halospv3 / hce.drp Goto Github PK
View Code? Open in Web Editor NEWDiscord Rich Presence module for Halo: Combat Evolved
License: GNU General Public License v3.0
Discord Rich Presence module for Halo: Combat Evolved
License: GNU General Public License v3.0
A markdown parser built for speed
Library home page: https://registry.npmjs.org/marked/-/marked-2.1.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/marked/package.json
Dependency Hierarchy:
Found in HEAD commit: 366cf45a4d210356c14c0ee396cbb81f2ea20133
Found in base branch: main
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def
may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.
Publish Date: 2022-01-14
URL: CVE-2022-21680
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-rrrm-qjm4-v8hf
Release Date: 2022-01-14
Fix Resolution: marked - 4.0.10
Step up your Open Source Security Game with WhiteSource here
Ideally, we'll re-use our existing GitVersion configuration for version bumps controlled entirely by commit messages.
Progress in tracked in https://github.com/HaloSPV3/HCE.DRP/tree/feat/gitVersion
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.8.1/jquery.min.js
Path to dependency file: HCE.DRP/node_modules/redeyed/examples/browser/index.html
Path to vulnerable library: /node_modules/redeyed/examples/browser/index.html
Dependency Hierarchy:
Found in HEAD commit: 1a03d653386d12fd317a5da703c2bf5cd63e1f13
Found in base branch: main
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
Base Score Metrics:
Type: Upgrade version
Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
HCE.DRP
to SPV3.DRP
SPV3.DRP
SPV3.DRP
as a dotnet project for easier version automation; Programmatically setting assembly info in C++ is a terrible and alien experience.JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.8.1/jquery.min.js
Path to dependency file: HCE.DRP/node_modules/redeyed/examples/browser/index.html
Path to vulnerable library: /node_modules/redeyed/examples/browser/index.html
Dependency Hierarchy:
Found in HEAD commit: 1a03d653386d12fd317a5da703c2bf5cd63e1f13
Found in base branch: main
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0
Step up your Open Source Security Game with WhiteSource here
Constantly updating the module to add new strings would be annoying if it's done frequently.
Being data-driven means fewer updates for values that would otherwise need to be hard coded.
However, this opens up the potential for external abuse e.g. inappropriate text or images being sent to a player's Discord status.
With the previous statement in in mind, it may be preferable to maintain a map registry separate from this project. See HaloSPV3/HCE#262
Why have two arrays of values that differ by character cases?
const char *DIFFICULTIES[] = {
"Noble",
"Normal",
"Heroic",
"Legendary"
};
const char *Difficulties[] = {
"noble",
"normal",
"heroic",
"legendary"
};
std::string difficulty_str;
std::string real_difficulty;
if (difficulty < 4) {
real_difficulty = Difficulties[difficulty];
difficulty_str = DIFFICULTIES[difficulty];
difficulty_str += " Difficulty";
}
Regular expression for matching semver versions
Library home page: https://registry.npmjs.org/semver-regex/-/semver-regex-3.1.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/semver-regex/package.json
Dependency Hierarchy:
Found in HEAD commit: 1a03d653386d12fd317a5da703c2bf5cd63e1f13
Found in base branch: main
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
Publish Date: 2022-06-02
URL: CVE-2021-43307
Base Score Metrics:
Type: Upgrade version
Origin: https://research.jfrog.com/vulnerabilities/semver-regex-redos-xray-211349/
Release Date: 2021-11-03
Fix Resolution: semver-regex - 3.1.4,4.0.3
Step up your Open Source Security Game with Mend here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.8.1/jquery.min.js
Path to dependency file: HCE.DRP/node_modules/redeyed/examples/browser/index.html
Path to vulnerable library: /node_modules/redeyed/examples/browser/index.html
Dependency Hierarchy:
Found in HEAD commit: 1a03d653386d12fd317a5da703c2bf5cd63e1f13
Found in base branch: main
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
Publish Date: 2020-05-19
URL: CVE-2020-7656
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-q4m3-2j7h-f7xw
Release Date: 2020-05-28
Fix Resolution: jquery - 1.9.0
Step up your Open Source Security Game with WhiteSource here
a package manager for JavaScript
Library home page: https://registry.npmjs.org/npm/-/npm-8.3.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/npm/package.json
Dependency Hierarchy:
Found in HEAD commit: 1a03d653386d12fd317a5da703c2bf5cd63e1f13
Found in base branch: main
npm pack ignores root-level .gitignore & .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. --workspaces, --workspace=). Anyone who has run npm pack or npm publish with workspaces, as of v7.9.0 & v7.13.0 respectively, may be affected and have published files into the npm registry they did not intend to include. Users should upgrade to the patched version of npm (v8.11.0 or greater).
Publish Date: 2022-04-14
URL: CVE-2022-29244
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-hj9c-8jmm-8c52
Release Date: 2022-04-14
Fix Resolution: npm - 8.11.0
Step up your Open Source Security Game with Mend here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.8.1/jquery.min.js
Path to dependency file: HCE.DRP/node_modules/redeyed/examples/browser/index.html
Path to vulnerable library: /node_modules/redeyed/examples/browser/index.html
Dependency Hierarchy:
Found in HEAD commit: 1a03d653386d12fd317a5da703c2bf5cd63e1f13
Found in base branch: main
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
Publish Date: 2018-01-18
URL: CVE-2012-6708
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6708
Release Date: 2018-01-18
Fix Resolution: jQuery - v1.9.0
Step up your Open Source Security Game with WhiteSource here
$VsReqs = "Microsoft.Component.VC.Runtime.UCRTSDK","Microsoft.VisualStudio.Workload.NativeDesktop","Microsoft.VisualStudio.Component.WinXP";
(
Get-VSSetupInstance -All -Prerelease | Select-VSSetupInstance -Latest -Require ($VsReqs)
).InstallationPath
# Need to learn names of...
# ...[component] deprecated v141 toolset for Win7.1 SDK
# ...[component] Windows 10 SDK (10.0.19041.0)
# ...[workload] Desktop development with C++
Docs
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
This repository currently has no open or pending branches.
.github/workflows/ci.yml
actions/checkout v4
.github/workflows/codeql-analysis.yml
actions/checkout v4
github/codeql-action v3
github/codeql-action v3
github/codeql-action v3
.github/workflows/conv-pull-requests.yml
Namchee/conventional-pr v0.15.4
.github/workflows/release.yml
actions/checkout v4
actions/setup-node v4
actions/upload-artifact v4
package.json
Regular expression for matching ANSI escape codes
Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/npm/node_modules/cli-table3/node_modules/ansi-regex/package.json
Dependency Hierarchy:
Regular expression for matching ANSI escape codes
Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/npm/node_modules/string-width/node_modules/ansi-regex/package.json
Dependency Hierarchy:
Found in HEAD commit: 1a03d653386d12fd317a5da703c2bf5cd63e1f13
Found in base branch: main
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
Publish Date: 2021-09-17
URL: CVE-2021-3807
Base Score Metrics:
Type: Upgrade version
Origin: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994/
Release Date: 2021-09-17
Fix Resolution: ansi-regex - 5.0.1,6.0.1
Step up your Open Source Security Game with Mend here
A markdown parser built for speed
Library home page: https://registry.npmjs.org/marked/-/marked-2.1.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/marked/package.json
Dependency Hierarchy:
Found in HEAD commit: 366cf45a4d210356c14c0ee396cbb81f2ea20133
Found in base branch: main
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression inline.reflinkSearch
may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.
Publish Date: 2022-01-14
URL: CVE-2022-21681
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-5v2h-r2cx-5xgj
Release Date: 2022-01-14
Fix Resolution: marked - 4.0.10
Step up your Open Source Security Game with WhiteSource here
The Linker is failing a a few operations involving discord-rpc.lib.
These issues are due to the precompiled library having been compiled with incompatible arguments and parameters.
discord-rpc | ours | |
---|---|---|
_ITERATOR_DEBUG_LEVEL | 0 | 2 |
RuntimeLibrary | MT_StaticRelease | MDd_DynamicDebug |
Build started...
1>------ Build started: Project: DRP, Configuration: Debug Win32 ------
1>Build started 12/14/2021 5:56:41 PM.
1>Target Link:
1> discord-rpc.lib(discord_rpc.obj) : error LNK2038: mismatch detected for '_ITERATOR_DEBUG_LEVEL': value '0' doesn't match value '2' in main.obj
1> discord-rpc.lib(discord_rpc.obj) : error LNK2038: mismatch detected for 'RuntimeLibrary': value 'MT_StaticRelease' doesn't match value 'MDd_DynamicDebug' in main.obj
1> discord-rpc.lib(discord_register_win.obj) : error LNK2038: mismatch detected for '_ITERATOR_DEBUG_LEVEL': value '0' doesn't match value '2' in main.obj
1> discord-rpc.lib(discord_register_win.obj) : error LNK2038: mismatch detected for 'RuntimeLibrary': value 'MT_StaticRelease' doesn't match value 'MDd_DynamicDebug' in main.obj
1> discord-rpc.lib(serialization.obj) : error LNK2038: mismatch detected for '_ITERATOR_DEBUG_LEVEL': value '0' doesn't match value '2' in main.obj
1> discord-rpc.lib(serialization.obj) : error LNK2038: mismatch detected for 'RuntimeLibrary': value 'MT_StaticRelease' doesn't match value 'MDd_DynamicDebug' in main.obj
1> discord-rpc.lib(rpc_connection.obj) : error LNK2038: mismatch detected for '_ITERATOR_DEBUG_LEVEL': value '0' doesn't match value '2' in main.obj
1> discord-rpc.lib(rpc_connection.obj) : error LNK2038: mismatch detected for 'RuntimeLibrary': value 'MT_StaticRelease' doesn't match value 'MDd_DynamicDebug' in main.obj
1> LINK : warning LNK4098: defaultlib 'LIBCMT' conflicts with use of other libs; use /NODEFAULTLIB:library
1> ..\bin\Debug\HCE.DRP.dll : fatal error LNK1319: 8 mismatches detected
1>Done building target "Link" in project "DRP.vcxproj" -- FAILED.
1>
1>Done building project "DRP.vcxproj" -- FAILED.
1>
1>Build FAILED.
1>
1>LINK : warning LNK4098: defaultlib 'LIBCMT' conflicts with use of other libs; use /NODEFAULTLIB:library
1>discord-rpc.lib(discord_rpc.obj) : error LNK2038: mismatch detected for '_ITERATOR_DEBUG_LEVEL': value '0' doesn't match value '2' in main.obj
1>discord-rpc.lib(discord_rpc.obj) : error LNK2038: mismatch detected for 'RuntimeLibrary': value 'MT_StaticRelease' doesn't match value 'MDd_DynamicDebug' in main.obj
1>discord-rpc.lib(discord_register_win.obj) : error LNK2038: mismatch detected for '_ITERATOR_DEBUG_LEVEL': value '0' doesn't match value '2' in main.obj
1>discord-rpc.lib(discord_register_win.obj) : error LNK2038: mismatch detected for 'RuntimeLibrary': value 'MT_StaticRelease' doesn't match value 'MDd_DynamicDebug' in main.obj
1>discord-rpc.lib(serialization.obj) : error LNK2038: mismatch detected for '_ITERATOR_DEBUG_LEVEL': value '0' doesn't match value '2' in main.obj
1>discord-rpc.lib(serialization.obj) : error LNK2038: mismatch detected for 'RuntimeLibrary': value 'MT_StaticRelease' doesn't match value 'MDd_DynamicDebug' in main.obj
1>discord-rpc.lib(rpc_connection.obj) : error LNK2038: mismatch detected for '_ITERATOR_DEBUG_LEVEL': value '0' doesn't match value '2' in main.obj
1>discord-rpc.lib(rpc_connection.obj) : error LNK2038: mismatch detected for 'RuntimeLibrary': value 'MT_StaticRelease' doesn't match value 'MDd_DynamicDebug' in main.obj
1>..\bin\Debug\HCE.DRP.dll : fatal error LNK1319: 8 mismatches detected
1> 1 Warning(s)
1> 9 Error(s)
1>
1>Time Elapsed 00:00:01.41
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========
> Build started at 5:56 PM and took 2.334 seconds
No known workarounds.
Perhaps there are Linker options for allowing mixed link types.
A. Only build Release builds.
B. Acquire the the source code of Discord RPC and compile for Multi-threaded Debug DLLs.
C. Acquire a debug build of the Discord RPC library.
JSON Schema validation and specifications
Library home page: https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/npm/node_modules/json-schema/package.json
Dependency Hierarchy:
Found in HEAD commit: 1a03d653386d12fd317a5da703c2bf5cd63e1f13
Found in base branch: main
json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Publish Date: 2021-11-13
URL: CVE-2021-3918
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-3918
Release Date: 2021-11-13
Fix Resolution: json-schema - 0.4.0
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.8.1/jquery.min.js
Path to dependency file: HCE.DRP/node_modules/redeyed/examples/browser/index.html
Path to vulnerable library: /node_modules/redeyed/examples/browser/index.html
Dependency Hierarchy:
Found in HEAD commit: 1a03d653386d12fd317a5da703c2bf5cd63e1f13
Found in base branch: main
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - v3.0.0
Step up your Open Source Security Game with WhiteSource here
a package manager for JavaScript
Library home page: https://registry.npmjs.org/npm/-/npm-7.24.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/npm/package.json
Dependency Hierarchy:
Found in HEAD commit: 1a03d653386d12fd317a5da703c2bf5cd63e1f13
Found in base branch: main
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json.
Publish Date: 2021-11-13
URL: CVE-2021-43616
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-43616
Release Date: 2021-11-13
Fix Resolution: npm - 8.1.4
Step up your Open Source Security Game with WhiteSource here
A light-weight module that brings window.fetch to node.js
Library home page: https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.5.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/node-fetch/package.json
Dependency Hierarchy:
Found in base branch: main
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Publish Date: 2022-01-16
URL: CVE-2022-0235
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-r683-j2x4-v87g
Release Date: 2022-01-16
Fix Resolution: node-fetch - 2.6.7,3.1.1
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.