiteSource here

CVE-2020-28469 (High) detected in glob-parent-2.0.0.tgz

CVE-2020-28469 - High Severity Vulnerability

Vulnerable Library - glob-parent-2.0.0.tgz

Strips glob magic from a string to provide the parent path

Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-2.0.0.tgz

Path to dependency file: codekin.tech/package.json

Path to vulnerable library: codekin.tech/node_modules/glob-base/node_modules/glob-parent/package.json

Dependency Hierarchy:

  • jit-0.1.18.tgz (Root Library)
    • parse-glob-3.0.4.tgz
      • glob-base-0.3.0.tgz
        • glob-parent-2.0.0.tgz (Vulnerable Library)

Found in HEAD commit: 97f904496220a079745bf198bb4cb1bcc34d59df

Found in base branch: main

Vulnerability Details

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.

Publish Date: 2021-06-03

URL: CVE-2020-28469

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28469

Release Date: 2021-06-03

Fix Resolution: glob-parent - 5.1.2

Step up your Open Source Security Game with WhiteSource here

WS-2021-0154 (Medium) detected in glob-parent-2.0.0.tgz

WS-2021-0154 - Medium Severity Vulnerability

Vulnerable Library - glob-parent-2.0.0.tgz

Strips glob magic from a string to provide the parent path

Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-2.0.0.tgz

Path to dependency file: codekin.tech/package.json

Path to vulnerable library: codekin.tech/node_modules/glob-base/node_modules/glob-parent/package.json

Dependency Hierarchy:

  • jit-0.1.18.tgz (Root Library)
    • parse-glob-3.0.4.tgz
      • glob-base-0.3.0.tgz
        • glob-parent-2.0.0.tgz (Vulnerable Library)

Found in HEAD commit: 97f904496220a079745bf198bb4cb1bcc34d59df

Found in base branch: main

Vulnerability Details

Regular Expression Denial of Service (ReDoS) vulnerability was found in glob-parent before 5.1.2.

Publish Date: 2021-01-27

URL: WS-2021-0154

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2

Release Date: 2021-01-27

Fix Resolution: glob-parent - 5.1.2

Step up your Open Source Security Game with WhiteSource here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.