katerinaorg / ksa-multimodule Goto Github PK
View Code? Open in Web Editor NEWThis project forked from xsocket/ksa
杭州凯思爱物流管理系统
License: Apache License 2.0
This project forked from xsocket/ksa
杭州凯思爱物流管理系统
License: Apache License 2.0
Apache Struts 2
Path to dependency file: /ksa-web-core/pom.xml
Path to vulnerable library: /NZFHA/downloadResource_WWVQKI/20220622192424/struts2-core-2.3.31.jar
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
CVE | Severity | CVSS | Dependency | Type | Fixed in | Remediation Available |
---|---|---|---|---|---|---|
CVE-2017-5638 | High | 10.0 | struts2-core-2.3.31.jar | Direct | 2.3.32 | ✅ |
CVE-2017-12611 | High | 9.8 | struts2-core-2.3.31.jar | Direct | 2.3.34 | ✅ |
CVE-2021-31805 | High | 9.8 | struts2-core-2.3.31.jar | Direct | org.apache.struts:struts2-core:2.5.30 | ✅ |
CVE-2020-17530 | High | 9.8 | struts2-core-2.3.31.jar | Direct | 2.5.26 | ✅ |
CVE-2019-0230 | High | 9.8 | struts2-core-2.3.31.jar | Direct | 2.5.22 | ✅ |
CVE-2018-11776 | High | 8.1 | struts2-core-2.3.31.jar | Direct | 2.3.35 | ✅ |
CVE-2017-9787 | High | 7.5 | struts2-core-2.3.31.jar | Direct | 2.3.33 | ✅ |
CVE-2017-9804 | High | 7.5 | struts2-core-2.3.31.jar | Direct | 2.3.34 | ✅ |
CVE-2019-0233 | High | 7.5 | struts2-core-2.3.31.jar | Direct | 2.5.22 | ✅ |
Apache Struts 2
Path to dependency file: /ksa-web-core/pom.xml
Path to vulnerable library: /NZFHA/downloadResource_WWVQKI/20220622192424/struts2-core-2.3.31.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
Publish Date: 2017-03-11
URL: CVE-2017-5638
Base Score Metrics:
Type: Upgrade version
Release Date: 2017-03-11
Fix Resolution: 2.3.32
⛑️ Automatic Remediation is available for this issue
Apache Struts 2
Path to dependency file: /ksa-web-core/pom.xml
Path to vulnerable library: /NZFHA/downloadResource_WWVQKI/20220622192424/struts2-core-2.3.31.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
Publish Date: 2017-09-20
URL: CVE-2017-12611
Base Score Metrics:
Type: Upgrade version
Origin: https://cwiki.apache.org/confluence/display/WW/S2-053
Release Date: 2017-09-20
Fix Resolution: 2.3.34
⛑️ Automatic Remediation is available for this issue
Apache Struts 2
Path to dependency file: /ksa-web-core/pom.xml
Path to vulnerable library: /NZFHA/downloadResource_WWVQKI/20220622192424/struts2-core-2.3.31.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.
Publish Date: 2022-04-12
URL: CVE-2021-31805
Base Score Metrics:
Type: Upgrade version
Origin: https://cwiki.apache.org/confluence/display/WW/S2-062
Release Date: 2022-04-12
Fix Resolution: org.apache.struts:struts2-core:2.5.30
⛑️ Automatic Remediation is available for this issue
Apache Struts 2
Path to dependency file: /ksa-web-core/pom.xml
Path to vulnerable library: /NZFHA/downloadResource_WWVQKI/20220622192424/struts2-core-2.3.31.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
Publish Date: 2020-12-11
URL: CVE-2020-17530
Base Score Metrics:
Type: Upgrade version
Origin: https://cwiki.apache.org/confluence/display/WW/S2-061
Release Date: 2020-12-11
Fix Resolution: 2.5.26
⛑️ Automatic Remediation is available for this issue
Apache Struts 2
Path to dependency file: /ksa-web-core/pom.xml
Path to vulnerable library: /NZFHA/downloadResource_WWVQKI/20220622192424/struts2-core-2.3.31.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
Publish Date: 2020-09-14
URL: CVE-2019-0230
Base Score Metrics:
Type: Upgrade version
Origin: https://cwiki.apache.org/confluence/display/ww/s2-059
Release Date: 2020-09-14
Fix Resolution: 2.5.22
⛑️ Automatic Remediation is available for this issue
Apache Struts 2
Path to dependency file: /ksa-web-core/pom.xml
Path to vulnerable library: /NZFHA/downloadResource_WWVQKI/20220622192424/struts2-core-2.3.31.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
Publish Date: 2018-08-22
URL: CVE-2018-11776
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-11776
Release Date: 2018-08-22
Fix Resolution: 2.3.35
⛑️ Automatic Remediation is available for this issue
Apache Struts 2
Path to dependency file: /ksa-web-core/pom.xml
Path to vulnerable library: /NZFHA/downloadResource_WWVQKI/20220622192424/struts2-core-2.3.31.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33.
Publish Date: 2017-07-13
URL: CVE-2017-9787
Base Score Metrics:
Type: Upgrade version
Release Date: 2017-07-13
Fix Resolution: 2.3.33
⛑️ Automatic Remediation is available for this issue
Apache Struts 2
Path to dependency file: /ksa-web-core/pom.xml
Path to vulnerable library: /NZFHA/downloadResource_WWVQKI/20220622192424/struts2-core-2.3.31.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672.
Publish Date: 2017-09-20
URL: CVE-2017-9804
Base Score Metrics:
Type: Upgrade version
Release Date: 2017-09-20
Fix Resolution: 2.3.34
⛑️ Automatic Remediation is available for this issue
Apache Struts 2
Path to dependency file: /ksa-web-core/pom.xml
Path to vulnerable library: /NZFHA/downloadResource_WWVQKI/20220622192424/struts2-core-2.3.31.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
Publish Date: 2020-09-14
URL: CVE-2019-0233
Base Score Metrics:
Type: Upgrade version
Origin: https://cwiki.apache.org/confluence/display/ww/s2-060
Release Date: 2020-09-14
Fix Resolution: 2.5.22
⛑️ Automatic Remediation is available for this issue
⛑️ Automatic Remediation is available for this issue.
MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to dependency file: /ksa-debug/pom.xml
Path to vulnerable library: /itory/mysql/mysql-connector-java/5.1.18/mysql-connector-java-5.1.18.jar
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
CVE | Severity | CVSS | Dependency | Type | Fixed in | Remediation Available |
---|---|---|---|---|---|---|
CVE-2017-3523 | High | 8.5 | mysql-connector-java-5.1.18.jar | Direct | 5.1.21 | ✅ |
CVE-2017-3586 | Medium | 6.4 | mysql-connector-java-5.1.18.jar | Direct | 5.1.21 | ✅ |
CVE-2019-2692 | Medium | 6.3 | mysql-connector-java-5.1.18.jar | Direct | 5.1.48 | ✅ |
CVE-2020-2934 | Medium | 5.0 | mysql-connector-java-5.1.18.jar | Direct | 5.1.49 | ✅ |
CVE-2020-2875 | Medium | 4.7 | mysql-connector-java-5.1.18.jar | Direct | 5.1.49 | ✅ |
CVE-2017-3589 | Low | 3.3 | mysql-connector-java-5.1.18.jar | Direct | 5.1.21 | ✅ |
CVE-2020-2933 | Low | 2.2 | mysql-connector-java-5.1.18.jar | Direct | 5.1.49 | ✅ |
MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to dependency file: /ksa-debug/pom.xml
Path to vulnerable library: /itory/mysql/mysql-connector-java/5.1.18/mysql-connector-java-5.1.18.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).
Publish Date: 2017-04-24
URL: CVE-2017-3523
Base Score Metrics:
Type: Upgrade version
Origin: https://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
Release Date: 2017-04-24
Fix Resolution: 5.1.21
⛑️ Automatic Remediation is available for this issue
MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to dependency file: /ksa-debug/pom.xml
Path to vulnerable library: /itory/mysql/mysql-connector-java/5.1.18/mysql-connector-java-5.1.18.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).
Publish Date: 2017-04-24
URL: CVE-2017-3586
Base Score Metrics:
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1444406
Release Date: 2017-04-24
Fix Resolution: 5.1.21
⛑️ Automatic Remediation is available for this issue
MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to dependency file: /ksa-debug/pom.xml
Path to vulnerable library: /itory/mysql/mysql-connector-java/5.1.18/mysql-connector-java-5.1.18.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Publish Date: 2019-04-23
URL: CVE-2019-2692
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-jcq3-cprp-m333
Release Date: 2020-08-24
Fix Resolution: 5.1.48
⛑️ Automatic Remediation is available for this issue
MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to dependency file: /ksa-debug/pom.xml
Path to vulnerable library: /itory/mysql/mysql-connector-java/5.1.18/mysql-connector-java-5.1.18.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).
Publish Date: 2020-04-15
URL: CVE-2020-2934
Base Score Metrics:
Type: Upgrade version
Origin: https://www.oracle.com/security-alerts/cpuapr2020.html
Release Date: 2020-04-15
Fix Resolution: 5.1.49
⛑️ Automatic Remediation is available for this issue
MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to dependency file: /ksa-debug/pom.xml
Path to vulnerable library: /itory/mysql/mysql-connector-java/5.1.18/mysql-connector-java-5.1.18.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).
Publish Date: 2020-04-15
URL: CVE-2020-2875
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-04-15
Fix Resolution: 5.1.49
⛑️ Automatic Remediation is available for this issue
MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to dependency file: /ksa-debug/pom.xml
Path to vulnerable library: /itory/mysql/mysql-connector-java/5.1.18/mysql-connector-java-5.1.18.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
Publish Date: 2017-04-24
URL: CVE-2017-3589
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3589
Release Date: 2017-04-24
Fix Resolution: 5.1.21
⛑️ Automatic Remediation is available for this issue
MySQL JDBC Type 4 driver
Library home page: http://dev.mysql.com/doc/connector-j/en/
Path to dependency file: /ksa-debug/pom.xml
Path to vulnerable library: /itory/mysql/mysql-connector-java/5.1.18/mysql-connector-java-5.1.18.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).
Publish Date: 2020-04-15
URL: CVE-2020-2933
Base Score Metrics:
Type: Upgrade version
Origin: https://docs.oracle.com/javase/7/docs/api/javax/xml/XMLConstants.html#FEATURE_SECURE_PROCESSING
Release Date: 2020-04-15
Fix Resolution: 5.1.49
⛑️ Automatic Remediation is available for this issue
⛑️ Automatic Remediation is available for this issue.
The MyBatis data mapper framework makes it easier to use a relational database with object-oriented applications. MyBatis couples objects with stored procedures or SQL statements using a XML descriptor or annotations. Simplicity is the biggest advantage of the MyBatis data mapper over object relational mapping tools.
Library home page: http://www.mybatis.org/core/
Path to dependency file: /ksa-dao-context/pom.xml
Path to vulnerable library: /itory/org/mybatis/mybatis/3.1.1/mybatis-3.1.1.jar
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
CVE | Severity | CVSS | Dependency | Type | Fixed in | Remediation Available |
---|---|---|---|---|---|---|
CVE-2020-26945 | High | 8.1 | mybatis-3.1.1.jar | Direct | 3.5.6 | ✅ |
The MyBatis data mapper framework makes it easier to use a relational database with object-oriented applications. MyBatis couples objects with stored procedures or SQL statements using a XML descriptor or annotations. Simplicity is the biggest advantage of the MyBatis data mapper over object relational mapping tools.
Library home page: http://www.mybatis.org/core/
Path to dependency file: /ksa-dao-context/pom.xml
Path to vulnerable library: /itory/org/mybatis/mybatis/3.1.1/mybatis-3.1.1.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
MyBatis before 3.5.6 mishandles deserialization of object streams.
Publish Date: 2020-10-10
URL: CVE-2020-26945
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-10-26
Fix Resolution: 3.5.6
⛑️ Automatic Remediation is available for this issue
⛑️ Automatic Remediation is available for this issue.
JUnit is a regression testing framework. It is used by the developer who implements unit tests in Java.
Library home page: http://junit.org
Path to dependency file: /ksa-debug/pom.xml
Path to vulnerable library: /itory/junit/junit/4.8.2/junit-4.8.2.jar
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
CVE | Severity | CVSS | Dependency | Type | Fixed in | Remediation Available |
---|---|---|---|---|---|---|
CVE-2020-15250 | Medium | 5.5 | junit-4.8.2.jar | Direct | 4.13.1 | ✅ |
JUnit is a regression testing framework. It is used by the developer who implements unit tests in Java.
Library home page: http://junit.org
Path to dependency file: /ksa-debug/pom.xml
Path to vulnerable library: /itory/junit/junit/4.8.2/junit-4.8.2.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir
system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory.
Publish Date: 2020-10-12
URL: CVE-2020-15250
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-269g-pwp5-87pp
Release Date: 2020-10-12
Fix Resolution: 4.13.1
⛑️ Automatic Remediation is available for this issue
⛑️ Automatic Remediation is available for this issue.
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to vulnerable library: /-1.7.2.min.js
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
CVE | Severity | CVSS | Dependency | Type | Fixed in | Remediation Available |
---|---|---|---|---|---|---|
CVE-2020-11023 | Medium | 6.1 | jquery-1.7.2.min.js | Direct | jquery - 3.5.0;jquery-rails - 4.4.0 | ❌ |
CVE-2020-11022 | Medium | 6.1 | jquery-1.7.2.min.js | Direct | jQuery - 3.5.0 | ❌ |
CVE-2015-9251 | Medium | 6.1 | jquery-1.7.2.min.js | Direct | jQuery - v3.0.0 | ❌ |
CVE-2019-11358 | Medium | 6.1 | jquery-1.7.2.min.js | Direct | 3.4.0 | ❌ |
CVE-2020-7656 | Medium | 6.1 | jquery-1.7.2.min.js | Direct | jquery - 1.9.0 | ❌ |
CVE-2012-6708 | Medium | 6.1 | jquery-1.7.2.min.js | Direct | jQuery - v1.9.0 | ❌ |
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to vulnerable library: /-1.7.2.min.js
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to vulnerable library: /-1.7.2.min.js
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
Base Score Metrics:
Type: Upgrade version
Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to vulnerable library: /-1.7.2.min.js
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - v3.0.0
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to vulnerable library: /-1.7.2.min.js
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: 3.4.0
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to vulnerable library: /-1.7.2.min.js
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
Publish Date: 2020-05-19
URL: CVE-2020-7656
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-q4m3-2j7h-f7xw
Release Date: 2020-05-28
Fix Resolution: jquery - 1.9.0
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to vulnerable library: /-1.7.2.min.js
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
Publish Date: 2018-01-18
URL: CVE-2012-6708
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6708
Release Date: 2018-01-18
Fix Resolution: jQuery - v1.9.0
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.
Path to dependency file: /ksa-web-core/pom.xml
Path to vulnerable library: /NZFHA/downloadResource_WWVQKI/20220622192425/shiro-web-1.2.0.jar
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
CVE | Severity | CVSS | Dependency | Type | Fixed in | Remediation Available |
---|---|---|---|---|---|---|
CVE-2020-17510 | High | 9.8 | shiro-web-1.2.0.jar | Direct | 1.7.0 | ✅ |
CVE-2020-1957 | High | 9.8 | shiro-web-1.2.0.jar | Direct | 1.5.2 | ✅ |
CVE-2020-11989 | High | 9.8 | shiro-web-1.2.0.jar | Direct | 1.5.3 | ✅ |
CVE-2016-6802 | Medium | 5.6 | shiro-web-1.2.0.jar | Direct | 1.3.2 | ✅ |
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.
Path to dependency file: /ksa-web-core/pom.xml
Path to vulnerable library: /NZFHA/downloadResource_WWVQKI/20220622192425/shiro-web-1.2.0.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
Publish Date: 2020-11-05
URL: CVE-2020-17510
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-11-05
Fix Resolution: 1.7.0
⛑️ Automatic Remediation is available for this issue
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.
Path to dependency file: /ksa-web-core/pom.xml
Path to vulnerable library: /NZFHA/downloadResource_WWVQKI/20220622192425/shiro-web-1.2.0.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
Publish Date: 2020-03-25
URL: CVE-2020-1957
Base Score Metrics:
Type: Upgrade version
Origin: https://shiro.apache.org/news.html
Release Date: 2020-03-25
Fix Resolution: 1.5.2
⛑️ Automatic Remediation is available for this issue
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.
Path to dependency file: /ksa-web-core/pom.xml
Path to vulnerable library: /NZFHA/downloadResource_WWVQKI/20220622192425/shiro-web-1.2.0.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
Publish Date: 2020-06-22
URL: CVE-2020-11989
Base Score Metrics:
Type: Upgrade version
Origin: https://issues.apache.org/jira/browse/SHIRO-753
Release Date: 2020-06-22
Fix Resolution: 1.5.3
⛑️ Automatic Remediation is available for this issue
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.
Path to dependency file: /ksa-web-core/pom.xml
Path to vulnerable library: /NZFHA/downloadResource_WWVQKI/20220622192425/shiro-web-1.2.0.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.
Publish Date: 2016-09-20
URL: CVE-2016-6802
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-6802
Release Date: 2016-09-20
Fix Resolution: 1.3.2
⛑️ Automatic Remediation is available for this issue
⛑️ Automatic Remediation is available for this issue.
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/2.1.0/bootstrap.js
Path to vulnerable library: /bootstrap.js
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
CVE | Severity | CVSS | Dependency | Type | Fixed in | Remediation Available |
---|---|---|---|---|---|---|
CVE-2019-8331 | Medium | 6.1 | bootstrap-2.1.0.js | Direct | bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1 | ❌ |
CVE-2018-14040 | Medium | 6.1 | bootstrap-2.1.0.js | Direct | org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0 | ❌ |
CVE-2018-14042 | Medium | 6.1 | bootstrap-2.1.0.js | Direct | org.webjars.npm:bootstrap:4.1.2.org.webjars:bootstrap:3.4.0 | ❌ |
CVE-2018-20676 | Medium | 6.1 | bootstrap-2.1.0.js | Direct | bootstrap - 3.4.0 | ❌ |
CVE-2016-10735 | Medium | 6.1 | bootstrap-2.1.0.js | Direct | bootstrap - 3.4.0, 4.0.0-beta.2 | ❌ |
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/2.1.0/bootstrap.js
Path to vulnerable library: /bootstrap.js
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Publish Date: 2019-02-20
URL: CVE-2019-8331
Base Score Metrics:
Type: Upgrade version
Release Date: 2019-02-20
Fix Resolution: bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/2.1.0/bootstrap.js
Path to vulnerable library: /bootstrap.js
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
Publish Date: 2018-07-13
URL: CVE-2018-14040
Base Score Metrics:
Type: Upgrade version
Release Date: 2018-07-13
Fix Resolution: org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/2.1.0/bootstrap.js
Path to vulnerable library: /bootstrap.js
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
Publish Date: 2018-07-13
URL: CVE-2018-14042
Base Score Metrics:
Type: Upgrade version
Release Date: 2018-07-13
Fix Resolution: org.webjars.npm:bootstrap:4.1.2.org.webjars:bootstrap:3.4.0
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/2.1.0/bootstrap.js
Path to vulnerable library: /bootstrap.js
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
Publish Date: 2019-01-09
URL: CVE-2018-20676
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20676
Release Date: 2019-01-09
Fix Resolution: bootstrap - 3.4.0
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/2.1.0/bootstrap.js
Path to vulnerable library: /bootstrap.js
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Publish Date: 2019-01-09
URL: CVE-2016-10735
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10735
Release Date: 2019-01-09
Fix Resolution: bootstrap - 3.4.0, 4.0.0-beta.2
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.
Library home page: http://shiro.apache.org/
Path to dependency file: /ksa-service-root/ksa-security-service/pom.xml
Path to vulnerable library: /NZFHA/downloadResource_WWVQKI/20220622192424/shiro-core-1.2.0.jar
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
CVE | Severity | CVSS | Dependency | Type | Fixed in | Remediation Available |
---|---|---|---|---|---|---|
CVE-2021-41303 | High | 9.8 | shiro-core-1.2.0.jar | Direct | 1.8.0 | ✅ |
CVE-2020-13933 | High | 7.5 | shiro-core-1.2.0.jar | Direct | 1.6.0 | ✅ |
CVE-2014-0074 | High | 7.3 | shiro-core-1.2.0.jar | Direct | 1.2.3 | ✅ |
CVE-2016-4437 | Medium | 5.6 | shiro-core-1.2.0.jar | Direct | 1.2.5 | ✅ |
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.
Library home page: http://shiro.apache.org/
Path to dependency file: /ksa-service-root/ksa-security-service/pom.xml
Path to vulnerable library: /NZFHA/downloadResource_WWVQKI/20220622192424/shiro-core-1.2.0.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.
Publish Date: 2021-09-17
URL: CVE-2021-41303
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-f6jp-j6w3-w9hm
Release Date: 2021-09-17
Fix Resolution: 1.8.0
⛑️ Automatic Remediation is available for this issue
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.
Library home page: http://shiro.apache.org/
Path to dependency file: /ksa-service-root/ksa-security-service/pom.xml
Path to vulnerable library: /NZFHA/downloadResource_WWVQKI/20220622192424/shiro-core-1.2.0.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.
Publish Date: 2020-08-17
URL: CVE-2020-13933
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-13933
Release Date: 2020-08-17
Fix Resolution: 1.6.0
⛑️ Automatic Remediation is available for this issue
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.
Library home page: http://shiro.apache.org/
Path to dependency file: /ksa-service-root/ksa-security-service/pom.xml
Path to vulnerable library: /NZFHA/downloadResource_WWVQKI/20220622192424/shiro-core-1.2.0.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.
Publish Date: 2014-10-06
URL: CVE-2014-0074
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-0074
Release Date: 2014-10-06
Fix Resolution: 1.2.3
⛑️ Automatic Remediation is available for this issue
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services.
Library home page: http://shiro.apache.org/
Path to dependency file: /ksa-service-root/ksa-security-service/pom.xml
Path to vulnerable library: /NZFHA/downloadResource_WWVQKI/20220622192424/shiro-core-1.2.0.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
Publish Date: 2016-06-07
URL: CVE-2016-4437
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4437
Release Date: 2016-06-07
Fix Resolution: 1.2.5
⛑️ Automatic Remediation is available for this issue
⛑️ Automatic Remediation is available for this issue.
Apache POI - Java API To Access Microsoft Format Files
Library home page: http://poi.apache.org/
Path to dependency file: /ksa-web-root/ksa-logistics-web/pom.xml
Path to vulnerable library: /NZFHA/downloadResource_WWVQKI/20220622192424/poi-3.8.jar
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
CVE | Severity | CVSS | Dependency | Type | Fixed in | Remediation Available |
---|---|---|---|---|---|---|
CVE-2017-12626 | High | 7.5 | poi-3.8.jar | Direct | 3.17-beta1 | ✅ |
WS-2016-7061 | Medium | 4.8 | poi-3.8.jar | Direct | 3.16-beta1 | ✅ |
Apache POI - Java API To Access Microsoft Format Files
Library home page: http://poi.apache.org/
Path to dependency file: /ksa-web-root/ksa-logistics-web/pom.xml
Path to vulnerable library: /NZFHA/downloadResource_WWVQKI/20220622192424/poi-3.8.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).
Publish Date: 2018-01-29
URL: CVE-2017-12626
Base Score Metrics:
Type: Upgrade version
Release Date: 2018-01-29
Fix Resolution: 3.17-beta1
⛑️ Automatic Remediation is available for this issue
Apache POI - Java API To Access Microsoft Format Files
Library home page: http://poi.apache.org/
Path to dependency file: /ksa-web-root/ksa-logistics-web/pom.xml
Path to vulnerable library: /NZFHA/downloadResource_WWVQKI/20220622192424/poi-3.8.jar
Dependency Hierarchy:
Found in HEAD commit: 6ff98937d8108e10b02d7d74ad01cac70cd3d78e
Found in base branch: master
Apache POI before 3.16-beta1 is vulnerable to bufferoverflow attack due to lack of length sanity check for length of embedded OLE10Native.
Publish Date: 2016-10-14
URL: WS-2016-7061
Base Score Metrics:
Type: Upgrade version
Release Date: 2016-10-14
Fix Resolution: 3.16-beta1
⛑️ Automatic Remediation is available for this issue
⛑️ Automatic Remediation is available for this issue.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.