iamkishan98 / e-voting-using-blockchain Goto Github PK
View Code? Open in Web Editor NEWDecentralized online vorting application built with blockchain
Decentralized online vorting application built with blockchain
querystring parser
Library home page: https://registry.npmjs.org/qs/-/qs-0.6.6.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/morris.js/package.json
Path to vulnerable library: /evoting app/src/bower_components/morris.js/node_modules/qs/package.json
Dependency Hierarchy:
querystring parser
Library home page: https://registry.npmjs.org/qs/-/qs-0.5.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/jquery-ui/package.json
Path to vulnerable library: /evoting app/src/bower_components/jquery-ui/node_modules/qs/package.json
Dependency Hierarchy:
querystring parser
Library home page: https://registry.npmjs.org/qs/-/qs-0.5.6.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/package.json
Path to vulnerable library: /evoting app/src/bower_components/morris.js/node_modules/tiny-lr/node_modules/qs/package.json,/evoting app/src/bower_components/morris.js/node_modules/tiny-lr/node_modules/qs/package.json,/evoting app/src/bower_components/morris.js/node_modules/tiny-lr/node_modules/qs/package.json,/evoting app/src/bower_components/morris.js/node_modules/tiny-lr/node_modules/qs/package.json
Dependency Hierarchy:
querystring parser
Library home page: https://registry.npmjs.org/qs/-/qs-0.1.0.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/select2/package.json
Path to vulnerable library: /evoting app/src/bower_components/select2/node_modules/q-io/node_modules/qs/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array.
Publish Date: 2014-10-19
URL: CVE-2014-7191
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-7191
Release Date: 2014-10-19
Fix Resolution (qs): 1.0.0
Direct dependency fix Resolution (bower): 1.3.10
Fix Resolution (qs): 1.0.0
Direct dependency fix Resolution (grunt): 0.4.0
Fix Resolution (qs): 1.0.0
Direct dependency fix Resolution (grunt-contrib-watch): 1.0.0
Fix Resolution (qs): 1.0.0
Direct dependency fix Resolution (grunt-gh-pages): 3.1.0
Step up your Open Source Security Game with Mend here
A markdown parser built for speed
Library home page: https://registry.npmjs.org/marked/-/marked-0.2.10.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-colorpicker/node_modules/marked/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.
Publish Date: 2018-01-02
URL: CVE-2017-1000427
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000427
Release Date: 2018-01-02
Fix Resolution (marked): 0.3.7
Direct dependency fix Resolution (grunt-assemble): 0.6.0
Step up your Open Source Security Game with Mend here
Simplified HTTP request client.
Library home page: https://registry.npmjs.org/request/-/request-2.40.0.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/package.json
Path to vulnerable library: /evoting app/src/node_modules/request/package.json
Dependency Hierarchy:
Simplified HTTP request client.
Library home page: https://registry.npmjs.org/request/-/request-2.67.0.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/morris.js/package.json
Path to vulnerable library: /evoting app/src/bower_components/select2/node_modules/phantomjs/node_modules/request/package.json,/evoting app/src/bower_components/select2/node_modules/phantomjs/node_modules/request/package.json
Dependency Hierarchy:
Simplified HTTP request client.
Library home page: https://registry.npmjs.org/request/-/request-2.27.0.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/morris.js/package.json
Path to vulnerable library: /evoting app/src/bower_components/morris.js/node_modules/request/package.json
Dependency Hierarchy:
Simplified HTTP request client.
Library home page: https://registry.npmjs.org/request/-/request-2.9.203.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/jquery-ui/package.json
Path to vulnerable library: /evoting app/src/bower_components/jquery-ui/node_modules/loggly/node_modules/request/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
Request is an http client. If a request is made using multipart
, and the body type is a number
, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0.
Publish Date: 2018-06-04
URL: CVE-2017-16026
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-16026
Release Date: 2018-04-26
Fix Resolution (request): 2.68.0
Direct dependency fix Resolution (grunt-contrib-less): 1.0.0
Fix Resolution (request): 2.68.0
Direct dependency fix Resolution (grunt-mocha): 1.0.0
Fix Resolution (request): 2.68.0
Direct dependency fix Resolution (bower): 1.7.5
Fix Resolution (request): 2.68.0
Direct dependency fix Resolution (grunt): 0.4.0
Step up your Open Source Security Game with Mend here
A markdown parser built for speed
Library home page: https://registry.npmjs.org/marked/-/marked-0.2.10.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-colorpicker/node_modules/marked/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (sanitize: true
) to inject a javascript:
URL. This flaw exists because &#xNNanything;
gets parsed to what it could and leaves the rest behind, resulting in just anything;
being left.
Publish Date: 2018-05-31
URL: CVE-2016-10531
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10531
Release Date: 2018-04-26
Fix Resolution (marked): 0.3.6
Direct dependency fix Resolution (grunt-assemble): 0.6.0
Step up your Open Source Security Game with Mend here
A tool for rapidly building command line apps
Library home page: https://registry.npmjs.org/cli/-/cli-0.6.6.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/select2/package.json
Path to vulnerable library: /evoting app/src/bower_components/select2/node_modules/cli/package.json,/evoting app/src/bower_components/select2/node_modules/cli/package.json
Dependency Hierarchy:
A tool for rapidly building command line apps
Library home page: https://registry.npmjs.org/cli/-/cli-0.4.3.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/jquery-ui/package.json
Path to vulnerable library: /evoting app/src/bower_components/jquery-ui/node_modules/cli/package.json,/evoting app/src/bower_components/jquery-ui/node_modules/cli/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
The package node-cli insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.
Publish Date: 2016-08-16
URL: WS-2016-0036
Base Score Metrics:
Type: Upgrade version
Release Date: 2016-08-16
Fix Resolution (cli): 1.0.0
Direct dependency fix Resolution (grunt-contrib-jshint): 0.12.0
Fix Resolution (cli): 1.0.0
Direct dependency fix Resolution (grunt): 0.4.0
Step up your Open Source Security Game with Mend here
A markdown parser built for speed
Library home page: https://registry.npmjs.org/marked/-/marked-0.2.10.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-colorpicker/node_modules/marked/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link.
Publish Date: 2015-01-27
URL: CVE-2015-1370
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-1370
Release Date: 2015-01-27
Fix Resolution (marked): 0.3.0
Direct dependency fix Resolution (grunt-assemble): 0.6.0
Step up your Open Source Security Game with Mend here
A utility library delivering consistency, customization, performance, and extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-1.3.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-colorpicker/node_modules/matchkeys/node_modules/lodash/package.json
Dependency Hierarchy:
A utility library delivering consistency, customization, performance, and extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-1.2.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/morris.js/package.json
Path to vulnerable library: /evoting app/src/bower_components/morris.js/node_modules/lodash/package.json
Dependency Hierarchy:
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.2.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-colorpicker/node_modules/handlebars-helpers/node_modules/lodash/package.json
Dependency Hierarchy:
A utility library delivering consistency, customization, performance, and extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-1.0.2.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/chart.js/package.json
Path to vulnerable library: /evoting app/src/bower_components/morris.js/node_modules/globule/node_modules/lodash/package.json,/evoting app/src/bower_components/morris.js/node_modules/globule/node_modules/lodash/package.json,/evoting app/src/bower_components/morris.js/node_modules/globule/node_modules/lodash/package.json,/evoting app/src/bower_components/morris.js/node_modules/globule/node_modules/lodash/package.json,/evoting app/src/bower_components/morris.js/node_modules/globule/node_modules/lodash/package.json
Dependency Hierarchy:
The modern build of lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/chart.js/package.json
Path to vulnerable library: /evoting app/src/node_modules/grunt-contrib-csslint/node_modules/lodash/package.json,/evoting app/src/node_modules/grunt-contrib-csslint/node_modules/lodash/package.json,/evoting app/src/node_modules/grunt-contrib-csslint/node_modules/lodash/package.json,/evoting app/src/node_modules/grunt-contrib-csslint/node_modules/lodash/package.json,/evoting app/src/node_modules/grunt-contrib-csslint/node_modules/lodash/package.json,/evoting app/src/node_modules/grunt-contrib-csslint/node_modules/lodash/package.json
Dependency Hierarchy:
The modern build of lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-3.7.0.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/package.json
Path to vulnerable library: /evoting app/src/node_modules/jshint/node_modules/lodash/package.json
Dependency Hierarchy:
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.6.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-datepicker/package.json
Path to vulnerable library: /evoting app/src/node_modules/grunt-jscs/node_modules/lodash/package.json,/evoting app/src/node_modules/grunt-jscs/node_modules/lodash/package.json,/evoting app/src/node_modules/grunt-jscs/node_modules/lodash/package.json
Dependency Hierarchy:
A utility library delivering consistency, customization, performance, and extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-0.9.2.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/morris.js/node_modules/grunt/node_modules/lodash/package.json,/evoting app/src/bower_components/morris.js/node_modules/grunt/node_modules/lodash/package.json,/evoting app/src/bower_components/morris.js/node_modules/grunt/node_modules/lodash/package.json,/evoting app/src/bower_components/morris.js/node_modules/grunt/node_modules/lodash/package.json
Dependency Hierarchy:
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-colorpicker/node_modules/fs-utils/node_modules/lodash/package.json,/evoting app/src/bower_components/bootstrap-colorpicker/node_modules/fs-utils/node_modules/lodash/package.json,/evoting app/src/bower_components/bootstrap-colorpicker/node_modules/fs-utils/node_modules/lodash/package.json,/evoting app/src/bower_components/bootstrap-colorpicker/node_modules/fs-utils/node_modules/lodash/package.json,/evoting app/src/bower_components/bootstrap-colorpicker/node_modules/fs-utils/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.
Mend Note: Converted from WS-2019-0184, on 2022-11-08.
Publish Date: 2018-06-07
URL: CVE-2018-3721
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1067
Release Date: 2018-06-07
Fix Resolution (lodash): 4.17.5
Direct dependency fix Resolution (bower): 1.7.5
Fix Resolution (lodash): 4.17.5
Direct dependency fix Resolution (grunt-contrib-watch): 1.0.1
Fix Resolution (lodash): 4.17.5
Direct dependency fix Resolution (grunt-mocha): 1.2.0
Fix Resolution (lodash): 4.17.5
Direct dependency fix Resolution (grunt-contrib-jshint): 0.12.0
Fix Resolution (lodash): 4.17.5
Direct dependency fix Resolution (grunt): 1.0.3
Step up your Open Source Security Game with Mend here
Reference implementation of Joyent's HTTP Signature scheme.
Library home page: https://registry.npmjs.org/http-signature/-/http-signature-0.10.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/morris.js/package.json
Path to vulnerable library: /evoting app/src/bower_components/morris.js/node_modules/http-signature/package.json,/evoting app/src/bower_components/morris.js/node_modules/http-signature/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
http-signature before version 1.0.0 are vulnerable to timing attack, which may lead to information disclosure.
Publish Date: 2015-01-22
URL: WS-2017-0266
Base Score Metrics:
Type: Upgrade version
Release Date: 2015-01-22
Fix Resolution (http-signature): 1.0.0
Direct dependency fix Resolution (grunt-contrib-less): 1.0.0
Step up your Open Source Security Game with Mend here
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.0.2.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-colorpicker/node_modules/fs-utils/node_modules/js-yaml/package.json
Dependency Hierarchy:
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.4.6.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/package.json
Path to vulnerable library: /evoting app/src/node_modules/grunt-jscs/node_modules/js-yaml/package.json,/evoting app/src/node_modules/grunt-jscs/node_modules/js-yaml/package.json,/evoting app/src/node_modules/grunt-jscs/node_modules/js-yaml/package.json
Dependency Hierarchy:
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.5.5.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap/node_modules/js-yaml/package.json
Dependency Hierarchy:
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-2.1.3.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-colorpicker/node_modules/handlebars-helpers/node_modules/js-yaml/package.json
Dependency Hierarchy:
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.12.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap/node_modules/cosmiconfig/node_modules/js-yaml/package.json
Dependency Hierarchy:
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-2.0.5.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/morris.js/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-colorpicker/node_modules/js-yaml/package.json,/evoting app/src/bower_components/bootstrap-colorpicker/node_modules/js-yaml/package.json,/evoting app/src/bower_components/bootstrap-colorpicker/node_modules/js-yaml/package.json,/evoting app/src/bower_components/bootstrap-colorpicker/node_modules/js-yaml/package.json
Dependency Hierarchy:
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.6.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/package.json
Path to vulnerable library: /evoting app/src/node_modules/svgo/node_modules/js-yaml/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
Js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file.
Publish Date: 2019-04-05
URL: WS-2019-0063
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/813
Release Date: 2019-04-05
Fix Resolution (js-yaml): 3.13.1
Direct dependency fix Resolution (grunt): 1.0.4
Fix Resolution (js-yaml): 3.13.1
Direct dependency fix Resolution (stylelint): 9.7.0
Fix Resolution (js-yaml): 3.13.1
Direct dependency fix Resolution (grunt): 1.0.4
Fix Resolution (js-yaml): 3.13.1
Direct dependency fix Resolution (grunt-image): 4.1.0
Step up your Open Source Security Game with Mend here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/chart.js/samples/line-customTooltips.html
Path to vulnerable library: /evoting app/src/bower_components/chart.js/samples/line-customTooltips.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.0.3/jquery.min.js
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/morris.js/examples/area-as-line.html
Path to vulnerable library: /evoting app/src/bower_components/morris.js/examples/area-as-line.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.3/jquery.min.js
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-daterangepicker/demo.html
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-daterangepicker/demo.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.0/jquery.min.js
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/ckeditor/samples/old/jquery.html
Path to vulnerable library: /evoting app/src/bower_components/ckeditor/samples/old/jquery.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://registry.npmjs.org/jquery/-/jquery-3.3.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/package.json
Path to vulnerable library: /evoting app/src/node_modules/jquery/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: jquery - 3.4.0
Step up your Open Source Security Game with Mend here
A markdown parser built for speed
Library home page: https://registry.npmjs.org/marked/-/marked-0.2.10.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-colorpicker/node_modules/marked/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
Versions 0.3.17 and earlier of marked has Four regexes were vulnerable to catastrophic backtracking. This leaves markdown servers open to a potential REDOS attack.
Publish Date: 2018-02-26
URL: WS-2019-0027
Base Score Metrics:
Type: Upgrade version
Release Date: 2018-02-26
Fix Resolution (marked): 0.3.18
Direct dependency fix Resolution (grunt-assemble): 0.6.0
Step up your Open Source Security Game with Mend here
small debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-3.2.6.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap/node_modules/tiny-lr/node_modules/debug/package.json,/evoting app/src/bower_components/bootstrap/node_modules/tiny-lr/node_modules/debug/package.json,/evoting app/src/bower_components/bootstrap/node_modules/tiny-lr/node_modules/debug/package.json
Dependency Hierarchy:
small debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-4.1.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap/node_modules/@babel/traverse/node_modules/debug/package.json,/evoting app/src/bower_components/bootstrap/node_modules/@babel/traverse/node_modules/debug/package.json,/evoting app/src/bower_components/bootstrap/node_modules/@babel/traverse/node_modules/debug/package.json,/evoting app/src/bower_components/bootstrap/node_modules/@babel/traverse/node_modules/debug/package.json
Dependency Hierarchy:
small debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-0.8.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/select2/package.json
Path to vulnerable library: /evoting app/src/bower_components/select2/node_modules/npm-registry/node_modules/debug/package.json,/evoting app/src/bower_components/select2/node_modules/npm-registry/node_modules/debug/package.json
Dependency Hierarchy:
small debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-0.7.4.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/morris.js/package.json
Path to vulnerable library: /evoting app/src/bower_components/select2/node_modules/tiny-lr-fork/node_modules/debug/package.json,/evoting app/src/bower_components/select2/node_modules/tiny-lr-fork/node_modules/debug/package.json,/evoting app/src/bower_components/select2/node_modules/tiny-lr-fork/node_modules/debug/package.json
Dependency Hierarchy:
small debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-2.6.8.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/package.json
Path to vulnerable library: /evoting app/src/node_modules/bootlint/node_modules/debug/package.json
Dependency Hierarchy:
small debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-2.6.7.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/package.json
Path to vulnerable library: /evoting app/src/node_modules/send/node_modules/debug/package.json
Dependency Hierarchy:
small debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-2.0.0.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/morris.js/package.json
Path to vulnerable library: /evoting app/src/bower_components/morris.js/node_modules/mocha/node_modules/debug/package.json
Dependency Hierarchy:
small debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-2.2.0.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-colorpicker/node_modules/debug/package.json,/evoting app/src/bower_components/bootstrap-colorpicker/node_modules/debug/package.json,/evoting app/src/bower_components/bootstrap-colorpicker/node_modules/debug/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.
Publish Date: 2018-06-07
URL: CVE-2017-16137
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-gxpj-cx7g-858c
Release Date: 2018-04-26
Fix Resolution (debug): 3.2.7
Direct dependency fix Resolution (lite-server): 2.5.0
Fix Resolution (debug): 3.2.7
Direct dependency fix Resolution (grunt): 0.4.0
Fix Resolution (debug): 3.2.7
Direct dependency fix Resolution (gulp-connect): 2.1.0
Fix Resolution (debug): 3.2.7
Direct dependency fix Resolution (grunt-contrib-watch): 0.6.0
Fix Resolution (debug): 3.2.7
Direct dependency fix Resolution (grunt-bootlint): 0.10.0
Fix Resolution (debug): 3.2.7
Direct dependency fix Resolution (grunt-bootlint): 0.10.0
Fix Resolution (debug): 3.2.7
Direct dependency fix Resolution (grunt-mocha): 1.0.0
Fix Resolution (debug): 3.2.7
Direct dependency fix Resolution (grunt-contrib-connect): 0.10.0
Step up your Open Source Security Game with Mend here
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
Library home page: https://registry.npmjs.org/handlebars/-/handlebars-3.0.6.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-colorpicker/node_modules/handlebars/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.
Publish Date: 2019-01-30
URL: WS-2019-0064
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/755/
Release Date: 2019-01-30
Fix Resolution (handlebars): 3.0.7
Direct dependency fix Resolution (grunt-assemble): 0.5.0
Step up your Open Source Security Game with Mend here
HTTP response freshness testing
Library home page: https://registry.npmjs.org/fresh/-/fresh-0.5.0.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/package.json
Path to vulnerable library: /evoting app/src/node_modules/fresh/package.json
Dependency Hierarchy:
HTTP response freshness testing
Library home page: https://registry.npmjs.org/fresh/-/fresh-0.3.0.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/chart.js/package.json
Path to vulnerable library: /evoting app/src/bower_components/chart.js/node_modules/fresh/package.json,/evoting app/src/bower_components/chart.js/node_modules/fresh/package.json
Dependency Hierarchy:
HTTP response freshness testing
Library home page: https://registry.npmjs.org/fresh/-/fresh-0.1.0.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/jquery-ui/package.json
Path to vulnerable library: /evoting app/src/bower_components/jquery-ui/node_modules/fresh/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.
Publish Date: 2018-06-07
URL: CVE-2017-16119
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/526
Release Date: 2018-04-26
Fix Resolution (fresh): 0.5.2
Direct dependency fix Resolution (grunt-bootlint): 0.10.0
Fix Resolution (fresh): 0.5.2
Direct dependency fix Resolution (grunt-contrib-connect): 0.11.0
Fix Resolution (fresh): 0.5.2
Direct dependency fix Resolution (grunt): 0.4.0
Step up your Open Source Security Game with Mend here
A JavaScript TimeSpan library for node.js (and soon the browser)
Library home page: https://registry.npmjs.org/timespan/-/timespan-2.3.0.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/jquery-ui/package.json
Path to vulnerable library: /evoting app/src/bower_components/jquery-ui/node_modules/timespan/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds.
Publish Date: 2018-06-07
URL: CVE-2017-16115
Base Score Metrics:
Step up your Open Source Security Game with Mend here
A markdown parser built for speed
Library home page: https://registry.npmjs.org/marked/-/marked-0.2.10.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-colorpicker/node_modules/marked/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
Versions 0.3.7 and earlier of marked suuport unescaping of only lowercase, which may lead to XSS.
Publish Date: 2017-12-23
URL: WS-2019-0026
Base Score Metrics:
Type: Upgrade version
Release Date: 2017-12-23
Fix Resolution (marked): 0.3.9
Direct dependency fix Resolution (grunt-assemble): 0.6.0
Step up your Open Source Security Game with Mend here
A markdown parser built for speed
Library home page: https://registry.npmjs.org/marked/-/marked-0.2.10.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-colorpicker/node_modules/marked/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
Versions 0.3.7 and earlier of marked When mangling is disabled via option mangle don't escape target href are vulnerable to XSS, which allows an attacker to inject arbitrary code.
Publish Date: 2017-12-23
URL: WS-2019-0025
Base Score Metrics:
Type: Upgrade version
Release Date: 2017-12-23
Fix Resolution (marked): 0.3.9
Direct dependency fix Resolution (grunt-assemble): 0.6.0
Step up your Open Source Security Game with Mend here
querystring parser
Library home page: https://registry.npmjs.org/qs/-/qs-0.6.6.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/morris.js/package.json
Path to vulnerable library: /evoting app/src/bower_components/morris.js/node_modules/qs/package.json
Dependency Hierarchy:
querystring parser
Library home page: https://registry.npmjs.org/qs/-/qs-0.5.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/jquery-ui/package.json
Path to vulnerable library: /evoting app/src/bower_components/jquery-ui/node_modules/qs/package.json
Dependency Hierarchy:
querystring parser
Library home page: https://registry.npmjs.org/qs/-/qs-0.5.6.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/package.json
Path to vulnerable library: /evoting app/src/bower_components/morris.js/node_modules/tiny-lr/node_modules/qs/package.json,/evoting app/src/bower_components/morris.js/node_modules/tiny-lr/node_modules/qs/package.json,/evoting app/src/bower_components/morris.js/node_modules/tiny-lr/node_modules/qs/package.json,/evoting app/src/bower_components/morris.js/node_modules/tiny-lr/node_modules/qs/package.json
Dependency Hierarchy:
querystring parser
Library home page: https://registry.npmjs.org/qs/-/qs-0.1.0.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/select2/package.json
Path to vulnerable library: /evoting app/src/bower_components/select2/node_modules/q-io/node_modules/qs/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
Denial-of-Service Extended Event Loop Blocking.The qs module does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time
Publish Date: 2014-07-31
URL: WS-2014-0005
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/WS-2014-0005
Release Date: 2014-07-31
Fix Resolution (qs): 1.0.0
Direct dependency fix Resolution (bower): 1.3.10
Fix Resolution (qs): 1.0.0
Direct dependency fix Resolution (grunt): 0.4.0
Fix Resolution (qs): 1.0.0
Direct dependency fix Resolution (grunt-contrib-watch): 1.0.0
Fix Resolution (qs): 1.0.0
Direct dependency fix Resolution (grunt-gh-pages): 3.1.0
Step up your Open Source Security Game with Mend here
JavaScript parser, mangler/compressor and beautifier toolkit
Library home page: https://registry.npmjs.org/uglify-js/-/uglify-js-2.3.6.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/morris.js/node_modules/uglify-js/package.json,/evoting app/src/bower_components/morris.js/node_modules/uglify-js/package.json
Dependency Hierarchy:
JavaScript parser, mangler/compressor and beautifier toolkit
Library home page: https://registry.npmjs.org/uglify-js/-/uglify-js-2.4.24.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/morris.js/package.json
Path to vulnerable library: /evoting app/src/bower_components/morris.js/node_modules/grunt-contrib-uglify/node_modules/uglify-js/package.json,/evoting app/src/bower_components/morris.js/node_modules/grunt-contrib-uglify/node_modules/uglify-js/package.json
Dependency Hierarchy:
JavaScript parser and compressor/beautifier toolkit
Library home page: https://registry.npmjs.org/uglify-js/-/uglify-js-1.3.5.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/jquery-ui/package.json
Path to vulnerable library: /evoting app/src/bower_components/jquery-ui/node_modules/uglify-js/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)."
Publish Date: 2017-01-23
URL: CVE-2015-8858
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8858
Release Date: 2017-01-23
Fix Resolution (uglify-js): 2.6.0
Direct dependency fix Resolution (grunt-assemble): 0.6.0
Fix Resolution (uglify-js): 2.6.0
Direct dependency fix Resolution (grunt-contrib-uglify): 0.4.0
Fix Resolution (uglify-js): 2.6.0
Direct dependency fix Resolution (grunt): 0.4.0
Step up your Open Source Security Game with Mend here
Publish to GitHub Pages with Grunt.
Library home page: http://registry.npmjs.org/grunt-gh-pages/-/grunt-gh-pages-0.9.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/select2/package.json
Path to vulnerable library: /E-voting-using-blockchain/evoting app/src/bower_components/select2/node_modules/grunt-gh-pages/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Authentication credentails logged in clear text.In module versions before 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised.
Publish Date: 2016-03-16
URL: WS-2016-0012
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/85
Release Date: 2017-01-31
Fix Resolution: 0.9.1
Step up your Open Source Security Game with WhiteSource here
A markdown parser built for speed
Library home page: https://registry.npmjs.org/marked/-/marked-0.2.10.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-colorpicker/node_modules/marked/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
The affected versions (through 0.3.5) in marked package are vulnerable to Cross-Site Scripting (XSS) Due To Sanitization Bypass Using HTML Entities
Publish Date: 2018-03-23
URL: WS-2018-0031
Base Score Metrics:
Type: Upgrade version
Release Date: 2018-03-23
Fix Resolution (marked): 0.3.6
Direct dependency fix Resolution (grunt-assemble): 0.6.0
Step up your Open Source Security Game with Mend here
High performance middleware framework
Library home page: https://registry.npmjs.org/connect/-/connect-2.4.6.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/jquery-ui/package.json
Path to vulnerable library: /evoting app/src/bower_components/jquery-ui/node_modules/connect/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
The "methodOverride" let the http post to override the method of the request with the value of the post key or with the header, which allows XSS attack.
Publish Date: 2013-06-27
URL: WS-2013-0004
Base Score Metrics:
Type: Upgrade version
Release Date: 2013-06-27
Fix Resolution (connect): 2.8.1
Direct dependency fix Resolution (grunt): 0.4.0
Step up your Open Source Security Game with Mend here
High performance middleware framework
Library home page: https://registry.npmjs.org/connect/-/connect-2.4.6.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/jquery-ui/package.json
Path to vulnerable library: /evoting app/src/bower_components/jquery-ui/node_modules/connect/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370)
Publish Date: 2019-12-11
URL: CVE-2013-7371
Base Score Metrics:
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7371
Release Date: 2019-12-11
Fix Resolution (connect): 2.8.1
Direct dependency fix Resolution (grunt): 0.4.0
Step up your Open Source Security Game with Mend here
A markdown parser built for speed
Library home page: https://registry.npmjs.org/marked/-/marked-0.2.10.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /tmp/git/E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/node_modules/marked/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Marked 0.3.6 and earlier is vulnerable to XSS attacks via Data URIs.
Publish Date: 2017-01-30
URL: WS-2017-0108
Type: Change files
Origin: markedjs/marked@cd2f6f5
Release Date: 2017-01-19
Fix Resolution: Replace or update the following files: links.sanitize.html, marked.js, links.sanitize.text
Step up your Open Source Security Game with WhiteSource here
High performance middleware framework
Library home page: https://registry.npmjs.org/connect/-/connect-2.4.6.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/jquery-ui/package.json
Path to vulnerable library: /evoting app/src/bower_components/jquery-ui/node_modules/connect/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.
Publish Date: 2018-06-07
URL: CVE-2018-3717
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-3717
Release Date: 2018-06-07
Fix Resolution (connect): 2.14.0
Direct dependency fix Resolution (grunt): 0.4.0
Step up your Open Source Security Game with Mend here
Generate randomized strings of a specified length, fast. Only the length is necessary, but you can optionally generate patterns using any combination of numeric, alpha-numeric, alphabetical, special or custom characters.
Library home page: https://registry.npmjs.org/randomatic/-/randomatic-1.1.7.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/package.json
Path to vulnerable library: /evoting app/src/node_modules/randomatic/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).
Publish Date: 2018-06-04
URL: CVE-2017-16028
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/157/versions
Release Date: 2018-04-26
Fix Resolution (randomatic): 3.0.0
Direct dependency fix Resolution (grunt-image): 2.0.0
Step up your Open Source Security Game with Mend here
A markdown parser built for speed
Library home page: https://registry.npmjs.org/marked/-/marked-0.2.10.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /tmp/git/E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/node_modules/marked/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Marked comes with an option to sanitize user output to help protect against content injection attacks (i.e. sanitize: true). Even if this option is set, marked before version 0.3.1 is vulnerable to content injection in multiple locations if untrusted user input is allowed to be provided into marked and that output is passed to the browser. Injection is possible in two locations: gfm codeblocks (language) and javascript url's
Publish Date: 2014-02-02
URL: CVE-2014-1850
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/22
Release Date: 2014-01-31
Fix Resolution: Upgrade to version 0.3.1 or later
Step up your Open Source Security Game with WhiteSource here
A javascript text diff implementation.
Library home page: https://registry.npmjs.org/diff/-/diff-1.0.8.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/morris.js/package.json
Path to vulnerable library: /evoting app/src/bower_components/morris.js/node_modules/diff/package.json
Dependency Hierarchy:
A javascript text diff implementation.
Library home page: https://registry.npmjs.org/diff/-/diff-1.4.0.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/jquery-ui/package.json
Path to vulnerable library: /evoting app/src/bower_components/select2/node_modules/tap-mocha-reporter/node_modules/diff/package.json,/evoting app/src/bower_components/select2/node_modules/tap-mocha-reporter/node_modules/diff/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.
Publish Date: 2018-03-05
URL: WS-2018-0590
Base Score Metrics:
Type: Upgrade version
Release Date: 2018-03-05
Fix Resolution (diff): 3.5.0
Direct dependency fix Resolution (grunt-mocha): 1.0.3
Fix Resolution (diff): 3.5.0
Direct dependency fix Resolution (grunt): 0.4.0
Step up your Open Source Security Game with Mend here
atob for Node.JS and Linux / Mac / Windows CLI (it's a one-liner)
Library home page: https://registry.npmjs.org/atob/-/atob-1.1.3.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/package.json
Path to vulnerable library: /evoting app/src/node_modules/atob/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below.
Publish Date: 2018-05-29
URL: CVE-2018-3745
Base Score Metrics:
Type: Upgrade version
Origin: https://hackerone.com/reports/321686
Release Date: 2018-05-29
Fix Resolution: atob - 2.1.0
Step up your Open Source Security Game with Mend here
Publish to GitHub Pages with Grunt.
Library home page: https://registry.npmjs.org/grunt-gh-pages/-/grunt-gh-pages-0.9.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/select2/package.json
Path to vulnerable library: /evoting app/src/bower_components/select2/node_modules/grunt-gh-pages/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised.
Publish Date: 2018-05-31
URL: CVE-2016-10526
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-10526
Release Date: 2018-05-31
Fix Resolution: 0.10.0
Step up your Open Source Security Game with Mend here
A utility library delivering consistency, customization, performance, and extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-1.3.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-colorpicker/node_modules/matchkeys/node_modules/lodash/package.json
Dependency Hierarchy:
A utility library delivering consistency, customization, performance, and extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-1.2.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/morris.js/package.json
Path to vulnerable library: /evoting app/src/bower_components/morris.js/node_modules/lodash/package.json
Dependency Hierarchy:
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.2.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-colorpicker/node_modules/handlebars-helpers/node_modules/lodash/package.json
Dependency Hierarchy:
A utility library delivering consistency, customization, performance, and extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-1.0.2.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/chart.js/package.json
Path to vulnerable library: /evoting app/src/bower_components/morris.js/node_modules/globule/node_modules/lodash/package.json,/evoting app/src/bower_components/morris.js/node_modules/globule/node_modules/lodash/package.json,/evoting app/src/bower_components/morris.js/node_modules/globule/node_modules/lodash/package.json,/evoting app/src/bower_components/morris.js/node_modules/globule/node_modules/lodash/package.json,/evoting app/src/bower_components/morris.js/node_modules/globule/node_modules/lodash/package.json
Dependency Hierarchy:
The modern build of lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/chart.js/package.json
Path to vulnerable library: /evoting app/src/node_modules/grunt-contrib-csslint/node_modules/lodash/package.json,/evoting app/src/node_modules/grunt-contrib-csslint/node_modules/lodash/package.json,/evoting app/src/node_modules/grunt-contrib-csslint/node_modules/lodash/package.json,/evoting app/src/node_modules/grunt-contrib-csslint/node_modules/lodash/package.json,/evoting app/src/node_modules/grunt-contrib-csslint/node_modules/lodash/package.json,/evoting app/src/node_modules/grunt-contrib-csslint/node_modules/lodash/package.json
Dependency Hierarchy:
The modern build of lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-3.7.0.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/package.json
Path to vulnerable library: /evoting app/src/node_modules/jshint/node_modules/lodash/package.json
Dependency Hierarchy:
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.6.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-datepicker/package.json
Path to vulnerable library: /evoting app/src/node_modules/grunt-jscs/node_modules/lodash/package.json,/evoting app/src/node_modules/grunt-jscs/node_modules/lodash/package.json,/evoting app/src/node_modules/grunt-jscs/node_modules/lodash/package.json
Dependency Hierarchy:
A utility library delivering consistency, customization, performance, and extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-0.9.2.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/morris.js/node_modules/grunt/node_modules/lodash/package.json,/evoting app/src/bower_components/morris.js/node_modules/grunt/node_modules/lodash/package.json,/evoting app/src/bower_components/morris.js/node_modules/grunt/node_modules/lodash/package.json,/evoting app/src/bower_components/morris.js/node_modules/grunt/node_modules/lodash/package.json
Dependency Hierarchy:
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-colorpicker/node_modules/fs-utils/node_modules/lodash/package.json,/evoting app/src/bower_components/bootstrap-colorpicker/node_modules/fs-utils/node_modules/lodash/package.json,/evoting app/src/bower_components/bootstrap-colorpicker/node_modules/fs-utils/node_modules/lodash/package.json,/evoting app/src/bower_components/bootstrap-colorpicker/node_modules/fs-utils/node_modules/lodash/package.json,/evoting app/src/bower_components/bootstrap-colorpicker/node_modules/fs-utils/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
Publish Date: 2019-02-01
URL: CVE-2018-16487
Base Score Metrics:
Type: Upgrade version
Origin: https://hackerone.com/reports/380873
Release Date: 2019-02-01
Fix Resolution (lodash): 4.17.11
Direct dependency fix Resolution (bower): 1.7.5
Fix Resolution (lodash): 4.17.11
Direct dependency fix Resolution (grunt-contrib-watch): 1.0.1
Fix Resolution (lodash): 4.17.11
Direct dependency fix Resolution (grunt-mocha): 1.2.0
Fix Resolution (lodash): 4.17.11
Direct dependency fix Resolution (grunt-contrib-jshint): 0.12.0
Fix Resolution (lodash): 4.17.11
Direct dependency fix Resolution (grunt): 1.0.3
Step up your Open Source Security Game with Mend here
A markdown parser built for speed
Library home page: https://registry.npmjs.org/marked/-/marked-0.2.10.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-colorpicker/node_modules/marked/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (ReDoS)."
Publish Date: 2017-01-23
URL: CVE-2015-8854
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8854
Release Date: 2017-01-23
Fix Resolution (marked): 0.3.4
Direct dependency fix Resolution (grunt-assemble): 0.6.0
Step up your Open Source Security Game with Mend here
High performance middleware framework
Library home page: https://registry.npmjs.org/connect/-/connect-2.4.6.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/jquery-ui/package.json
Path to vulnerable library: /evoting app/src/bower_components/jquery-ui/node_modules/connect/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
senchalabs/connect prior to 2.8.1 is vulnerable to xss attack
Publish Date: 2013-06-27
URL: WS-2013-0003
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/WS-2013-0003
Release Date: 2013-06-27
Fix Resolution (connect): 2.8.1
Direct dependency fix Resolution (grunt): 0.4.0
Step up your Open Source Security Game with Mend here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.0/jquery.min.js
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/jquery-knob/index.html
Path to vulnerable library: /evoting app/src/bower_components/jquery-knob/index.html,/evoting app/src/bower_components/jquery-slimscroll/examples/scrollbar.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/chart.js/samples/line-customTooltips.html
Path to vulnerable library: /evoting app/src/bower_components/chart.js/samples/line-customTooltips.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.0.3/jquery.min.js
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/morris.js/examples/area-as-line.html
Path to vulnerable library: /evoting app/src/bower_components/morris.js/examples/area-as-line.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.3/jquery.min.js
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-daterangepicker/demo.html
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-daterangepicker/demo.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.0/jquery.min.js
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/ckeditor/samples/old/jquery.html
Path to vulnerable library: /evoting app/src/bower_components/ckeditor/samples/old/jquery.html
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - 3.0.0
Step up your Open Source Security Game with Mend here
HTTP proxy tunneling agent. Formerly part of mikeal/request, now a standalone module.
Library home page: https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.4.3.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/package.json
Path to vulnerable library: /evoting app/src/bower_components/morris.js/node_modules/phantomjs/node_modules/tunnel-agent/package.json,/evoting app/src/bower_components/morris.js/node_modules/phantomjs/node_modules/tunnel-agent/package.json,/evoting app/src/bower_components/morris.js/node_modules/phantomjs/node_modules/tunnel-agent/package.json
Dependency Hierarchy:
HTTP proxy tunneling agent. Formerly part of mikeal/request, now a standalone module.
Library home page: https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.3.0.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/morris.js/package.json
Path to vulnerable library: /evoting app/src/bower_components/morris.js/node_modules/tunnel-agent/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
Versions of tunnel-agent before 0.6.0 are vulnerable to memory exposure. This is exploitable if user supplied input is provided to the auth value and is a number.
Publish Date: 2017-03-05
URL: WS-2018-0076
Base Score Metrics:
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/598
Release Date: 2017-03-05
Fix Resolution (tunnel-agent): 0.6.0
Direct dependency fix Resolution (grunt-mocha): 1.0.0
Fix Resolution (tunnel-agent): 0.6.0
Direct dependency fix Resolution (bower): 1.7.5
Step up your Open Source Security Game with Mend here
JavaScript parser, mangler/compressor and beautifier toolkit
Library home page: https://registry.npmjs.org/uglify-js/-/uglify-js-2.3.6.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /tmp/git/E-voting-using-blockchain/evoting app/src/bower_components/morris.js/node_modules/uglify-js/package.json,/tmp/git/E-voting-using-blockchain/evoting app/src/bower_components/morris.js/node_modules/uglify-js/package.json
Dependency Hierarchy:
JavaScript parser, mangler/compressor and beautifier toolkit
Library home page: https://registry.npmjs.org/uglify-js/-/uglify-js-2.4.24.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/morris.js/package.json
Path to vulnerable library: /tmp/git/E-voting-using-blockchain/evoting app/src/bower_components/morris.js/node_modules/grunt-contrib-uglify/node_modules/uglify-js/package.json,/tmp/git/E-voting-using-blockchain/evoting app/src/bower_components/morris.js/node_modules/grunt-contrib-uglify/node_modules/uglify-js/package.json
Dependency Hierarchy:
JavaScript parser and compressor/beautifier toolkit
Library home page: https://registry.npmjs.org/uglify-js/-/uglify-js-1.3.5.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/jquery-ui/package.json
Path to vulnerable library: /tmp/git/E-voting-using-blockchain/evoting app/src/bower_components/jquery-ui/node_modules/uglify-js/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Uglify-js is vulnerable to regular expression denial of service (ReDoS) when certain types of input is passed into .parse().
Publish Date: 2015-10-24
URL: WS-2015-0017
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/48
Release Date: 2015-10-24
Fix Resolution: Update to version 2.6.0 or later
Step up your Open Source Security Game with WhiteSource here
A markdown parser built for speed
Library home page: https://registry.npmjs.org/marked/-/marked-0.2.10.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /tmp/git/E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/node_modules/marked/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Versions 0.3.2 and earlier of marked are affected by a cross-site scripting vulnerability even when sanitize:true is set.
Publish Date: 2019-03-17
URL: WS-2015-0049
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/24/versions
Release Date: 2019-03-17
Fix Resolution: 03.3
Step up your Open Source Security Game with WhiteSource here
JavaScript parser, mangler/compressor and beautifier toolkit
Library home page: https://registry.npmjs.org/uglify-js/-/uglify-js-2.3.6.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/morris.js/node_modules/uglify-js/package.json,/evoting app/src/bower_components/morris.js/node_modules/uglify-js/package.json
Dependency Hierarchy:
JavaScript parser and compressor/beautifier toolkit
Library home page: https://registry.npmjs.org/uglify-js/-/uglify-js-1.3.5.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/jquery-ui/package.json
Path to vulnerable library: /evoting app/src/bower_components/jquery-ui/node_modules/uglify-js/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript.
Publish Date: 2017-01-23
URL: CVE-2015-8857
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8858
Release Date: 2017-01-23
Fix Resolution (uglify-js): 2.4.24
Direct dependency fix Resolution (grunt-assemble): 0.6.0
Fix Resolution (uglify-js): 2.4.24
Direct dependency fix Resolution (grunt): 0.4.0
Step up your Open Source Security Game with Mend here
Port of jQuery.extend for node.js and the browser
Library home page: https://registry.npmjs.org/extend/-/extend-3.0.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/package.json
Path to vulnerable library: /evoting app/src/node_modules/extend/package.json
Dependency Hierarchy:
Port of jQuery.extend for Node.js
Library home page: https://registry.npmjs.org/extend/-/extend-1.2.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/chart.js/package.json
Path to vulnerable library: /evoting app/src/bower_components/chart.js/node_modules/extend/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.
Publish Date: 2019-02-01
URL: CVE-2018-16492
Base Score Metrics:
Type: Upgrade version
Origin: https://hackerone.com/reports/381185
Release Date: 2019-02-01
Fix Resolution (extend): 3.0.2
Direct dependency fix Resolution (less): 3.0.0
Fix Resolution (extend): 3.0.2
Direct dependency fix Resolution (gulp): 3.6.0
Step up your Open Source Security Game with Mend here
querystring parser
Library home page: https://registry.npmjs.org/qs/-/qs-0.6.6.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/morris.js/package.json
Path to vulnerable library: /evoting app/src/bower_components/morris.js/node_modules/qs/package.json
Dependency Hierarchy:
querystring parser
Library home page: https://registry.npmjs.org/qs/-/qs-0.5.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/jquery-ui/package.json
Path to vulnerable library: /evoting app/src/bower_components/jquery-ui/node_modules/qs/package.json
Dependency Hierarchy:
querystring parser
Library home page: https://registry.npmjs.org/qs/-/qs-0.5.6.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/package.json
Path to vulnerable library: /evoting app/src/bower_components/morris.js/node_modules/tiny-lr/node_modules/qs/package.json,/evoting app/src/bower_components/morris.js/node_modules/tiny-lr/node_modules/qs/package.json,/evoting app/src/bower_components/morris.js/node_modules/tiny-lr/node_modules/qs/package.json,/evoting app/src/bower_components/morris.js/node_modules/tiny-lr/node_modules/qs/package.json
Dependency Hierarchy:
querystring parser
Library home page: https://registry.npmjs.org/qs/-/qs-0.1.0.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/select2/package.json
Path to vulnerable library: /evoting app/src/bower_components/select2/node_modules/q-io/node_modules/qs/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example, in a web application, other requests would not be processed while this blocking is occurring.
Publish Date: 2018-05-31
URL: CVE-2014-10064
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-10064
Release Date: 2018-04-26
Fix Resolution (qs): 1.0.0
Direct dependency fix Resolution (bower): 1.3.10
Fix Resolution (qs): 1.0.0
Direct dependency fix Resolution (grunt): 0.4.0
Fix Resolution (qs): 1.0.0
Direct dependency fix Resolution (grunt-contrib-watch): 1.0.0
Fix Resolution (qs): 1.0.0
Direct dependency fix Resolution (grunt-gh-pages): 3.1.0
Step up your Open Source Security Game with Mend here
General purpose node utilities
Library home page: https://registry.npmjs.org/hoek/-/hoek-2.16.3.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-datepicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-datepicker/node_modules/hoek/package.json,/evoting app/src/bower_components/bootstrap-datepicker/node_modules/hoek/package.json,/evoting app/src/bower_components/bootstrap-datepicker/node_modules/hoek/package.json,/evoting app/src/bower_components/bootstrap-datepicker/node_modules/hoek/package.json
Dependency Hierarchy:
General purpose node utilities
Library home page: https://registry.npmjs.org/hoek/-/hoek-0.9.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/morris.js/package.json
Path to vulnerable library: /evoting app/src/node_modules/hoek/package.json,/evoting app/src/node_modules/hoek/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.
Publish Date: 2018-03-30
URL: CVE-2018-3728
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082
Release Date: 2018-03-30
Fix Resolution (hoek): 4.2.0
Direct dependency fix Resolution (grunt-mocha): 1.0.0
Fix Resolution (hoek): 4.2.0
Direct dependency fix Resolution (grunt-contrib-less): 1.0.1
Step up your Open Source Security Game with Mend here
Tiny milisecond conversion utility
Library home page: https://registry.npmjs.org/ms/-/ms-0.7.2.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/chart.js/package.json
Path to vulnerable library: E-voting-using-blockchain/evoting app/src/bower_components/chart.js/node_modules/serve-favicon/node_modules/ms/package.json,E-voting-using-blockchain/evoting app/src/bower_components/chart.js/node_modules/serve-favicon/node_modules/ms/package.json
Dependency Hierarchy:
Tiny ms conversion utility
Library home page: https://registry.npmjs.org/ms/-/ms-0.6.2.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/morris.js/package.json
Path to vulnerable library: E-voting-using-blockchain/evoting app/src/bower_components/morris.js/node_modules/ms/package.json
Dependency Hierarchy:
Tiny ms conversion utility
Library home page: https://registry.npmjs.org/ms/-/ms-0.7.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/chart.js/package.json
Path to vulnerable library: E-voting-using-blockchain/evoting app/src/bower_components/select2/node_modules/ms/package.json,E-voting-using-blockchain/evoting app/src/bower_components/select2/node_modules/ms/package.json,E-voting-using-blockchain/evoting app/src/bower_components/select2/node_modules/ms/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS).
Publish Date: 2017-04-12
URL: WS-2017-0247
Base Score Metrics:
Type: Upgrade version
Origin: vercel/ms#89
Release Date: 2017-04-12
Fix Resolution: 2.1.1
Step up your Open Source Security Game with WhiteSource here
a glob matcher in javascript
Library home page: https://registry.npmjs.org/minimatch/-/minimatch-2.0.10.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/node_modules/bootlint/node_modules/minimatch/package.json,/evoting app/src/node_modules/bootlint/node_modules/minimatch/package.json,/evoting app/src/node_modules/bootlint/node_modules/minimatch/package.json
Dependency Hierarchy:
a glob matcher in javascript
Library home page: https://registry.npmjs.org/minimatch/-/minimatch-0.3.0.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/package.json
Path to vulnerable library: /evoting app/src/bower_components/select2/node_modules/cli/node_modules/minimatch/package.json,/evoting app/src/bower_components/select2/node_modules/cli/node_modules/minimatch/package.json,/evoting app/src/bower_components/select2/node_modules/cli/node_modules/minimatch/package.json,/evoting app/src/bower_components/select2/node_modules/cli/node_modules/minimatch/package.json,/evoting app/src/bower_components/select2/node_modules/cli/node_modules/minimatch/package.json
Dependency Hierarchy:
a glob matcher in javascript
Library home page: https://registry.npmjs.org/minimatch/-/minimatch-0.2.14.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/jquery-ui/package.json
Path to vulnerable library: /evoting app/src/bower_components/chart.js/node_modules/globule/node_modules/minimatch/package.json,/evoting app/src/bower_components/chart.js/node_modules/globule/node_modules/minimatch/package.json,/evoting app/src/bower_components/chart.js/node_modules/globule/node_modules/minimatch/package.json,/evoting app/src/bower_components/chart.js/node_modules/globule/node_modules/minimatch/package.json,/evoting app/src/bower_components/chart.js/node_modules/globule/node_modules/minimatch/package.json,/evoting app/src/bower_components/chart.js/node_modules/globule/node_modules/minimatch/package.json
Dependency Hierarchy:
a glob matcher in javascript
Library home page: https://registry.npmjs.org/minimatch/-/minimatch-1.0.0.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/select2/package.json
Path to vulnerable library: /evoting app/src/bower_components/select2/node_modules/jshint/node_modules/minimatch/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp
objects. The primary function, minimatch(path, pattern)
in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern
parameter.
Publish Date: 2018-04-26
URL: CVE-2016-10540
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-10540
Release Date: 2018-04-26
Fix Resolution (minimatch): 3.0.2
Direct dependency fix Resolution (gulp): 4.0.0
Fix Resolution (minimatch): 3.0.2
Direct dependency fix Resolution (gulp): 4.0.0
Fix Resolution (minimatch): 3.0.2
Direct dependency fix Resolution (grunt-contrib-watch): 1.0.0
Fix Resolution (minimatch): 3.0.2
Direct dependency fix Resolution (grunt-contrib-jshint): 0.11.1
Step up your Open Source Security Game with Mend here
High performance middleware framework
Library home page: https://registry.npmjs.org/connect/-/connect-2.4.6.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/jquery-ui/package.json
Path to vulnerable library: /evoting app/src/bower_components/jquery-ui/node_modules/connect/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware
Publish Date: 2019-12-11
URL: CVE-2013-7370
Base Score Metrics:
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7370
Release Date: 2019-12-11
Fix Resolution (connect): 2.8.1
Direct dependency fix Resolution (grunt): 0.4.0
Step up your Open Source Security Game with Mend here
Encode and decode streams into string streams
Library home page: https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/package.json
Path to vulnerable library: /evoting app/src/node_modules/stringstream/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
All versions of stringstream are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below.
Publish Date: 2018-05-16
URL: WS-2018-0103
Base Score Metrics:
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/664
Release Date: 2018-01-27
Fix Resolution (stringstream): 0.0.6
Direct dependency fix Resolution (less): 3.0.0
Step up your Open Source Security Game with Mend here
A markdown parser built for speed
Library home page: https://registry.npmjs.org/marked/-/marked-0.2.10.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-colorpicker/node_modules/marked/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.
Publish Date: 2018-06-07
URL: CVE-2017-16114
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/531/versions
Release Date: 2018-04-26
Fix Resolution (marked): 0.3.9
Direct dependency fix Resolution (grunt-assemble): 0.6.0
Step up your Open Source Security Game with Mend here
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
Library home page: https://registry.npmjs.org/handlebars/-/handlebars-1.3.0.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /tmp/git/E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/node_modules/handlebars-helpers/node_modules/handlebars/package.json
Dependency Hierarchy:
Extension of the Mustache logicless template language
Library home page: https://registry.npmjs.org/handlebars/-/handlebars-1.0.12.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/morris.js/package.json
Path to vulnerable library: /tmp/git/E-voting-using-blockchain/evoting app/src/bower_components/morris.js/node_modules/handlebars/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Quoteless Attributes in Templates can lead to Content Injection
Publish Date: 2015-12-14
URL: WS-2015-0003
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/61
Release Date: 2015-12-14
Fix Resolution: If you are unable to upgrade to version 4.0.0 or greater you can add quotes to your attributes in your handlebar templates.
Step up your Open Source Security Game with WhiteSource here
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.0.2.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-colorpicker/node_modules/fs-utils/node_modules/js-yaml/package.json
Dependency Hierarchy:
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.4.6.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/package.json
Path to vulnerable library: /evoting app/src/node_modules/grunt-jscs/node_modules/js-yaml/package.json,/evoting app/src/node_modules/grunt-jscs/node_modules/js-yaml/package.json,/evoting app/src/node_modules/grunt-jscs/node_modules/js-yaml/package.json
Dependency Hierarchy:
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.5.5.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap/node_modules/js-yaml/package.json
Dependency Hierarchy:
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-2.1.3.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-colorpicker/node_modules/handlebars-helpers/node_modules/js-yaml/package.json
Dependency Hierarchy:
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.12.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap/node_modules/cosmiconfig/node_modules/js-yaml/package.json
Dependency Hierarchy:
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-2.0.5.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/morris.js/package.json
Path to vulnerable library: /evoting app/src/bower_components/bootstrap-colorpicker/node_modules/js-yaml/package.json,/evoting app/src/bower_components/bootstrap-colorpicker/node_modules/js-yaml/package.json,/evoting app/src/bower_components/bootstrap-colorpicker/node_modules/js-yaml/package.json,/evoting app/src/bower_components/bootstrap-colorpicker/node_modules/js-yaml/package.json
Dependency Hierarchy:
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.6.1.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/package.json
Path to vulnerable library: /evoting app/src/node_modules/svgo/node_modules/js-yaml/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
Versions js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.
Publish Date: 2019-03-20
URL: WS-2019-0032
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/788/versions
Release Date: 2019-03-20
Fix Resolution (js-yaml): 3.13.0
Direct dependency fix Resolution (grunt): 1.0.4
Fix Resolution (js-yaml): 3.13.0
Direct dependency fix Resolution (stylelint): 9.7.0
Fix Resolution (js-yaml): 3.13.0
Direct dependency fix Resolution (grunt): 1.0.4
Fix Resolution (js-yaml): 3.13.0
Direct dependency fix Resolution (grunt-image): 4.1.0
Step up your Open Source Security Game with Mend here
A tool for rapidly building command line apps
Library home page: https://registry.npmjs.org/cli/-/cli-0.6.6.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/select2/package.json
Path to vulnerable library: /evoting app/src/bower_components/select2/node_modules/cli/package.json,/evoting app/src/bower_components/select2/node_modules/cli/package.json
Dependency Hierarchy:
A tool for rapidly building command line apps
Library home page: https://registry.npmjs.org/cli/-/cli-0.4.3.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/jquery-ui/package.json
Path to vulnerable library: /evoting app/src/bower_components/jquery-ui/node_modules/cli/package.json,/evoting app/src/bower_components/jquery-ui/node_modules/cli/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Found in base branch: master
The package node-cli
before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.
Publish Date: 2018-05-31
URL: CVE-2016-10538
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-10538
Release Date: 2018-05-31
Fix Resolution (cli): 1.0.0
Direct dependency fix Resolution (grunt-contrib-jshint): 0.12.0
Fix Resolution (cli): 1.0.0
Direct dependency fix Resolution (grunt): 0.4.0
Step up your Open Source Security Game with Mend here
A markdown parser built for speed
Library home page: https://registry.npmjs.org/marked/-/marked-0.2.10.tgz
Path to dependency file: /E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/package.json
Path to vulnerable library: E-voting-using-blockchain/evoting app/src/bower_components/bootstrap-colorpicker/node_modules/marked/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c02898f89d78283ce791eb1b53b2b5a667681ad
Marked is an application that is meant to parse and compile markdown. Due to the way that marked parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (sanitize: true) to inject a javascript: URL.
Publish Date: 2015-05-20
URL: WS-2015-0020
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/WS-2015-0020
Release Date: 2015-05-20
Fix Resolution: MIDIator.WebClient - 1.0.105;AvailableLight - 1.0.8;z4a-dotnet-scaffold - 1.0.0.3;Raml.Parser - 1.0.7;marked - 0.3.6
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.