Author: Bervianto Leo Pratama
Submission for Belajar Membuat Aplikasi Back-End untuk Pemula.
This repo to help you for learning. Don't try to submit this as is, stop plagiation!.
Submission for Belajar Membuat Aplikasi Back-End untuk Pemula.
Home Page: http://berviantoleo.github.io/SimpleBookselfAPI/
License: Mozilla Public License 2.0
Author: Bervianto Leo Pratama
Submission for Belajar Membuat Aplikasi Back-End untuk Pemula.
This repo to help you for learning. Don't try to submit this as is, stop plagiation!.
A markdown parser built for speed
Library home page: https://registry.npmjs.org/marked/-/marked-0.8.2.tgz
Path to dependency file: SimpleBookselfAPI/package.json
Path to vulnerable library: SimpleBookselfAPI/node_modules/marked/package.json
Dependency Hierarchy:
Found in HEAD commit: 13a5e9869b0f92b02f11da6b53cf7b30930268fe
Found in base branch: main
marked before 1.1.1 is vulnerable to Regular Expression Denial of Service (REDoS). rules.js have multiple unused capture groups which can lead to a Denial of Service.
Publish Date: 2020-07-02
URL: WS-2020-0163
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/markedjs/marked/releases/tag/v1.1.1
Release Date: 2020-07-02
Fix Resolution: marked - 1.1.1
Step up your Open Source Security Game with WhiteSource here
A markdown parser built for speed
Library home page: https://registry.npmjs.org/marked/-/marked-2.1.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/marked/package.json
Dependency Hierarchy:
Found in HEAD commit: 58fb7c8a100ae60cfe2ceda6b273cf2cee1952fa
Found in base branch: main
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def
may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.
Publish Date: 2022-01-14
URL: CVE-2022-21680
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-rrrm-qjm4-v8hf
Release Date: 2022-01-14
Fix Resolution (marked): 4.0.10
Direct dependency fix Resolution (typedoc): 0.22.11
Step up your Open Source Security Game with WhiteSource here
A markdown parser built for speed
Library home page: https://registry.npmjs.org/marked/-/marked-2.1.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/marked/package.json
Dependency Hierarchy:
Found in HEAD commit: 58fb7c8a100ae60cfe2ceda6b273cf2cee1952fa
Found in base branch: main
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch
may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.
Publish Date: 2022-01-14
URL: CVE-2022-21681
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-5v2h-r2cx-5xgj
Release Date: 2022-01-14
Fix Resolution (marked): 4.0.10
Direct dependency fix Resolution (typedoc): 0.22.11
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of kind-of:4.0.0 results in the following vulnerability(s):
Occurrences
kind-of:4.0.0 is a transitive dependency introduced by the following direct dependency(s):
• jest:26.6.3
└─ @jest/core:26.6.3
└─ jest-haste-map:26.6.2
└─ sane:4.1.0
└─ micromatch:3.1.10
└─ snapdragon:0.8.2
└─ base:0.11.2
└─ cache-base:1.0.1
└─ has-value:1.0.0
└─ has-values:1.0.0
└─ kind-of:4.0.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of kind-of:5.1.0 results in the following vulnerability(s):
Occurrences
kind-of:5.1.0 is a transitive dependency introduced by the following direct dependency(s):
• jest:26.6.3
└─ @jest/core:26.6.3
└─ jest-haste-map:26.6.2
└─ sane:4.1.0
└─ micromatch:3.1.10
└─ snapdragon:0.8.2
└─ define-property:0.2.5
└─ is-descriptor:0.1.6
└─ kind-of:5.1.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of kind-of:3.2.2 results in the following vulnerability(s):
Occurrences
kind-of:3.2.2 is a transitive dependency introduced by the following direct dependency(s):
• jest:26.6.3
└─ @jest/core:26.6.3
└─ jest-haste-map:26.6.2
└─ sane:4.1.0
└─ micromatch:3.1.10
└─ braces:2.3.2
└─ fill-range:4.0.0
└─ is-number:3.0.0
└─ kind-of:3.2.2
└─ snapdragon-node:2.1.1
└─ snapdragon-util:3.0.1
└─ kind-of:3.2.2
└─ snapdragon:0.8.2
└─ base:0.11.2
└─ cache-base:1.0.1
└─ has-value:1.0.0
└─ has-values:1.0.0
└─ is-number:3.0.0
└─ kind-of:3.2.2
└─ to-object-path:0.3.0
└─ kind-of:3.2.2
└─ class-utils:0.3.6
└─ static-extend:0.1.2
└─ object-copy:0.1.0
└─ kind-of:3.2.2
└─ define-property:0.2.5
└─ is-descriptor:0.1.6
└─ is-accessor-descriptor:0.1.6
└─ kind-of:3.2.2
└─ is-data-descriptor:0.1.4
└─ kind-of:3.2.2
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Normalize a URL
Library home page: https://registry.npmjs.org/normalize-url/-/normalize-url-4.5.0.tgz
Path to dependency file: SimpleBookselfAPI/package.json
Path to vulnerable library: SimpleBookselfAPI/node_modules/normalize-url/package.json
Dependency Hierarchy:
Found in HEAD commit: d0aa7a84d6bad8c31eaff9cf09ba6c425d6f28ca
Found in base branch: main
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.
Publish Date: 2021-05-24
URL: CVE-2021-33502
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33502
Release Date: 2021-05-24
Fix Resolution: normalize-url - 4.5.1, 5.3.1, 6.0.1
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of ini:1.3.7 results in the following vulnerability(s):
Occurrences
ini:1.3.7 is a transitive dependency introduced by the following direct dependency(s):
• nodemon:2.0.7
└─ update-notifier:4.1.3
└─ is-installed-globally:0.3.2
└─ global-dirs:2.1.0
└─ ini:1.3.7
└─ latest-version:5.1.0
└─ package-json:6.5.0
└─ registry-auth-token:4.2.1
└─ rc:1.2.8
└─ ini:1.3.7
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset
Library home page: https://registry.npmjs.org/browserslist/-/browserslist-4.16.3.tgz
Path to dependency file: SimpleBookselfAPI/package.json
Path to vulnerable library: SimpleBookselfAPI/node_modules/browserslist/package.json
Dependency Hierarchy:
Found in HEAD commit: 3e739e182d57ee7d911dc915c85578454a9c3639
Found in base branch: main
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
Publish Date: 2021-04-28
URL: CVE-2021-23364
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23364
Release Date: 2021-04-28
Fix Resolution: browserslist - 4.16.5
Step up your Open Source Security Game with WhiteSource here
JavaScript's functional programming helper library.
Library home page: https://registry.npmjs.org/underscore/-/underscore-1.10.2.tgz
Path to dependency file: SimpleBookselfAPI/package.json
Path to vulnerable library: SimpleBookselfAPI/node_modules/underscore/package.json
Dependency Hierarchy:
Found in HEAD commit: 13a5e9869b0f92b02f11da6b53cf7b30930268fe
Found in base branch: main
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
Publish Date: 2021-03-29
URL: CVE-2021-23358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358
Release Date: 2021-03-29
Fix Resolution: underscore - 1.12.1,1.13.0-2
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of lodash.memoize:4.1.2 results in the following vulnerability(s):
Occurrences
lodash.memoize:4.1.2 is a transitive dependency introduced by the following direct dependency(s):
• ts-jest:27.1.3
└─ lodash.memoize:4.1.2
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Regular expression for matching ANSI escape codes
Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/ansi-regex/package.json
Dependency Hierarchy:
Found in HEAD commit: 58fb7c8a100ae60cfe2ceda6b273cf2cee1952fa
Found in base branch: main
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
Publish Date: 2021-09-17
URL: CVE-2021-3807
Base Score Metrics:
Type: Upgrade version
Origin: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994/
Release Date: 2021-09-17
Fix Resolution (ansi-regex): 5.0.1
Direct dependency fix Resolution (jest): 27.1.0
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of ini:1.3.8 results in the following vulnerability(s):
Occurrences
ini:1.3.8 is a transitive dependency introduced by the following direct dependency(s):
• nodemon:2.0.15
└─ update-notifier:5.1.0
└─ latest-version:5.1.0
└─ package-json:6.5.0
└─ registry-auth-token:4.2.1
└─ rc:1.2.8
└─ ini:1.3.8
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Node.js path.parse() ponyfill
Library home page: https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz
Path to dependency file: SimpleBookselfAPI/package.json
Path to vulnerable library: SimpleBookselfAPI/node_modules/path-parse/package.json
Dependency Hierarchy:
Found in HEAD commit: 3e739e182d57ee7d911dc915c85578454a9c3639
Found in base branch: main
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
Publish Date: 2021-05-04
URL: CVE-2021-23343
Base Score Metrics:
Type: Upgrade version
Origin: jbgutierrez/path-parse#8
Release Date: 2021-05-04
Fix Resolution: path-parse - 1.0.7
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of lodash.clonedeep:4.5.0 results in the following vulnerability(s):
Occurrences
lodash.clonedeep:4.5.0 is a transitive dependency introduced by the following direct dependency(s):
• eslint:7.23.0
└─ table:6.0.9
└─ lodash.clonedeep:4.5.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of marked:0.8.2 results in the following vulnerability(s):
Occurrences
marked:0.8.2 is a transitive dependency introduced by the following direct dependency(s):
• jsdoc:3.6.6
└─ marked:0.8.2
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab
Library home page: https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.8.tgz
Path to dependency file: SimpleBookselfAPI/package.json
Path to vulnerable library: SimpleBookselfAPI/node_modules/hosted-git-info/package.json,SimpleBookselfAPI/SimpleBookselfAPI/node_modules/hosted-git-info/package.json
Dependency Hierarchy:
Found in HEAD commit: a068a067a0f298b1953b7e06a81aa299d34d8e04
Found in base branch: main
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via shortcutMatch in fromUrl().
Publish Date: 2021-03-23
URL: CVE-2021-23362
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/npm/hosted-git-info/releases/tag/v3.0.8
Release Date: 2021-03-23
Fix Resolution: hosted-git-info - 3.0.8
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of lodash.flatten:4.4.0 results in the following vulnerability(s):
Occurrences
lodash.flatten:4.4.0 is a transitive dependency introduced by the following direct dependency(s):
• eslint:7.23.0
└─ table:6.0.9
└─ lodash.flatten:4.4.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of debug:2.6.9 results in the following vulnerability(s):
Occurrences
debug:2.6.9 is a transitive dependency introduced by the following direct dependency(s):
• eslint-plugin-import:2.22.1
└─ eslint-import-resolver-node:0.3.4
└─ debug:2.6.9
└─ eslint-module-utils:2.6.0
└─ debug:2.6.9
└─ debug:2.6.9
• jest:26.6.3
└─ @jest/core:26.6.3
└─ jest-haste-map:26.6.2
└─ sane:4.1.0
└─ micromatch:3.1.10
└─ extglob:2.0.4
└─ expand-brackets:2.1.4
└─ debug:2.6.9
└─ snapdragon:0.8.2
└─ debug:2.6.9
• nodemon:2.0.7
└─ undefsafe:2.0.3
└─ debug:2.6.9
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.