Light

ry0y4n / devops_flow-practice Goto Github PK

JavaScript 60.08% HTML 20.36% Vue 6.15% CSS 11.78% Dockerfile 1.62%

devops_flow-practice's Introduction

sample-vue-project

Project setup

npm install

Compiles and hot-reloads for development

npm run serve

Compiles and minifies for production

npm run build

Lints and fixes files

npm run lint

Customize configuration

See Configuration Reference.

devops_flow-practice's People

Contributors

Watchers

devops_flow-practice's Issues

vue-2.7.8.tgz: 1 vulnerabilities (highest severity is: 5.3)

Vulnerable Library - vue-2.7.8.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/postcss/package.json

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (vue version)	Remediation Possible**
CVE-2023-44270	Medium	5.3	postcss-8.4.16.tgz	Transitive	N/A*	❌

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-44270

Vulnerable Library - postcss-8.4.16.tgz

Tool for transforming styles with JS plugins

Library home page: https://registry.npmjs.org/postcss/-/postcss-8.4.16.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/postcss/package.json

Dependency Hierarchy:

vue-2.7.8.tgz (Root Library)
- compiler-sfc-2.7.8.tgz
  - ❌ postcss-8.4.16.tgz (Vulnerable Library)

Found in base branch: main

Vulnerability Details

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.

Publish Date: 2023-09-29

URL: CVE-2023-44270

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-7fh5-64p2-3v2j

Release Date: 2023-09-29

Fix Resolution: postcss - 8.4.31

Step up your Open Source Security Game with Mend here

ZAP Full Scan Report

Site: https://happy-forest-0a2041c10.1.azurestaticapps.net
New Alerts
- Content Security Policy (CSP) Header Not Set [10038] total: 3:
- Missing Anti-clickjacking Header [10020] total: 1:
  - https://happy-forest-0a2041c10.1.azurestaticapps.net/
- Proxy Disclosure [40025] total: 10:
- Sub Resource Integrity Attribute Missing [90003] total: 12:
- Cross-Domain JavaScript Source File Inclusion [10017] total: 6:
- Permissions Policy Header Not Set [10063] total: 5:
- Strict-Transport-Security Header Not Set [10035] total: 2:
  - https://happy-forest-0a2041c10.1.azurestaticapps.net/robots.txt
  - https://happy-forest-0a2041c10.1.azurestaticapps.net/sitemap.xml
- Base64 Disclosure [10094] total: 1:
  - https://happy-forest-0a2041c10.1.azurestaticapps.net/js/app.8a4d68e3.js
- Information Disclosure - Suspicious Comments [10027] total: 1:
  - https://happy-forest-0a2041c10.1.azurestaticapps.net/js/chunk-vendors.95839c87.js
- Modern Web Application [10109] total: 3:
- Re-examine Cache-control Directives [10015] total: 1:
  - https://happy-forest-0a2041c10.1.azurestaticapps.net/
- Storable and Cacheable Content [10049] total: 7:

View the following link to download the report.
RunnerID:2874228174

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.