Git Product home page Git Product logo

acronym-decoder's Introduction

Drinketh from the Cup of Knowledge!

Whether you've been with your organization one day or one decade, we are all always running into terms and acronyms that we just don't get. Maybe it's an industry or line of business you're not too familiar with. Maybe it's an acronym that someone just made up and started using the other day. Maybe it's a typo!

Whatever it is, Acronym-Decoder (A-D!) aims to help you get through the alphabet soup. It's a fairly simple tool that highlights words that you have a definition for, then lets you pull up those definition(s) with a click of the mouse.

Run Local Server

  • Go here to download the latest version of nodejs. Follow the steps on the website to download the appropriate version according to your machine
  • Download this project by clicking 'Code' on the top right of the website, then click 'Download ZIP'. Follow the image for any further guidance necessary.
  • Open the project with your favorite text editor and enter the following commands in the terminal.
  • npm install
  • npm run build
  • Visit chrome://extensions on your chrome browser
  • Enable Developer mode and click Load unpacked as seen in the image below
  • Select the dist/ folder in your project directory

Note: modifications to content-script files will require you to refresh the extension from chrome://extensions

Build

  • npm install
  • npm run build

Configuration

All of the configurable variables live within the config.json file. Change each property depending on your specific need to shape how the app will look and function. The changes you make here will propogate throughout the app.

Setting up your terms and acronyms

Local Glossary:

You can set up your terms and acronyms by inserting them into the glossary.json file. The format of the file should stay the same as the example that lives in there currently. Make sure all your terms and acronyms match that format so the app can read them with no issues.

Remote Glossary:

You can also setup a database and backend and host your terms/acronyms on a server. This feature is off by default. Make sure to replace the lookupApiUrl in the config.json file with the server URL. Also you need to make sure that the toggle for enableRemoteLookup is set to true on the config.json file to enable remote lookup. If for any reason the API fails, the app will fallback to local glossary. Host permissions can optionally be added the host_permissions attribute to manifest.json file.

Contributors:

We welcome your interest in Capital One’s Open Source Projects (the “Project”). Any Contributor to the project must accept and sign a CLA indicating agreement to the license terms. Except for the license granted in this CLA to Capital One and to recipients of software distributed by Capital One, you reserve all right, title, and interest in and to your contributions; this CLA does not impact your rights to use your own contributions for any other purpose.

Link to Individual CLA

Link to Corporate CLA

This project adheres to the Open Source Code of Conduct. By participating, you are expected to honor this code.

Modernization contributors:

@Frank Zhou

@Eric Li

@Samyak Jain

Project creators:

@Ahmad Ibrahim

@Basim Partovi

@Jason Yeomans

Troubleshooting

  • Having issues installing Acronym-Decoder?
  • Or for any other problems/questions:

Create an issue on our repo and let us know. We're always here to help!

License

Copyright 2021 - 2023 Capital One Services, LLC

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

acronym-decoder's People

Contributors

amadib avatar baspartovi avatar dependabot[bot] avatar ericliau1 avatar fpmc1 avatar mend-bolt-for-github[bot] avatar mend-for-github-com[bot] avatar ospo-capitalone avatar samyakjain11 avatar snyk-bot avatar tmbjmu avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

jtambolic1 hmajumdar pinklite34 jchammons amadib isabella232 headorb austinsonger jijain786 carolporte-altria omarjmh panchoroo bbhuvi litchiyan dgwhited samyakjain11 ospo-capitalone l-nd-n romainfd ghas-results skavigitp rbrenton cactusspine meimeix01

acronym-decoder's Issues

node-sass-7.0.1.tgz: 4 vulnerabilities (highest severity is: 7.5) - autoclosed

Vulnerable Library - node-sass-7.0.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/scss-tokenizer/package.json

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (node-sass version) Remediation Available
CVE-2022-25758 High 7.5 scss-tokenizer-0.3.0.tgz Transitive 7.0.2
CVE-2022-3517 High 7.5 minimatch-3.0.4.tgz Transitive N/A*
CVE-2022-25881 High 7.5 http-cache-semantics-4.1.0.tgz Transitive 7.0.2
CVE-2023-28155 Medium 6.1 request-2.88.2.tgz Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2022-25758

Vulnerable Library - scss-tokenizer-0.3.0.tgz

A tokenzier for Sass' SCSS syntax

Library home page: https://registry.npmjs.org/scss-tokenizer/-/scss-tokenizer-0.3.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/scss-tokenizer/package.json

Dependency Hierarchy:

  • node-sass-7.0.1.tgz (Root Library)
    • sass-graph-4.0.0.tgz
      • scss-tokenizer-0.3.0.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex.

Publish Date: 2022-07-01

URL: CVE-2022-25758

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-7mwh-4pqv-wmr8

Release Date: 2022-07-01

Fix Resolution (scss-tokenizer): 0.4.3

Direct dependency fix Resolution (node-sass): 7.0.2

⛑️ Automatic Remediation is available for this issue

CVE-2022-3517

Vulnerable Library - minimatch-3.0.4.tgz

a glob matcher in javascript

Library home page: https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz

Dependency Hierarchy:

  • node-sass-7.0.1.tgz (Root Library)
    • glob-7.2.0.tgz
      • minimatch-3.0.4.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.

Publish Date: 2022-10-17

URL: CVE-2022-3517

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-10-17

Fix Resolution: minimatch - 3.0.5

CVE-2022-25881

Vulnerable Library - http-cache-semantics-4.1.0.tgz

Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies

Library home page: https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/http-cache-semantics/package.json

Dependency Hierarchy:

  • node-sass-7.0.1.tgz (Root Library)
    • node-gyp-8.4.1.tgz
      • make-fetch-happen-9.1.0.tgz
        • http-cache-semantics-4.1.0.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.

Publish Date: 2023-01-31

URL: CVE-2022-25881

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2022-25881

Release Date: 2023-01-31

Fix Resolution (http-cache-semantics): 4.1.1

Direct dependency fix Resolution (node-sass): 7.0.2

⛑️ Automatic Remediation is available for this issue

CVE-2023-28155

Vulnerable Library - request-2.88.2.tgz

Simplified HTTP request client.

Library home page: https://registry.npmjs.org/request/-/request-2.88.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/request/package.json

Dependency Hierarchy:

  • node-sass-7.0.1.tgz (Root Library)
    • request-2.88.2.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

** UNSUPPORTED WHEN ASSIGNED ** The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Publish Date: 2023-03-16

URL: CVE-2023-28155

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

⛑️ Automatic Remediation is available for this issue.

crypto-browserify-3.12.0.tgz: 1 vulnerabilities (highest severity is: 6.5)

Vulnerable Library - crypto-browserify-3.12.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (crypto-browserify version) Remediation Possible**
CVE-2023-46234 Medium 6.5 browserify-sign-4.2.1.tgz Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-46234

Vulnerable Library - browserify-sign-4.2.1.tgz

adds node crypto signing for browsers

Library home page: https://registry.npmjs.org/browserify-sign/-/browserify-sign-4.2.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

  • crypto-browserify-3.12.0.tgz (Root Library)
    • browserify-sign-4.2.1.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.

Publish Date: 2023-10-26

URL: CVE-2023-46234

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-x9w5-v3q2-3rhw

Release Date: 2023-10-26

Fix Resolution: browserify-sign - 4.2.2

need help installing

hey guys, former c1 associates here. tow questions:

  1. is this the code base for slurp?
  2. having below error when running npm install
    npm ERR! code 1
    npm ERR! path /Users/lyan/workspace/acronym-decoder/node_modules/node-sass
    npm ERR! command failed
    npm ERR! command sh -c node scripts/build.js
    npm ERR! Building: /usr/local/Cellar/node/17.2.0/bin/node /Users/lyan/workspace/acronym-decoder/node_modules/node-gyp/bin/node-gyp.js rebuild --verbose --libsass_ext= --libsass_cflags= --libsass_ldflags= --libsass_library=
    npm ERR! gyp info it worked if it ends with ok
    npm ERR! gyp verb cli [
    npm ERR! gyp verb cli '/usr/local/Cellar/node/17.2.0/bin/node',
    npm ERR! gyp verb cli '/Users/lyan/workspace/acronym-decoder/node_modules/node-gyp/bin/node-gyp.js',
    npm ERR! gyp verb cli 'rebuild',
    npm ERR! gyp verb cli '--verbose',
    npm ERR! gyp verb cli '--libsass_ext=',
    npm ERR! gyp verb cli '--libsass_cflags=',
    npm ERR! gyp verb cli '--libsass_ldflags=',
    npm ERR! gyp verb cli '--libsass_library='
    npm ERR! gyp verb cli ]

Codeowners file

Please add trusted reviewers to your code owners file and write team if necessary. Thanks!

Update the SPDX License Headers

Plase update the License Headers so that the lines get broken in the right place as follows. Currently the line is breaking before LLC which is incorrect.

SPDX-Copyright: Copyright (c) Capital One Services,LLC
SPDX-License-Identifier: Apache-2.0

node-sass-7.0.2.tgz: 2 vulnerabilities (highest severity is: 7.5) - autoclosed

Vulnerable Library - node-sass-7.0.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/minimatch/package.json

Found in HEAD commit: 42b56e18cf2359a754885c013e12841d91dec9fb

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (node-sass version) Remediation Available
CVE-2022-3517 High 7.5 minimatch-3.0.4.tgz Transitive N/A*
CVE-2022-25883 Medium 5.3 semver-7.3.5.tgz Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2022-3517

Vulnerable Library - minimatch-3.0.4.tgz

a glob matcher in javascript

Library home page: https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/minimatch/package.json

Dependency Hierarchy:

  • node-sass-7.0.2.tgz (Root Library)
    • glob-7.2.0.tgz
      • minimatch-3.0.4.tgz (Vulnerable Library)

Found in HEAD commit: 42b56e18cf2359a754885c013e12841d91dec9fb

Found in base branch: master

Vulnerability Details

A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.

Publish Date: 2022-10-17

URL: CVE-2022-3517

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-10-17

Fix Resolution: minimatch - 3.0.5

CVE-2022-25883

Vulnerable Library - semver-7.3.5.tgz

The semantic version parser used by npm.

Library home page: https://registry.npmjs.org/semver/-/semver-7.3.5.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/semver/package.json

Dependency Hierarchy:

  • node-sass-7.0.2.tgz (Root Library)
    • node-gyp-9.4.0.tgz
      • semver-7.3.5.tgz (Vulnerable Library)

Found in HEAD commit: 42b56e18cf2359a754885c013e12841d91dec9fb

Found in base branch: master

Vulnerability Details

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

Publish Date: 2023-06-21

URL: CVE-2022-25883

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2023-06-21

Fix Resolution: semver - 7.5.2

node-sass-9.0.0.tgz: 9 vulnerabilities (highest severity is: 8.8) - autoclosed

Vulnerable Library - node-sass-9.0.0.tgz

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-9.0.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-sass/package.json

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (node-sass version) Remediation Available
CVE-2018-19827 High 8.8 node-sass-9.0.0.tgz Direct N/A
CVE-2018-11694 High 8.8 node-sass-9.0.0.tgz Direct N/A
CVE-2018-11698 High 8.1 node-sass-9.0.0.tgz Direct node-sass - 4.14.0
CVE-2019-6286 Medium 6.5 node-sass-9.0.0.tgz Direct N/A
CVE-2018-20190 Medium 6.5 node-sass-9.0.0.tgz Direct N/A
CVE-2018-20821 Medium 6.5 node-sass-9.0.0.tgz Direct Replace or update the following files: util_string.cpp, util_string.hpp, parser.hpp, parser.cpp
CVE-2018-19839 Medium 6.5 node-sass-9.0.0.tgz Direct Replace or update the following files: checked.h, core.h
CVE-2019-6283 Medium 6.5 node-sass-9.0.0.tgz Direct N/A
CVE-2018-19797 Medium 6.5 node-sass-9.0.0.tgz Direct N/A

Details

CVE-2018-19827

Vulnerable Library - node-sass-9.0.0.tgz

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-9.0.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-sass/package.json

Dependency Hierarchy:

  • node-sass-9.0.0.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-12-03

URL: CVE-2018-19827

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

CVE-2018-11694

Vulnerable Library - node-sass-9.0.0.tgz

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-9.0.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-sass/package.json

Dependency Hierarchy:

  • node-sass-9.0.0.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11694

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

CVE-2018-11698

Vulnerable Library - node-sass-9.0.0.tgz

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-9.0.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-sass/package.json

Dependency Hierarchy:

  • node-sass-9.0.0.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11698

CVSS 3 Score Details (8.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-r5m8-frrg-389w

Release Date: 2018-06-04

Fix Resolution: node-sass - 4.14.0

⛑️ Automatic Remediation is available for this issue

CVE-2019-6286

Vulnerable Library - node-sass-9.0.0.tgz

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-9.0.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-sass/package.json

Dependency Hierarchy:

  • node-sass-9.0.0.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.

Publish Date: 2019-01-14

URL: CVE-2019-6286

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

CVE-2018-20190

Vulnerable Library - node-sass-9.0.0.tgz

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-9.0.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-sass/package.json

Dependency Hierarchy:

  • node-sass-9.0.0.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-17

URL: CVE-2018-20190

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

CVE-2018-20821

Vulnerable Library - node-sass-9.0.0.tgz

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-9.0.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-sass/package.json

Dependency Hierarchy:

  • node-sass-9.0.0.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20821

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Release Date: 2019-04-15

Fix Resolution: Replace or update the following files: util_string.cpp, util_string.hpp, parser.hpp, parser.cpp

CVE-2018-19839

Vulnerable Library - node-sass-9.0.0.tgz

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-9.0.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-sass/package.json

Dependency Hierarchy:

  • node-sass-9.0.0.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.

Publish Date: 2018-12-04

URL: CVE-2018-19839

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Release Date: 2018-11-28

Fix Resolution: Replace or update the following files: checked.h, core.h

CVE-2019-6283

Vulnerable Library - node-sass-9.0.0.tgz

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-9.0.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-sass/package.json

Dependency Hierarchy:

  • node-sass-9.0.0.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6283

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

CVE-2018-19797

Vulnerable Library - node-sass-9.0.0.tgz

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-9.0.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-sass/package.json

Dependency Hierarchy:

  • node-sass-9.0.0.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-03

URL: CVE-2018-19797

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

⛑️ Automatic Remediation is available for this issue.

Add acronym and distributing

Nice tool! What you guys think on giving the ability to add acronym and definition to the users? Also, when used within an organization, whats the best way to distribute it to large audience, should I be sending "dist" folder to everyone and ask them to load it to their chrome extension?

License Policy Violation detected in path-is-inside-1.0.2.tgz (Multiple Licenses)

License Policy Violation detected in path-is-inside-1.0.2.tgz (Multiple Licenses)

Library - path-is-inside-1.0.2.tgz

Tests whether one path is inside another path

Library home page: https://registry.npmjs.org/path-is-inside/-/path-is-inside-1.0.2.tgz

Path to dependency file: /package.json

Path to library: /node_modules/path-is-inside/package.json

Dependency Hierarchy:

  • protractor-7.0.0.tgz (Root Library)
    • webdriver-manager-12.1.8.tgz
      • del-2.2.2.tgz
        • is-path-in-cwd-1.0.1.tgz
          • is-path-inside-1.0.1.tgz
            • path-is-inside-1.0.2.tgz (Library containing License Policy Violation)

Found in HEAD commit: abfaf096fa72d83433e8818d0904e98225ce913e

Found in base branch: master

📃 License Details

MIT
License Reference File: https://github.com/domenic/path-is-inside

WTFPL
License Reference File: https://github.com/domenic/path-is-inside

    ⛔ License Policy Violation - Banned License: Remove the use of library under a critical severity license that cannot be used at Capital One

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.