customerwebstore's People
customerwebstore's Issues
A new vulnerability was discovered: CVE-2020-28503
The package copy-props before 2.0.5 are vulnerable to Prototype Pollution via the main functionality.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/212296
A new vulnerability was discovered: CVE-2020-7663
websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/158831
A new vulnerability was discovered: debricked-124
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/207145
A new vulnerability was discovered: debricked-149646
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/207695
A new vulnerability was discovered: CVE-2020-28469
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/219853
A new vulnerability was discovered: CVE-2020-24025
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/205848
A new vulnerability was discovered: CVE-2020-7774
This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('proto'); y18n.updateLocale({polluted: true}); console.log(polluted); // true
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/187733
A new vulnerability was discovered: CVE-2020-15133
In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client
class uses the EM::Connection#start_tls
method in EventMachine to implement the TLS handshake whenever a wss:
URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a valid and trusted TLS certificate for the expected hostname. That means that any wss:
connection made using this library is vulnerable to a man-in-the-middle attack, since it does not confirm the identity of the server it is connected to. For further background information on this issue, please see the referenced GitHub Advisory. Upgrading faye-websocket
to v0.11.0 is recommended.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/178067
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.