This project forked from microsoftdocs/mslearn-tailspin-spacegame-web
The :robot: Space Game ๐ website is a .NET Core app written in C# that's deployed to Linux container ๐ฆ
License: Creative Commons Attribution 4.0 International
๐ฑ Iโm currently learning everything
๐ฌ Ask me about Azure DevOps, GitHub, Visual Studio and Azure
๐ฅ 2023 Goals: Contribute more to Open Source projects, Learn AI/ML DevOps
๐ซ Reach me on twitter @Srivatsa91
โก Fun fact: Hike more, Worry less
![dependabot-preview[bot] avatar](https://avatars.githubusercontent.com/in/2141?v=4 "dependabot-preview[bot]")
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Vulnerable Library - lodash-4.17.14.tgzLodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.14.tgz
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/package.json
Path to vulnerable library: /tmp/ws-scm/tailspin-spacegame-web/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
All versions of lodash are vulnerable to Prototype Pollution. The function zipObjectDeep allows a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires zipping objects based on user-provided property arrays. This vulnerability may lead to Denial of Service or Code Execution.
Publish Date: 2020-04-28
URL: WS-2020-0070
CVSS 3 Score Details (8.1)
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Vulnerable Libraries - node-sass-4.12.0.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/package.json
Path to vulnerable library: /tailspin-spacegame-web/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).
Publish Date: 2019-04-23
URL: CVE-2018-20821
CVSS 3 Score Details (6.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20821
Release Date: 2019-04-23
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
The build server keeps falling over. The OS, Ubuntu 16.04, requires security patches and updates. It's also a challenge to keep build tools and other software up to date.
Vulnerable Library - node-sass-4.12.0.tgzWrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/package.json
Path to vulnerable library: /tailspin-spacegame-web/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11696
CVSS 3 Score Details (8.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: sass/libsass#2665
Release Date: 2018-06-04
Fix Resolution: Libsass:3.5.5, Node-sass:4.14.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Libraries - minimist-0.0.8.tgz, minimist-1.2.0.tgz
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/package.json
Path to vulnerable library: /tmp/ws-scm/tailspin-spacegame-web/node_modules/mkdirp/node_modules/minimist/package.json
Dependency Hierarchy:
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/package.json
Path to vulnerable library: /tmp/ws-scm/tailspin-spacegame-web/node_modules/meow/node_modules/minimist/package.json
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
Publish Date: 2020-03-11
URL: CVE-2020-7598
CVSS 3 Score Details (5.6)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94
Release Date: 2020-03-11
Fix Resolution: minimist - 0.2.1,1.2.3
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - jquery-2.1.4.min.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/node_modules/js-base64/.attic/test-moment/index.html
Path to vulnerable library: /tailspin-spacegame-web/node_modules/js-base64/.attic/test-moment/index.html
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
Migrate source code to GitHub and define how we'll collaborate.
Vulnerable Libraries - node-sass-4.12.0.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/package.json
Path to vulnerable library: /tailspin-spacegame-web/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-12-03
URL: CVE-2018-19827
CVSS 3 Score Details (8.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: sass/libsass#2784
Release Date: 2019-08-29
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
Add unit tests to the project to help minimize regression bugs.
Vulnerable Libraries - node-sass-4.12.0.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/package.json
Path to vulnerable library: /tailspin-spacegame-web/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().
Publish Date: 2018-12-04
URL: CVE-2018-19838
CVSS 3 Score Details (6.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://github.com/sass/libsass/blob/3.6.0/src/ast.cpp
Release Date: 2019-07-01
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - kind-of-6.0.2.tgzGet the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/package.json
Path to vulnerable library: /tmp/ws-scm/tailspin-spacegame-web/node_modules/kind-of/package.json
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
Publish Date: 2019-12-30
URL: CVE-2019-20149
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20149
Release Date: 2019-12-30
Fix Resolution: 6.0.3
Step up your Open Source Security Game with WhiteSource here
Vulnerable Libraries - node-sass-4.12.0.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/package.json
Path to vulnerable library: /tailspin-spacegame-web/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.
Publish Date: 2019-11-06
URL: CVE-2019-18797
CVSS 3 Score Details (6.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18797
Release Date: 2019-11-06
Fix Resolution: LibSass - 3.6.3
Step up your Open Source Security Game with WhiteSource here
Vulnerable Libraries - node-sass-4.12.0.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/package.json
Path to vulnerable library: /tailspin-spacegame-web/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.
Publish Date: 2019-01-14
URL: CVE-2019-6283
CVSS 3 Score Details (6.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6284
Release Date: 2019-08-06
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - ajv-6.10.0.tgzAnother JSON Schema Validator
Library home page: https://registry.npmjs.org/ajv/-/ajv-6.10.0.tgz
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/package.json
Path to vulnerable library: /tmp/ws-scm/tailspin-spacegame-web/node_modules/ajv/package.json
Dependency Hierarchy:
Found in HEAD commit: 18bed90b3f61ffbe393dbb67ae624f4355632bcc
Vulnerability Details
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)
Publish Date: 2020-07-15
URL: CVE-2020-15366
CVSS 3 Score Details (5.6)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://github.com/ajv-validator/ajv/releases/tag/v6.12.3
Release Date: 2020-07-15
Fix Resolution: ajv - 6.12.3
Step up your Open Source Security Game with WhiteSource here
Vulnerable Libraries - node-sass-4.12.0.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/package.json
Path to vulnerable library: /tailspin-spacegame-web/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.
Publish Date: 2019-01-14
URL: CVE-2019-6284
CVSS 3 Score Details (6.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6284
Release Date: 2019-08-06
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Libraries - node-sass-4.12.0.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/package.json
Path to vulnerable library: /tailspin-spacegame-web/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).
Publish Date: 2019-04-23
URL: CVE-2018-20822
CVSS 3 Score Details (6.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20822
Release Date: 2019-08-06
Fix Resolution: LibSass - 3.6.0;node-sass - 4.13.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - yargs-parser-5.0.0.tgzthe mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-5.0.0.tgz
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/package.json
Path to vulnerable library: /tmp/ws-scm/tailspin-spacegame-web/node_modules/yargs-parser/package.json
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.
Publish Date: 2020-03-16
URL: CVE-2020-7608
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608
Release Date: 2020-03-16
Fix Resolution: v18.1.1;13.1.2;15.0.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Libraries - node-sass-4.12.0.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/package.json
Path to vulnerable library: /tailspin-spacegame-web/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11698
CVSS 3 Score Details (8.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-11698
Release Date: 2018-06-04
Fix Resolution: Libsass-3.6.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - jquery-2.1.4.min.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/node_modules/js-base64/.attic/test-moment/index.html
Path to vulnerable library: /tailspin-spacegame-web/node_modules/js-base64/.attic/test-moment/index.html
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: 3.4.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Libraries - node-sass-4.12.0.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/package.json
Path to vulnerable library: /tailspin-spacegame-web/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.
Publish Date: 2018-12-04
URL: CVE-2018-19839
CVSS 3 Score Details (6.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19839
Release Date: 2018-12-04
Fix Resolution: Libsass:3.6.0
Step up your Open Source Security Game with WhiteSource here
Homepage has to be updated
Vulnerable Library - jquery-2.1.4.min.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/node_modules/js-base64/.attic/test-moment/index.html
Path to vulnerable library: /tailspin-spacegame-web/node_modules/js-base64/.attic/test-moment/index.html
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - v3.0.0
Step up your Open Source Security Game with WhiteSource here
Use Application Insights
Vulnerable Library - node-sass-4.12.0.tgzWrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/package.json
Path to vulnerable library: /tailspin-spacegame-web/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.
Publish Date: 2018-12-03
URL: CVE-2018-19797
CVSS 3 Score Details (6.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19797
Release Date: 2019-09-01
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Libraries - node-sass-4.12.0.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/package.json
Path to vulnerable library: /tailspin-spacegame-web/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.
Publish Date: 2019-01-14
URL: CVE-2019-6286
CVSS 3 Score Details (6.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6286
Release Date: 2019-08-06
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Libraries - node-sass-4.12.0.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/package.json
Path to vulnerable library: /tailspin-spacegame-web/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.
Publish Date: 2018-12-17
URL: CVE-2018-20190
CVSS 3 Score Details (6.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20190
Release Date: 2018-12-17
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
Build rich, serverless scenarios by capitalizing on a range of Azure and external services. Easily interact with Azure Cosmos DB, Storage, and more and external services including Twilio, SendGrid, and othersโby adding input/output bindings to Functions. Save costs with less code to maintain.
Vulnerable Library - node-sass-4.12.0.tgzWrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/package.json
Path to vulnerable library: /tailspin-spacegame-web/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp.
Publish Date: 2018-12-04
URL: CVE-2018-19837
CVSS 3 Score Details (6.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19837
Fix Resolution: 3.5.5
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - node-sass-4.12.0.tgzWrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/package.json
Path to vulnerable library: /tailspin-spacegame-web/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11695
CVSS 3 Score Details (8.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: sass/libsass#2664
Release Date: 2018-06-04
Fix Resolution: Libsass:3.5.3, Node-sass:4.9.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - jquery-2.1.4.min.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/node_modules/js-base64/.attic/test-moment/index.html
Path to vulnerable library: /tailspin-spacegame-web/node_modules/js-base64/.attic/test-moment/index.html
Dependency Hierarchy:
Found in HEAD commit: 18bed90b3f61ffbe393dbb67ae624f4355632bcc
Vulnerability Details
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Libraries - node-sass-4.12.0.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/package.json
Path to vulnerable library: /tailspin-spacegame-web/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11697
CVSS 3 Score Details (8.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11697
Release Date: 2019-09-01
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Libraries - node-sass-4.12.0.tgz
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.12.0.tgz
Path to dependency file: /tmp/ws-scm/tailspin-spacegame-web/package.json
Path to vulnerable library: /tailspin-spacegame-web/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: b0b3d48aaceea77a25044e2dca9c3c0019a9a96d
Vulnerability Details
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11694
CVSS 3 Score Details (8.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11694
Release Date: 2018-06-04
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Libraries - node-sassv4.14.1, opennmsopennms-source-22.0.1-1
Vulnerability Details
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.
Publish Date: 2018-05-26
URL: CVE-2018-11499
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11499
Release Date: 2018-05-26
Fix Resolution: LibSass - 3.6.0
Step up your Open Source Security Game with WhiteSource here
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
