diff --git a/packages/formatter-markdown/.gitignore b/packages/formatter-markdown/.gitignore new file mode 100644 index 00000000000..9f5cb360f33 --- /dev/null +++ b/packages/formatter-markdown/.gitignore @@ -0,0 +1,2 @@ +src/assets/js/scan/get-message.js +src/assets/js/scan/_locales diff --git a/packages/formatter-markdown/.npmrc b/packages/formatter-markdown/.npmrc new file mode 100644 index 00000000000..43c97e719a5 --- /dev/null +++ b/packages/formatter-markdown/.npmrc @@ -0,0 +1 @@ +package-lock=false diff --git a/packages/formatter-markdown/LICENSE.txt b/packages/formatter-markdown/LICENSE.txt new file mode 100644 index 00000000000..540e41dcbd4 --- /dev/null +++ b/packages/formatter-markdown/LICENSE.txt @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright JS Foundation and other contributors, https://js.foundation + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/packages/formatter-markdown/README.MD b/packages/formatter-markdown/README.MD new file mode 100644 index 00000000000..6053c250ca6 --- /dev/null +++ b/packages/formatter-markdown/README.MD @@ -0,0 +1,33 @@ +# Markdown (`@hint/formatter-markdown`) + +The `markdown` formatter outputs the result in a md file. + +![Example output for the Markdown formatter](images/example-markdown-report.png) + +A new folder `hint-report` will be created with the results. + +This package is installed automatically by webhint: + +```bash +npm install hint --save-dev +``` + +To use it, activate it via the [`.hintrc`][hintrc] configuration file: + +```json +{ + "connector": {...}, + "formatters": ["markdown"], + "hints": { + ... + }, + ... +} +``` + +**Note**: The recommended way of running webhint is as a `devDependency` of +your project. + + + +[hintrc]: https://webhint.io/docs/user-guide/configuring-webhint/summary/ diff --git a/packages/formatter-markdown/images/example-markdown-report.png b/packages/formatter-markdown/images/example-markdown-report.png new file mode 100644 index 00000000000..57c9c4633f4 Binary files /dev/null and b/packages/formatter-markdown/images/example-markdown-report.png differ diff --git a/packages/formatter-markdown/markdown-webhint-report.md b/packages/formatter-markdown/markdown-webhint-report.md new file mode 100644 index 00000000000..15099f98645 --- /dev/null +++ b/packages/formatter-markdown/markdown-webhint-report.md @@ -0,0 +1,51 @@ +# Webhint Report - 2020-10-02T20:19:10.489Z + +hints: + +## pwa + +✔ No issues + +## pitfalls + +✔ No issues + +## compatibility + +### Use charset 'utf-8': hints 1 + +[Why is this important](https://webhint.io/docs/user-guide/hints/hint-meta-charset-utf-8/#why-is-this-important) + +[How to fix it](https://webhint.io/docs/user-guide/hints/hint-meta-charset-utf-8/#examples-that-pass-the-hint) + +#### **💡Hint** 'charset' meta element should be the first thing in'' + +https://www.example.com/:4:4 + +``` html + +``` + +## security + +### No Vulnerable Libraries: hints 1 + +#### ⛔ **Error** 'Lo-Dash@4.17.15' has 2 known vulnerabilities (1 high, 1 medium) + +https://www.example.com/ + +## performance + +### Http Cache: hints 1 + +#### **⚠Warning** A 'cache-control' header contains directives that are not recommended: 'must revalidate' + +``` http +Cache-Control: private, max-age=31557600, must-revalidate +``` + +https://webhint.io/:-1:-1 + +--- + +Powered by [Webhint - 6.1.0](https://webhint.io/) diff --git a/packages/formatter-markdown/package.json b/packages/formatter-markdown/package.json new file mode 100644 index 00000000000..910c2376af7 --- /dev/null +++ b/packages/formatter-markdown/package.json @@ -0,0 +1,85 @@ +{ + "name": "@hint/formatter-markdown", + "version": "0.0.1", + "description": "Webhint formatter that creates a Markdown file with the results of the webhint scan.", + "main": "dist/src/formatter.js", + "directories": { + "test": "tests" + }, + "scripts": { + "build": "npm run i18n && npm-run-all build:*", + "build-release": "npm run clean && npm run i18n && npm run build:assets && tsc --inlineSourceMap false --removeComments true", + "build:assets": "cpx \"./{src,tests}/**/{!(*.ts),.!(ts)}\" dist", + "build:ts": "tsc -b", + "clean": "rimraf dist", + "i18n": "node ../../scripts/create-i18n.js", + "lint": "npm-run-all lint:*", + "lint:js": "eslint . --cache --ext .js,.md,.ts --ignore-path ../../.eslintignore", + "lint:dependencies": "node ../../scripts/lint-dependencies.js", + "lint:md": "node ../../scripts/lint-markdown.js", + "test": "npm run i18n && npm run lint && npm run build && npm run test-only", + "test-only": "nyc ava", + "test-release": "npm run i18n && npm run lint && npm run build-release && ava", + "watch": "npm run build && npm-run-all --parallel -c watch:*", + "watch:assets": "npm run build:assets -- -w --no-initial", + "watch:test": "ava --watch", + "watch:ts": "npm run build:ts -- --watch" + }, + "nyc": { + "extends": "../../.nycrc" + }, + "peerDependencies": { + "hint": "^6.0.0" + }, + "repository": { + "directory": "packages/formatter-markdown", + "type": "git", + "url": "https://github.com/webhintio/hint.git" + }, + "dependencies": { + "@hint/utils": "^7.0.6", + "@hint/utils-fs": "^1.0.5", + "@hint/utils-i18n": "^1.0.5", + "@hint/utils-types": "^1.1.0", + "lodash": "^4.17.20", + "fs-extra": "^9.0.1" + }, + "devDependencies": { + "@types/node": "^14.11.1", + "@types/proxyquire": "^1.3.28", + "@types/sinon": "^9.0.5", + "@typescript-eslint/eslint-plugin": "^4.0.1", + "@typescript-eslint/parser": "^4.0.1", + "ava": "^3.12.1", + "cpx": "^1.5.0", + "eslint": "^7.8.1", + "eslint-plugin-import": "^2.22.0", + "eslint-plugin-markdown": "^1.0.2", + "npm-run-all": "^4.1.5", + "nyc": "^15.1.0", + "proxyquire": "^2.1.3", + "rimraf": "^3.0.2", + "sinon": "^9.0.3", + "typescript": "^4.0.2" + }, + "files": [ + "dist/src", + "images" + ], + "homepage": "https://webhint.io/", + "keywords": [ + "markdown", + "webhint", + "webhint-formatter" + ], + "author": "", + "license": "Apache-2.0", + "ava": { + "failFast": false, + "files": [ + "dist/tests/**/*.js", + "!dist/tests/**/fixtures/**/*.js" + ], + "timeout": "1m" + } +} diff --git a/packages/formatter-markdown/src/_locales/en/messages.json b/packages/formatter-markdown/src/_locales/en/messages.json new file mode 100644 index 00000000000..e4cc175435a --- /dev/null +++ b/packages/formatter-markdown/src/_locales/en/messages.json @@ -0,0 +1,30 @@ +{ + "hints": { + "description": "Text for hints", + "message": "hints" + }, + "howToFixIt": { + "description": "Text for the message How to fix it", + "message": "How to fix it" + }, + "noIssues": { + "description": "Message to show when there is no issues in a category", + "message": "No issues" + }, + "toLearnMore": { + "description": "Text to show when a third party library has details on", + "message": "To learn more visit" + }, + "whyIsThisImportant": { + "description": "Text for the message Why is this important", + "message": "Why is this important" + }, + "withTheHelpOf": { + "description": "Text to show when a third party library doesn't have details on", + "message": "With the help of" + }, + "youCanView": { + "description": "Logging message to show to the user where the report was generated", + "message": "You can view the Markdown report in \"$1\"" + } +} diff --git a/packages/formatter-markdown/src/configs/third-party-service-config.json b/packages/formatter-markdown/src/configs/third-party-service-config.json new file mode 100644 index 00000000000..ffc8a98fc8e --- /dev/null +++ b/packages/formatter-markdown/src/configs/third-party-service-config.json @@ -0,0 +1,36 @@ +{ + "axe": { + "logo": { + "name": "axe", + "url": "/images/scan/axe.png", + "alt": "axe" + }, + "link": "https://github.com/dequelabs/axe-core" + }, + "ssllabs": { + "logo": { + "name": "ssllabs", + "url": "/images/scan/qualys-ssl-labs-logo.png", + "alt": "Qualys SSL Labs" + }, + "details": true, + "link": "https://www.ssllabs.com/ssltest/analyze.html" + }, + "no-vulnerable-javascript-libraries": { + "logo": { + "name": "snyk", + "url": "/images/scan/snyk.svg", + "alt": "snyk" + }, + "link": "https://snyk.io/vuln/" + }, + "image-optimization-cloudinary": { + "logo": { + "name": "cloudinary", + "url": "/images/scan/cloudinary_logo_for_white_bg.svg", + "alt": "Cloudinary" + }, + "details": true, + "link": "https://webspeedtest.cloudinary.com" + } +} diff --git a/packages/formatter-markdown/src/formatter.ts b/packages/formatter-markdown/src/formatter.ts new file mode 100644 index 00000000000..751792e7e79 --- /dev/null +++ b/packages/formatter-markdown/src/formatter.ts @@ -0,0 +1,243 @@ +import * as fs from 'fs-extra'; +import * as path from 'path'; +import { cwd } from 'process'; + +import { logger } from '@hint/utils'; +import { Problem, Category, Severity } from '@hint/utils-types'; +import { FormatterOptions, HintResources, IFormatter } from 'hint'; + +import AnalysisResult, { CategoryResult, HintResult } from './result'; + +import { MarkdownHelpers, HeaderCount } from './utils'; +import { getMessage as getMessageFormatter, MessageName } from './i18n.import'; + +/* + * ------------------------------------------------------------------------------ + * Utils + * ------------------------------------------------------------------------------ + */ + +const messagesFileName = 'messages.json'; + +/* istanbul ignore next */ +const getCategoryListFromResources = (resources: HintResources) => { + const categoriesArray: string[] = resources.hints.map((hint) => { + if (hint.meta.docs && hint.meta.docs.category) { + return hint.meta.docs.category; + } + + return Category.other; + }); + + // Clean duplicated values. + const categories: Set = new Set(categoriesArray); + + return Array.from(categories); +}; + +const getCategoryList = (resources?: HintResources): string[] => { + /* istanbul ignore if */ + if (resources) { + return getCategoryListFromResources(resources); + } + + const result: string[] = []; + + for (const [, value] of Object.entries(Category)) { + result.push(value); + } + + return result; +}; + +const createLanguageFile = async (language: string = 'en') => { + const rootPath = path.join(__dirname, '_locales'); + const languagesToCheck = [language]; + const languageParts = language.split('-'); + + /* + * Add to the list the 'main' language. + * e.g. en-US => en + */ + if (languageParts.length > 1) { + languagesToCheck.push(languageParts[0]); + } + + // Default to 'en'. + let existingLanguage = 'en'; + + for (const lang of languagesToCheck) { + const file = path.join(rootPath, lang, messagesFileName); + + // fs.exists is deprecated so using the sync version instead. + if (fs.existsSync(file)) { // eslint-disable-line no-sync + existingLanguage = lang; + break; + } + } + + const orig = path.join(rootPath, existingLanguage, messagesFileName); + const dest = path.join(rootPath, messagesFileName); + + await fs.copyFile(orig, dest); +}; + +const removeLanguageFile = async () => { + await fs.unlink(path.join(__dirname, '_locales', messagesFileName)); +}; + +export default class MarkdownFormatter implements IFormatter { + + private language: string = ''; + + private getMessage(key: MessageName, substitutions?: string | string[]) { + return getMessageFormatter(key, this.language, substitutions); + } + + public async format(problems: Problem[], options: FormatterOptions = {}) { + + this.language = options.language!; + const target = options.target || ''; + const result = new AnalysisResult(target, options); + const categoryList: string[] = getCategoryList(options.resources); + + categoryList.forEach((category) => { + result.addCategory(category, this.language); + }); + + problems.forEach((message) => { + result.addProblem(message, this.language); + }); + + /* istanbul ignore if */ + if (options.resources) { + options.resources.hints.forEach((hintConstructor) => { + const categoryName: string = hintConstructor.meta.docs!.category!; + const hintId: string = hintConstructor.meta.id; + + const category: CategoryResult = result.getCategoryByName(categoryName)!; + const hint: HintResult | undefined = category.getHintByName(hintId); + + if (!hint) { + category.addHint(hintId, 'pass'); + } + }); + } + + try { + if (!options.noGenerateFiles) { + result.percentage = 100; + result.id = Date.now().toString(); + + await createLanguageFile(this.language); + + const markdown = this.createMarkdown(result); + + await removeLanguageFile(); + + // We save the result with the friendly target name + const name = target.replace(/:\/\//g, '-') + .replace(/:/g, '-') + .replace(/\./g, '-') + .replace(/\//g, '-') + .replace(/[?=]/g, '-query-') + .replace(/-$/, ''); + + const destDir = options.output || path.join(cwd(), 'hint-report'); + + const destination = path.join(destDir, `${name}.md`); + + await fs.outputFile(destination, markdown); + + logger.log(getMessageFormatter('youCanView', this.language, destination)); + } + + return result; + } catch (err) { + logger.error(err); + + throw err; + } + } + + /** + * Creates the markdown report of the webhint scan. + * @param result The webhint scan result. + */ + /* istanbul ignore next [too hard to test + should create something similar to the example file: + ./markdown-webhint-report.md] + */ + private createMarkdown(result: AnalysisResult) { + let markdown = ''; + + markdown += MarkdownHelpers.createHeader(`Webhint Report - ${result.date}`, HeaderCount.Title); + markdown += MarkdownHelpers.newLine; + markdown += `${this.getMessage('hints')}: ${result.hintsCount}`; + markdown += MarkdownHelpers.newLine; + + markdown += result.categories.map((category) => { + let categoryInfo = ''; + + categoryInfo += MarkdownHelpers.createHeader(category.name, HeaderCount.Category); + categoryInfo += MarkdownHelpers.newLine; + + if (category.hints.length === 0) { + categoryInfo += `\u2714 ${this.getMessage('noIssues')}`; + categoryInfo += MarkdownHelpers.newLine; + } + + categoryInfo += category.hints.map((hint) => { + let hintInfo = ''; + + hintInfo += MarkdownHelpers.createHeader(`${hint.name}: ${hint.count} hints`, HeaderCount.Hint); + hintInfo += MarkdownHelpers.newLine; + + if (hint.problems.length > 0) { + hintInfo += MarkdownHelpers.getHintLevelSummary(hint.problems); + hintInfo += MarkdownHelpers.newLine; + } + + if (hint.hasDoc) { + hintInfo += MarkdownHelpers.createLink(this.getMessage('whyIsThisImportant'), `https://webhint.io/docs/user-guide/hints/hint-${hint.name}/#why-is-this-important`); + hintInfo += MarkdownHelpers.newLine; + hintInfo += MarkdownHelpers.createLink(this.getMessage('howToFixIt'), `https://webhint.io/docs/user-guide/hints/hint-${hint.name}/#examples-that-pass-the-hint`); + hintInfo += MarkdownHelpers.newLine; + } + + if (hint.thirdPartyInfo) { + hintInfo += MarkdownHelpers.createLink(`${this.getMessage('toLearnMore')} ${hint.thirdPartyInfo.logo.alt}`, hint.thirdPartyInfo.link); + hintInfo += MarkdownHelpers.newLine; + } + + hintInfo += hint.problems.map((problem) => { + let problemInfo = ''; + + problemInfo += MarkdownHelpers.createHeader(`${MarkdownHelpers.getSeverityIcon(problem.severity)} **${Severity[problem.severity]}** - ${problem.message}`, HeaderCount.Message); + problemInfo += MarkdownHelpers.newLine; + + problemInfo += `${problem.resource}:${problem.location.line}:${problem.location.column}`; + problemInfo += MarkdownHelpers.newLine; + + if (problem.sourceCode) { + problemInfo += MarkdownHelpers.createCodeSnippet(problem.sourceCode, problem.codeLanguage); + } + + return problemInfo; + }).join(MarkdownHelpers.newLine); + + return hintInfo; + }).join(MarkdownHelpers.newLine); + + return categoryInfo; + }).join(MarkdownHelpers.newLine); + + markdown += MarkdownHelpers.horizontalRule; + markdown += MarkdownHelpers.newLine; + markdown += `Powered by ${MarkdownHelpers.createLink( + `Webhint${result.version ? ` - ${result.version}` : ''}`, + 'https://webhint.io/')}`; + + return markdown; + } +} diff --git a/packages/formatter-markdown/src/result.ts b/packages/formatter-markdown/src/result.ts new file mode 100644 index 00000000000..a5afc8cb387 --- /dev/null +++ b/packages/formatter-markdown/src/result.ts @@ -0,0 +1,339 @@ +import * as path from 'path'; + +import cloneDeep = require('lodash/cloneDeep'); + +import { Category, Problem, Severity } from '@hint/utils-types'; +import { loadJSONFile } from '@hint/utils-fs'; +import { getCategoryName } from '@hint/utils-i18n'; +import { FormatterOptions } from 'hint'; + +const thirdPartyServices = loadJSONFile(path.join(__dirname, 'configs', 'third-party-service-config.json')); +const hintsWithoutDocs = ['optimize-image']; + +/** Third party logo type. */ +type ThirdPartyLogo = { + name: string; + url: string; + alt: string; +}; + +/** Third party information. */ +type ThirdPartyInfo = { + logo: ThirdPartyLogo; + link: string; + details?: boolean; +}; + +/** + * Represents information about a Hint. + */ +export class HintResult { + /** Status of hint. */ + public status: string; + /** Number of suggestions reported for this hint. */ + public count: number; + /** Suggestions reported for this hint. */ + public problems: Problem[]; + /** Name of the hint. */ + public name: string; + /** Third party information (when apply). */ + public thirdPartyInfo: ThirdPartyInfo; + /** Indicate if there is documentation for this hint. */ + public hasDoc: boolean; + + public constructor(name: string, status: string, url: string, isScanner: boolean) { + const baseName = name.split('/')[0]; + + this.problems = []; + + this.name = name; + this.status = status; + this.count = 0; + + // Use `baseName` so multi-hints like `axe/aria` map to `axe`. + this.thirdPartyInfo = thirdPartyServices[baseName] ? cloneDeep(thirdPartyServices[baseName]) : null; + + if (this.thirdPartyInfo) { + this.thirdPartyInfo.link.replace(/%URL%/, url); + if (!isScanner) { + this.thirdPartyInfo.logo.url = this.thirdPartyInfo.logo.url.substr(1); + } + } + + this.hasDoc = !hintsWithoutDocs.includes(name); + } + + /** + * Add a new suggestion to the hint. + * @param problem New suggestion. + */ + public addProblem(problem: Problem) { + this.problems.push(problem); + this.count++; + } +} + +/** + * Represents the information about a Category. + */ +export class CategoryResult { + /** Number of suggestions in the category. */ + public hintsCount: number; + /** Hints that have passed. */ + public passed: HintResult[]; + /** Hints that have not passed. */ + public hints: HintResult[]; + /** Category name. */ + public name: string; + /** Localized category name. */ + public localizedName: string; + /** Category status. */ + public status: string; + /** Cache HintResults. */ + private cache: Map = new Map(); + /** URL analyzed. */ + public url: string; + /** Is the result generated for the online scanner. */ + private isScanner: boolean; + + public constructor(name: string, url: string, isScanner: boolean, language?: string) { + this.hints = []; + this.passed = []; + this.name = name; + this.localizedName = getCategoryName(name.toLowerCase() as Category, language); + + this.hintsCount = 0; + + this.isScanner = isScanner; + + this.status = 'finished'; + this.url = url; + } + + /** + * Return a Hint given a name. + * @param name Hint name to get. + */ + public getHintByName(name: string): HintResult | undefined { + const lowerCaseName = name.toLowerCase(); + let hint = this.cache.get(lowerCaseName); + + if (!hint) { + hint = this.hints.find((hi: HintResult) => { + return hi.name.toLowerCase() === lowerCaseName; + }); + + if (hint) { + this.cache.set(lowerCaseName, hint); + } + } + + return hint; + } + + /** + * Add a new Hint given a name and the status. + * @param name Hint name. + * @param status Hint status. + */ + public addHint(name: string, status: string): HintResult { + let hint = this.getHintByName(name); + + if (hint) { + return hint; + } + + hint = new HintResult(name, status, this.url, this.isScanner); + + if (status === 'pass') { + this.passed.push(hint); + } else { + this.hints.push(hint); + } + + return hint; + } + + /** + * Add a new suggestion to the categoroy. + * @param problem Hint suggestion. + */ + public addProblem(problem: Problem) { + const hintId = problem.hintId; + + let hint = this.getHintByName(hintId); + + if (!hint) { + hint = new HintResult(hintId, Severity[problem.severity].toString(), this.url, this.isScanner); + + this.hints.push(hint); + } + + if (problem.severity !== Severity.off && problem.severity !== Severity.default) { + this.hintsCount++; + } + + hint.addProblem(problem); + } +} + +/** + * Represents the result of an analysis. + */ +export default class AnalysisResult { + /** Number of suggestions. */ + public hintsCount: number; + /** Scan time. */ + public scanTime: string; + /** When the scan was started (started in the online scanner). */ + public date: string; + /** webhint version. */ + public version?: string; + /** Link to the result (online scanner). */ + public permalink: string; + /** List of categories. */ + public categories: CategoryResult[]; + /** URL analyzed. */ + public url: string; + /** The analysis is finish. */ + public isFinish: boolean; + /** Status of the analysis. */ + public status: string; + /** Analysis id (mostly for the online scanner). */ + public id: string; + /** If the results was generated in the online scanner. */ + public isScanner: boolean; + /** Precentage of the analysis completed. */ + public percentage: number; + /** Indicate if it is necessary to show the error message. */ + public showError: boolean; + /** Cache for CategorieResults. */ + private cache: Map = new Map(); + + public constructor(target: string, options: FormatterOptions) { + this.url = target; + this.hintsCount = 0; + this.status = options.status ? options.status : 'finished'; + // Question: Should we have this here or in webhint.io? + this.isFinish = this.status === 'finished' || this.status === 'error'; + this.showError = this.status === 'error'; + this.scanTime = this.parseScanTime(options.scanTime || 0); + this.date = options.date!; + this.version = options.version; + this.permalink = ''; + this.id = ''; + this.isScanner = !!options.isScanner; + this.percentage = 0; + + this.categories = []; + } + + /** + * Add a 0 to a time string if needed. + */ + private pad = (timeString: string): string => { + return timeString && timeString.length === 1 ? `0${timeString}` : timeString; + }; + + /** + * Return a string representing the time. + * @param scanTime Time in milliseconds. + */ + private parseScanTime(scanTime: number): string { + const seconds = Math.floor((scanTime / 1000) % 60); + const minutes = Math.floor((scanTime / 1000 / 60) % 60); + const hours = Math.floor((scanTime / 1000 / 3600)); + + const minutesDisplay = this.pad(`${minutes}`); + const secondsDisplay = this.pad(`${seconds}`); + let time = `${minutesDisplay}:${secondsDisplay}`; + + if (hours > 0) { + const hoursDisplay = this.pad(`${hours}`); + + time = `${hours}:${time}`; + time = `${hoursDisplay}:${time}`; + } + + return time; + } + + /** + * Return a category given a name. + * @param name Category name. + */ + public getCategoryByName(name: string): CategoryResult | undefined { + const lowerCaseName = name.toLowerCase(); + let category = this.cache.get(lowerCaseName); + + if (!category) { + category = this.categories.find((cat: CategoryResult) => { + return cat.name.toLowerCase() === lowerCaseName; + }); + + if (category) { + this.cache.set(lowerCaseName, category); + } + } + + return category; + } + + /** + * Add a suggestion to the result. + * @param problem New suggestion. + */ + public addProblem(problem: Problem, language?: string): void { + const categoryName: string = problem.category; + + let category: CategoryResult | undefined = this.getCategoryByName(categoryName); + + if (!category) { + category = new CategoryResult(categoryName, this.url, this.isScanner, language); + + this.categories.push(category); + } + + if (problem.severity === Severity.error || problem.severity === Severity.warning) { + this.hintsCount++; + } + + category.addProblem(problem); + } + + /** + * Add a new category to the result. + * @param categoryName Category name. + */ + public addCategory(categoryName: string, language?: string): void { + let category = this.getCategoryByName(categoryName); + + if (category) { + return; + } + + category = new CategoryResult(categoryName, this.url, this.isScanner, language); + + this.categories.push(category); + } + + /** + * Remove a category from the results. + * @param categoryName Category name. + */ + public removeCategory(categoryName: string): void { + const name = categoryName.toLowerCase(); + + const category = this.getCategoryByName(name); + + if (category) { + this.hintsCount -= category.hintsCount; + + const index = this.categories.indexOf(category); + + this.categories.splice(index, 1); + + this.cache.delete(name); + } + } +} diff --git a/packages/formatter-markdown/src/utils.ts b/packages/formatter-markdown/src/utils.ts new file mode 100644 index 00000000000..46359292c0c --- /dev/null +++ b/packages/formatter-markdown/src/utils.ts @@ -0,0 +1,128 @@ +import { Problem } from '@hint/utils-types'; +import { Severity } from '@hint/utils-types'; + +export enum HeaderCount { + Title = 1, + Category = 2, + Hint = 3, + Message = 4 +} + +/** + * Markdown Helpers. + */ +export class MarkdownHelpers { + + /** + * Gets the severity unicode icon.. + * @param severity The severity level. + */ + public static getSeverityIcon(severity: Severity): string { + switch (severity) { + case Severity.error: + // No Entry - ⛔ + return '\u26D4'; + case Severity.warning: + // Warning - ⚠ + return '\u26A0'; + case Severity.hint: + // Lightbulb - 💡 + return '\u1F4A1'; + case Severity.information: + // Information - ℹ + return '\u2139'; + default: + return ''; + } + } + + /** + * Gets the amount of problems depending on the severity. + * @param problems The list of problems. + * @param severity The severity to search for. + */ + public static getHintLevelSummary(problems: Problem[]) { + const severities = [ + Severity.error, + Severity.warning, + Severity.hint, + Severity.information + ]; + + const list = severities.map((severity) => { + const hintCount = this.getAmountOfHintsBySeverity(problems, severity); + + if (hintCount > 0) { + return `* ${Severity[severity]}: ${hintCount}`; + } + + return null; + }); + + return list.filter((s) => { + return s !== null; + }).join(this.newLine); + } + + /** + * Gets the amount of problems depending on the severity. + * @param problems The list of problems. + * @param severity The severity to search for. + */ + private static getAmountOfHintsBySeverity(problems: Problem[], severity: Severity) { + return problems.filter((problem) => { + return problem.severity === severity; + }).length; + } + + /** + * Creates the markdown headers of any size. + * @param header The header text. + * @param level The header level e.g. h3 / ###. + */ + public static createHeader(header: string, level: number): string { + // Add 1 to account for added whitespace between # and text. + const sizeofStringAfter = header.length + 1 + level; + + return level > 0 ? ` ${header}`.padStart(sizeofStringAfter, '#') : header; + } + + /** + * Creates Link or images. + * @param text The text or alt text. + * @param link The link or image link. + * @param displayImage A value indicating whether the link should be treated as an image. + */ + public static createLink(text: string, link: string, displayImage: boolean = false): string { + return `${displayImage ? '!' : ''}[${text}](${link})`; + } + + /** + * Creates the code snippets. + * @param code The code to display. + * @param language The language of the code. Defaults to HTML as the language since webhint doesnt specify a language if html. + */ + public static createCodeSnippet(code: string, language: string | null | undefined): string { + const codeSnippet = + ` +\`\`\` ${language ? language : 'html'} +${code} +\`\`\` +`; + + return codeSnippet; + } + + /** + * Markdown Horizontal rule. + */ + public static horizontalRule = '---'; + + /** + * The New line/Carriage return. + */ + public static newLine = + ` + +`; +} diff --git a/packages/formatter-markdown/tests/fixtures/list-of-problems.ts b/packages/formatter-markdown/tests/fixtures/list-of-problems.ts new file mode 100644 index 00000000000..93fdc69467c --- /dev/null +++ b/packages/formatter-markdown/tests/fixtures/list-of-problems.ts @@ -0,0 +1,107 @@ +import { Category, Problem, Severity } from '@hint/utils-types'; + +const multipleproblems: Problem[] = [{ + category: Category.other, + hintId: 'random-hint', + location: { + column: 10, + line: 1 + }, + message: 'This is a problem in line 1 column 10', + resource: 'http://myresource.com/', + severity: Severity.warning, + sourceCode: '' +}, +{ + category: Category.other, + hintId: 'random-hint', + location: { + column: 1, + line: 10 + }, + message: 'This is a problem in line 10', + resource: 'http://myresource.com/', + severity: Severity.warning, + sourceCode: '' +}, +{ + category: Category.other, + hintId: 'random-hint', + location: { + column: 1, + line: 5 + }, + message: 'This is a problem in line 5', + resource: 'http://myresource.com/', + severity: Severity.warning, + sourceCode: '' +}, +{ + category: Category.other, + hintId: 'random-hint', + location: { + column: 1, + line: 1 + }, + message: 'This is a problem in line 1 column 1', + resource: 'http://myresource.com/', + severity: Severity.error, + sourceCode: '' +}, +{ + category: Category.development, + hintId: 'axe', + location: { + column: 1, + line: 1 + }, + message: 'This is a problem in line 1 column 1', + resource: 'http://myresource.com/', + severity: Severity.error, + sourceCode: '' +}]; + +const oneOfEachSeverity: Problem[] = [{ + category: Category.other, + hintId: 'random-hint', + location: { + column: 10, + line: 1 + }, + message: 'This is a problem in line 1 column 10', + resource: 'http://myresource.com/', + severity: Severity.error, + sourceCode: '' +}, +{ + category: Category.other, + hintId: 'random-hint', + location: { + column: 1, + line: 10 + }, + message: 'This is a problem in line 10', + resource: 'http://myresource.com/', + severity: Severity.warning, + sourceCode: '' +}, +{ + category: Category.other, + hintId: 'random-hint', + location: { + column: 1, + line: 5 + }, + message: 'This is a problem in line 5', + resource: 'http://myresource.com/', + severity: Severity.hint, + sourceCode: '' +}]; + +const noproblems: Problem[] = []; + +export { + multipleproblems, + noproblems, + oneOfEachSeverity +}; diff --git a/packages/formatter-markdown/tests/tests.ts b/packages/formatter-markdown/tests/tests.ts new file mode 100644 index 00000000000..eb62146ac46 --- /dev/null +++ b/packages/formatter-markdown/tests/tests.ts @@ -0,0 +1,338 @@ +import * as path from 'path'; + +import anyTest, { TestInterface, ExecutionContext } from 'ava'; +import * as proxyquire from 'proxyquire'; +import * as sinon from 'sinon'; +import { Category, Severity } from '@hint/utils-types'; + +import Result, { CategoryResult } from '../src/result'; +import * as problems from './fixtures/list-of-problems'; +import { MarkdownHelpers } from '../src/utils'; +import { Problem } from '@hint/utils-types'; + +type FsExtra = { + copyFile: () => void; + existsSync: () => boolean; + outputFile: (path: string) => void; + readFile: () => string; + readFileSync: () => string; + unlink: () => void; +}; + +type MarkdownContext = { + fsExtra: FsExtra; +}; + +const test = anyTest as TestInterface; + +const initContext = (t: ExecutionContext) => { + t.context.fsExtra = { + copyFile() { }, + existsSync() { + return true; + }, + outputFile(path: string) { }, + readFile() { + return ''; + }, + readFileSync() { + return ''; + }, + unlink() { } + }; +}; + +const loadScript = (context: MarkdownContext) => { + const script = proxyquire('../src/formatter', { + '@hint/utils-fs': { + readFileAsync() { + return ''; + } + }, + 'fs-extra': { + '@noCallThru': true, + ...context.fsExtra + } + }); + + return script.default; +}; + +test.beforeEach(initContext); + +test(`Markdown formatter returns the right object`, async (t) => { + const MarkdownFormatter = loadScript(t.context); + const formatter = new MarkdownFormatter(); + + const result: Result = await formatter.format(problems.noproblems, { noGenerateFiles: true, target: 'http://example.com' }); + + t.plan((result.categories.length * 2) + 2); + + t.is(result.categories.length, 8); + t.is(result.hintsCount, 0); + + result.categories.forEach((cat) => { + t.is(cat.hints.length, 0); + t.is(cat.hintsCount, 0); + }); +}); + +test(`Markdown formatter returns the right number of errors and warnings`, async (t) => { + const MarkdownFormatter = loadScript(t.context); + const formatter = new MarkdownFormatter(); + + const result: Result = await formatter.format(problems.multipleproblems, { + noGenerateFiles: true, + target: 'http://example.com' + }); + + t.plan(13); + + t.is(result.categories.length, 8); + t.is(result.hintsCount, 5); + + const otherCategory = result.getCategoryByName(Category.other); + const devCategory = result.getCategoryByName(Category.development); + + if (otherCategory) { + t.is(otherCategory.hints.length, 1); + t.is(otherCategory.hintsCount, 4); + + const hint = otherCategory.getHintByName('random-hint'); + + if (hint) { + t.is(hint.problems.length, 4); + t.is(hint.count, 4); + } + } + + if (devCategory) { + t.is(devCategory.hints.length, 1); + t.is(devCategory.hintsCount, 1); + + const hint = devCategory.getHintByName('axe'); + + if (hint) { + t.is(hint.problems.length, 1); + t.is(hint.count, 1); + t.is(hint.thirdPartyInfo.link, 'https://github.com/dequelabs/axe-core'); + } + } + + result.removeCategory(Category.development); + + t.is(result.categories.length, 7); + t.is(result.hintsCount, 4); +}); + +test(`Markdown formatter return the right value for isFinish`, async (t) => { + const MarkdownFormatter = loadScript(t.context); + const formatter = new MarkdownFormatter(); + + const result: Result = await formatter.format(problems.multipleproblems, { + noGenerateFiles: true, + status: 'error', + target: 'http://example.com' + }); + + t.is(result.isFinish, true); +}); + +test(`Markdown formatter return the right scan time`, async (t) => { + const MarkdownFormatter = loadScript(t.context); + const formatter = new MarkdownFormatter(); + + const result: Result = await formatter.format(problems.multipleproblems, { + noGenerateFiles: true, + scanTime: 4500000, + target: 'http://example.com' + }); + + t.is(result.scanTime, '01:15:00'); +}); + +test(`Markdown formatter return the right third party logo url`, async (t) => { + const MarkdownFormatter = loadScript(t.context); + const formatter = new MarkdownFormatter(); + + const result1: Result = await formatter.format(problems.multipleproblems, { + noGenerateFiles: true, + target: 'http://example.com' + }); + const result2: Result = await formatter.format(problems.multipleproblems, { + isScanner: true, + noGenerateFiles: true, + target: 'http://example.com' + }); + + const category1 = result1.getCategoryByName(Category.development); + const category2 = result2.getCategoryByName(Category.development); + + t.plan(2); + + if (category1 && category2) { + const axe1 = category1.getHintByName('axe'); + const axe2 = category2.getHintByName('axe'); + + if (axe1) { + t.is(axe1.thirdPartyInfo.logo.url, 'images/scan/axe.png'); + } + + if (axe2) { + t.is(axe2.thirdPartyInfo.logo.url, '/images/scan/axe.png'); + } + } +}); + +test(`Markdown formatter create copy and generate the right files`, async (t) => { + const sandbox = sinon.createSandbox(); + + const fsExtraCopySpy = sandbox.spy(t.context.fsExtra, 'copyFile'); + const fsExtraOutputFileSpy = sandbox.spy(t.context.fsExtra, 'outputFile'); + + const MarkdownFormatter = loadScript(t.context); + const formatter = new MarkdownFormatter(); + + await formatter.format(problems.noproblems, { + config: {}, + target: 'http://example.com' + }); + + t.true(fsExtraCopySpy.calledOnce); + t.is(fsExtraOutputFileSpy.callCount, 1, 'The output spy count is wrong'); + + sandbox.restore(); +}); + +test(`Markdown formatter create copy and generate the right files if an output is provided`, async (t) => { + const sandbox = sinon.createSandbox(); + + const fsExtraCopyFileSpy = sandbox.spy(t.context.fsExtra, 'copyFile'); + const fsExtraOutputFileSpy = sandbox.spy(t.context.fsExtra, 'outputFile'); + const fsExtraUnlinkSpy = sandbox.spy(t.context.fsExtra, 'unlink'); + + const MarkdownFormatter = loadScript(t.context); + const formatter = new MarkdownFormatter(); + const outputFolder = path.join(process.cwd(), 'outputfolder'); + + await formatter.format(problems.noproblems, { + config: {}, + output: outputFolder, + target: 'http://example.com' + }); + + t.true(fsExtraCopyFileSpy.calledOnce); + t.is(fsExtraOutputFileSpy.callCount, 1); + t.true(fsExtraOutputFileSpy.args[0][0].includes(outputFolder)); + t.true(fsExtraUnlinkSpy.calledOnce); + + sandbox.restore(); +}); + +test(`Markdown formatter shoudn't copy and generate any file if option noGenerateFiles is passed`, async (t) => { + const sandbox = sinon.createSandbox(); + + const fsExtraCopySpy = sandbox.spy(t.context.fsExtra, 'copyFile'); + const fsExtraOutputFileSpy = sandbox.spy(t.context.fsExtra, 'outputFile'); + + const MarkdownFormatter = loadScript(t.context); + const formatter = new MarkdownFormatter(); + + await formatter.format(problems.noproblems, { + noGenerateFiles: true, + target: 'http://example.com' + }); + + t.false(fsExtraCopySpy.called); + t.false(fsExtraOutputFileSpy.called); + + sandbox.restore(); +}); + +test('Create header should create a header with the relevant amount of #s', (t) => { + const hashCount = 4; + const title = 'Test'; + const hashStringExpected = '#### Test'; + + const result = MarkdownHelpers.createHeader(title, hashCount); + + t.is(result, hashStringExpected, 'Create header should create a header with the right amount of hashes while add the title'); +}); + +test('Code snippet should default to HTML when no language given', (t) => { + const result = MarkdownHelpers.createCodeSnippet('

Test

', null); + + t.assert(result.includes('html'), 'Code should default to html when no language provided'); +}); + +test('When getting a severity icon a string must always be returned.', (t) => { + + const severities = [ + Severity.default, + Severity.error, + Severity.hint, + Severity.information, + Severity.warning, + Severity.off + ]; + + t.plan(severities.length); + + severities.forEach((severity) => { + const result = MarkdownHelpers.getSeverityIcon(severity); + + t.assert(result || result === '', `A string was not returned ${severity}`); + }); +}); + +test('When a markdown image is requested from the Link creator a valid markdown image should be returned', (t) => { + const altText = 'alternate text'; + const image = 'some-image.jpg'; + + const expected = `![${altText}](${image})`; + const actual = MarkdownHelpers.createLink(altText, image, true); + + t.is(actual, expected, `link is invalid actual ${actual}`); +}); + +test('Adding a hint that passes should increase the size of the passed hints', (t) => { + const hintName = 'TestHint'; + const status = 'pass'; + const res = new CategoryResult('SomeName', 'https://example.com', false); + const before = res.passed.length; + + res.addHint(hintName, status); + + t.assert(before < res.passed.length); +}); + +test('Adding a hint that passes should increase the size of hints', (t) => { + const hintName = 'TestHint'; + const status = 'fail'; + const res = new CategoryResult('SomeName', 'https://example.com', false); + const before = res.hints.length; + + res.addHint(hintName, status); + + t.assert(before < res.hints.length); +}); + +test('Having no problems will result in return an empty string', (t) => { + const arrayOfProblems: Problem[] = []; + + const response = MarkdownHelpers.getHintLevelSummary(arrayOfProblems); + + t.assert(response === ''); +}); + +test('Having a problems will result in return an string with three *s for each severity', (t) => { + const arrayOfProblems: Problem[] = problems.oneOfEachSeverity; + + const expected = 3; + const response = MarkdownHelpers.getHintLevelSummary(arrayOfProblems); + const amountOfStars = response.split('').filter((c) => { + return c === '*'; + }).length; + + t.assert(amountOfStars === expected); +}); diff --git a/packages/formatter-markdown/tsconfig.json b/packages/formatter-markdown/tsconfig.json new file mode 100644 index 00000000000..f705bd74d20 --- /dev/null +++ b/packages/formatter-markdown/tsconfig.json @@ -0,0 +1,22 @@ +{ + "compilerOptions": { + "outDir": "dist", + "strict": true + }, + "exclude": [ + "dist", + "node_modules" + ], + "extends": "../../tsconfig.json", + "include": [ + "src/**/*.ts", + "tests/**/*.ts" + ], + "references": [ + { "path": "../hint" }, + { "path": "../utils" }, + { "path": "../utils-fs" }, + { "path": "../utils-i18n" }, + { "path": "../utils-types" } + ] +} diff --git a/packages/hint-no-vulnerable-javascript-libraries/src/snyk-snapshot.json b/packages/hint-no-vulnerable-javascript-libraries/src/snyk-snapshot.json index 0515a0d2eef..b93405d97fc 100644 --- a/packages/hint-no-vulnerable-javascript-libraries/src/snyk-snapshot.json +++ b/packages/hint-no-vulnerable-javascript-libraries/src/snyk-snapshot.json @@ -1,25160 +1 @@ -{ - "npm": { - "ag-grid": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-AGGRID-11107" - ], - "creationTime": "2018-06-03T08:45:01.140000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.1, - "disclosureTime": "2017-10-16T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "14.0.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:ag-grid:20171016", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-AGGRID-11107" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:22.722429Z", - "moduleName": "ag-grid", - "packageManager": "npm", - "packageName": "ag-grid", - "patches": [], - "publicationTime": "2018-06-03T13:45:51Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/dominikg/ag-grid/commit/28625a36bf5a3d98081f44ef73d548e0191dfc2a" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/ag-grid/ag-grid/issues/1961" - } - ], - "semver": { - "vulnerable": [ - ">=13.0.0 <14.0.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-AGGRID-10432" - ], - "creationTime": "2017-03-16T09:05:41.103000Z", - "credit": [ - "Theodore Brown" - ], - "cvssScore": 6.5, - "disclosureTime": "2016-05-18T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "5.0.0-alpha.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:ag-grid:20160519", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-AGGRID-10432" - ], - "CVE": [], - "CWE": [ - "CWE-80" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:02.094429Z", - "moduleName": "ag-grid", - "packageManager": "npm", - "packageName": "ag-grid", - "patches": [], - "publicationTime": "2017-03-16T09:05:41Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/ceolter/ag-grid/commit/828cdcf68aa9c766439448db50b696b87e1d4962" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/ceolter/ag-grid/issues/913" - }, - { - "title": "Mozilla Documentation", - "url": "https://developer.mozilla.org/en-US/docs/Web/API/Element/innerHTML%23Security_considerations" - } - ], - "semver": { - "vulnerable": [ - ">=3.3.0 <5.0.0-alpha.0" - ] - }, - "severity": "medium", - "title": "HTML Injection" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-AGGRID-10431" - ], - "creationTime": "2017-03-16T08:45:01.140000Z", - "credit": [ - "Rob Winch", - "Gabrielle Bourdages" - ], - "cvssScore": 6.1, - "disclosureTime": "2016-01-27T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:ag-grid:20160128", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-AGGRID-10431" - ], - "CVE": [ - "CVE-2017-16009" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 327 - ] - }, - "language": "js", - "modificationTime": "2019-06-07T15:48:07.685921Z", - "moduleName": "ag-grid", - "packageManager": "npm", - "packageName": "ag-grid", - "patches": [], - "publicationTime": "2017-03-16T08:45:01Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/ceolter/ag-grid/issues/1287" - }, - { - "title": "Issue #AG-158", - "url": "https://www.ag-grid.com/ag-grid-pipeline/" - }, - { - "title": "Rob Winch Blog", - "url": "https://spring.io/blog/2016/01/28/angularjs-escaping-the-expression-sandbox-for-xss" - } - ], - "semver": { - "vulnerable": [ - "<0.0.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "angular": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/RL:O", - "alternativeIds": [], - "creationTime": "2020-06-11T15:24:03.552151Z", - "credit": [ - "Unknown" - ], - "cvssScore": 8.7, - "disclosureTime": "2020-06-11T15:21:40Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.8.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-ANGULAR-572020", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-5cp4-xmrw-59wf" - ] - }, - "language": "js", - "modificationTime": "2020-06-26T14:41:02.000771Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2020-06-11T15:24:07Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/2df43c07779137d1bddf7f3b282a1287a8634acd" - } - ], - "semver": { - "vulnerable": [ - "<1.8.0" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [], - "creationTime": "2020-05-21T13:15:54.457082Z", - "credit": [ - "Krzysztof Kotowicz" - ], - "cvssScore": 5.0, - "disclosureTime": "2020-05-19T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.8.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-ANGULAR-570058", - "identifiers": { - "CVE": [ - "CVE-2020-7676" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-06-07T15:15:04.074972Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2020-06-07T15:15:03Z", - "references": [ - { - "title": "GitHub PR", - "url": "https://github.com/angular/angular.js/pull/17028" - } - ], - "semver": { - "vulnerable": [ - "<1.8.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2019-11-19T14:54:36.625223Z", - "credit": [ - "Snyk Security Team" - ], - "cvssScore": 7.3, - "disclosureTime": "2019-11-06T14:52:06Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "1.7.9" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-ANGULAR-534884", - "identifiers": { - "CVE": [ - "CVE-2019-10768" - ], - "CWE": [ - "CWE-400" - ], - "GHSA": [ - "GHSA-89mq-4x47-5v83" - ], - "NSP": [ - 1343 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:05.785179Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2019-11-19T14:51:47Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3" - } - ], - "semver": { - "vulnerable": [ - ">=1.4.0-beta.6 <1.7.9" - ] - }, - "severity": "high", - "title": "Prototype Pollution" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2019-10-04T10:13:58.257194Z", - "credit": [ - "Unknown" - ], - "cvssScore": 5.3, - "disclosureTime": "2017-02-10T10:11:42Z", - "exploit": "Unproven", - "fixedIn": [ - "1.6.3" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-ANGULAR-471885", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:41:54.260693Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2019-10-04T10:11:35Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/3bb1dd5d7f7dcde6fea5a3148f8f10e92f451e9d" - }, - { - "title": "GitHub PR", - "url": "https://github.com/angular/angular.js/pull/15699" - } - ], - "semver": { - "vulnerable": [ - "<1.6.3" - ] - }, - "severity": "medium", - "title": "Denial of Service (DoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:R", - "alternativeIds": [], - "creationTime": "2019-10-04T10:04:35.446281Z", - "credit": [ - "Cure53" - ], - "cvssScore": 6.5, - "disclosureTime": "2015-05-25T10:01:21Z", - "exploit": "Unproven", - "fixedIn": [ - "1.6.5" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-ANGULAR-471882", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:03.091912Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2019-10-04T10:01:13Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94" - } - ], - "semver": { - "vulnerable": [ - "<1.6.5" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:R", - "alternativeIds": [], - "creationTime": "2019-10-04T09:29:33.761002Z", - "credit": [ - "Chirayu Krishnappa" - ], - "cvssScore": 6.5, - "disclosureTime": "2015-03-17T09:26:37Z", - "exploit": "Unproven", - "fixedIn": [ - "1.6.0-rc.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-ANGULAR-471879", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-28hp-fgcr-2r4h" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:00.836150Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2019-10-04T09:26:25Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/6476af83cd0418c84e034a955b12a842794385c4" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/angular/angular.js/issues/11352" - } - ], - "semver": { - "vulnerable": [ - "<1.6.0-rc.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-ANGULAR-12069" - ], - "creationTime": "2018-02-05T21:18:55.501000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2018-02-02T21:18:55Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.6.9" - ], - "functions": [], - "functions_new": [], - "id": "npm:angular:20180202", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANGULAR-12069" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:54.008914Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2018-02-19T16:16:42Z", - "references": [ - { - "title": "GitHub ChangeLog", - "url": "https://github.com/angular/angular.js/blob/master/CHANGELOG.md%23169-fiery-basilisk-2018-02-02" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/b9ef6585e10477fbbf912a971fe0b390bca692a6" - }, - { - "title": "GitHub PR", - "url": "https://github.com/angular/angular.js/pull/16414" - } - ], - "semver": { - "vulnerable": [ - "<1.6.9" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-ANGULAR-12026" - ], - "creationTime": "2017-12-19T11:18:55.007000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2017-10-17T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.6.7" - ], - "functions": [], - "functions_new": [], - "id": "npm:angular:20171018", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANGULAR-12026" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:23.534831Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2017-12-25T14:45:01Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/667db466f959f8bbca1451d0f1c1a3db25d46a6c" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/angular/angular.js/issues/16288" - }, - { - "title": "GitHub PR", - "url": "https://github.com/angular/angular.js/pull/16311" - } - ], - "semver": { - "vulnerable": [ - "<1.6.7" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-ANGULAR-10203" - ], - "creationTime": "2016-11-09T13:00:18.135000Z", - "credit": [ - "Raphaël Jamet" - ], - "cvssScore": 4.8, - "disclosureTime": "2016-05-26T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.2.30" - ], - "functions": [], - "functions_new": [], - "id": "npm:angular:20160527", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANGULAR-10203" - ], - "CVE": [], - "CWE": [ - "CWE-94" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:44.396115Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2017-01-23T12:40:00Z", - "references": [ - { - "title": "GitHub ChangeLog", - "url": "https://github.com/angular/angular.js/blob/master/CHANGELOG.md%231230-patronal-resurrection-2016-07-21" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/f35f334bd3197585bdf034f4b6d9ffa3122dac62" - }, - { - "title": "GitHub PR", - "url": "https://github.com/angular/angular.js/pull/14687" - } - ], - "semver": { - "vulnerable": [ - ">=1.0.0 <1.2.30" - ] - }, - "severity": "medium", - "title": "Arbitrary Script Injection" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-ANGULAR-10202" - ], - "creationTime": "2016-11-09T12:45:57.682000Z", - "credit": [ - "Lucas Mirelmann" - ], - "cvssScore": 4.3, - "disclosureTime": "2016-01-21T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.5.0-rc.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:angular:20160122", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANGULAR-10202" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:25.352044Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2017-01-23T12:30:00Z", - "references": [ - { - "title": "GitHub ChangeLog", - "url": "https://github.com/angular/angular.js/blob/master/CHANGELOG.md%23150-rc2-controller-requisition-2016-01-28" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/234053fc9ad90e0d05be7e8359c6af66be94c094" - }, - { - "title": "GitHub PR", - "url": "https://github.com/angular/angular.js/pull/13826" - } - ], - "semver": { - "vulnerable": [ - ">=1.3.0 <1.5.0-rc.2" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-ANGULAR-10201" - ], - "creationTime": "2016-11-09T12:23:07.035000Z", - "credit": [ - "Jann Horn" - ], - "cvssScore": 3.7, - "disclosureTime": "2014-06-07T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.3.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:angular:20140608", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANGULAR-10201" - ], - "CVE": [], - "CWE": [ - "CWE-94" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:46.336528Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2017-01-23T10:40:00Z", - "references": [ - { - "title": "GitHub ChangeLog", - "url": "https://github.com/angular/angular.js/blob/b3b5015cb7919708ce179dc3d6f0d7d7f43ef621/CHANGELOG.md%23130-beta14-harmonious-cacophonies-2014-06-30" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/48fa3aadd546036c7e69f71046f659ab1de244c6" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/528be29d1662122a34e204dd607e1c0bd9c16bbc" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/77ada4c82d6b8fc6d977c26f3cdb48c2f5fbe5a5" - } - ], - "semver": { - "vulnerable": [ - "<1.3.0" - ] - }, - "severity": "low", - "title": "Arbitrary Code Execution" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-ANGULAR-10200" - ], - "creationTime": "2016-11-09T12:07:09.956000Z", - "credit": [ - "Chirayu Krishnappa" - ], - "cvssScore": 7.4, - "disclosureTime": "2013-11-12T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.2.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:angular:20131113", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANGULAR-10200" - ], - "CVE": [], - "CWE": [ - "CWE-284" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:54.005310Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2017-01-23T10:30:00Z", - "references": [ - { - "title": "AngularJS Wiki", - "url": "https://code.google.com/archive/p/mustache-security/wikis/AngularJS.wiki%23The_State_of_AngularJS_1.2.x" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/angular/angular.js/issues/4927" - }, - { - "title": "GitHub PR", - "url": "https://github.com/angular/angular.js/pull/4933" - } - ], - "semver": { - "vulnerable": [ - "<1.2.2" - ] - }, - "severity": "high", - "title": "Protection Bypass" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-ANGULAR-10191" - ], - "creationTime": "2016-11-07T09:46:43.092000Z", - "credit": [ - "Laurent Trillaud" - ], - "cvssScore": 5.3, - "disclosureTime": "2014-09-07T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.3.0-rc.4" - ], - "functions": [], - "functions_new": [], - "id": "npm:angular:20140908", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANGULAR-10191" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:44.366793Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2017-01-23T10:50:00Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/ab80cd90661396dbb1c94c5f4dd2d11ee8f6b6af" - }, - { - "title": "GitHub PR", - "url": "https://github.com/angular/angular.js/pull/8975" - } - ], - "semver": { - "vulnerable": [ - "<1.3.0-rc.4" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-ANGULAR-10190" - ], - "creationTime": "2016-11-07T09:16:32.893000Z", - "credit": [ - "Martin Probst" - ], - "cvssScore": 6.5, - "disclosureTime": "2016-10-31T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.5.9" - ], - "functions": [], - "functions_new": [], - "id": "npm:angular:20161101", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANGULAR-10190" - ], - "CVE": [], - "CWE": [ - "CWE-284" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:46.330946Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2017-01-23T12:50:00Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/0ff10e1b56c6b7c4ac465e35c96a5886e294bac5" - }, - { - "title": "GitHub PR", - "url": "https://github.com/angular/angular.js/pull/15346" - } - ], - "semver": { - "vulnerable": [ - ">=1.5.0 <1.5.9" - ] - }, - "severity": "medium", - "title": "Content Security Policy (CSP) Bypass" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-ANGULAR-10182" - ], - "creationTime": "2016-11-02T08:40:11.750000Z", - "credit": [ - "Igor Minar" - ], - "cvssScore": 7.1, - "disclosureTime": "2015-09-08T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.5.0-beta.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:angular:20150909", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANGULAR-10182" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:11.030792Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2017-01-23T12:00:00Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/bc0d8c4eea9a34bff5e29dd492dcdd668251be40" - }, - { - "title": "GitHub PR", - "url": "https://github.com/angular/angular.js/pull/12524" - } - ], - "semver": { - "vulnerable": [ - "<1.5.0-beta.2" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-ANGULAR-10181" - ], - "creationTime": "2016-11-02T08:26:38.753000Z", - "credit": [ - "Pete Bacon Darwin" - ], - "cvssScore": 4.3, - "disclosureTime": "2015-12-04T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.5.0-rc.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:angular:20151205", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANGULAR-10181" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:26.873746Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2017-01-23T12:20:00Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/7a668cdd7d08a7016883eb3c671cbcd586223ae8" - }, - { - "title": "GitHub PR", - "url": "https://github.com/angular/angular.js/pull/13453" - } - ], - "semver": { - "vulnerable": [ - "<1.5.0-rc.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-ANGULAR-10180" - ], - "creationTime": "2016-11-02T08:16:55.157000Z", - "credit": [ - "Lucas Mirelmann" - ], - "cvssScore": 5.4, - "disclosureTime": "2015-11-29T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.4.10" - ], - "functions": [], - "functions_new": [], - "id": "npm:angular:20151130", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANGULAR-10180" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:53.994256Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2017-01-23T12:10:00Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/5a674f3bb9d1118d11b333e3b966c01a571c09e6" - }, - { - "title": "GitHub PR", - "url": "https://github.com/angular/angular.js/pull/13417" - } - ], - "semver": { - "vulnerable": [ - "<1.4.10" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-ANGULAR-10179" - ], - "creationTime": "2016-11-01T15:35:22.355000Z", - "credit": [ - "Chirayu Krishnappa" - ], - "cvssScore": 5.4, - "disclosureTime": "2013-06-21T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.2.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:angular:20130622", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANGULAR-10179" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:10.289596Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2017-01-23T10:10:00Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/38deedd6e3d806eb8262bb43f26d47245f6c2739" - }, - { - "title": "GitHub PR", - "url": "https://github.com/angular/angular.js/pull/3030" - } - ], - "semver": { - "vulnerable": [ - ">=1.0.0 <1.2.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-ANGULAR-10177" - ], - "creationTime": "2016-11-01T13:30:14.967000Z", - "credit": [ - "Igor Minar" - ], - "cvssScore": 6.8, - "disclosureTime": "2015-08-06T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.5.0-beta.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:angular:20150807-1", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANGULAR-10177" - ], - "CVE": [], - "CWE": [ - "CWE-693" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:53.983649Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2017-01-23T11:50:00Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/181fc567d873df065f1e84af7225deb70a8d2eb9" - }, - { - "title": "GitHub PR", - "url": "https://github.com/angular/angular.js/pull/12524" - } - ], - "semver": { - "vulnerable": [ - ">=1.3.1 <1.5.0-beta.0" - ] - }, - "severity": "medium", - "title": "Clickjacking" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-ANGULAR-10176" - ], - "creationTime": "2016-11-01T13:30:14.967000Z", - "credit": [ - "Igor Minar" - ], - "cvssScore": 7.1, - "disclosureTime": "2015-08-06T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.5.0-beta.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:angular:20150807", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANGULAR-10176" - ], - "CVE": [ - "CVE-2019-14863" - ], - "CWE": [ - "CWE-78" - ], - "NSP": [ - 1453 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:46.325145Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2017-01-23T11:40:00Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a" - }, - { - "title": "GitHub PR", - "url": "https://github.com/angular/angular.js/pull/12524" - } - ], - "semver": { - "vulnerable": [ - ">=1.0.0 <1.5.0-beta.0" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-ANGULAR-10175" - ], - "creationTime": "2016-11-01T14:36:18.735000Z", - "credit": [ - "Pete Bacon Darwin" - ], - "cvssScore": 6.5, - "disclosureTime": "2015-03-14T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.6.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:angular:20150315", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANGULAR-10175" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:44.352943Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2017-02-13T18:30:00Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/angular/angular.js/issues/11328" - }, - { - "title": "GitHub PR", - "url": "https://github.com/angular/angular.js/pull/15143" - }, - { - "title": "GitHub PR", - "url": "https://github.com/angular/angular.js/pull/15161" - } - ], - "semver": { - "vulnerable": [ - "<1.6.1" - ] - }, - "severity": "medium", - "title": "JSONP Callback Attack" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-ANGULAR-10174" - ], - "creationTime": "2016-11-01T14:24:12.988000Z", - "credit": [ - "Rodric Haddad" - ], - "cvssScore": 7.4, - "disclosureTime": "2015-03-09T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.4.0-beta.6" - ], - "functions": [], - "functions_new": [], - "id": "npm:angular:20150310", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANGULAR-10174" - ], - "CVE": [], - "CWE": [ - "CWE-78" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:02.855299Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2017-01-23T11:20:00Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/67688d5ca00f6de4c7fe6084e2fa762a00d25610" - }, - { - "title": "GitHub PR", - "url": "https://github.com/angular/angular.js/pull/11290" - } - ], - "semver": { - "vulnerable": [ - "<1.4.0-beta.6" - ] - }, - "severity": "high", - "title": "Arbitrary Code Execution" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", - "alternativeIds": [ - "SNYK-JS-ANGULAR-10173" - ], - "creationTime": "2016-11-01T12:33:38.496000Z", - "credit": [ - "Sebastian Lekies", - "Jann Horn", - "Gábor Molnár" - ], - "cvssScore": 6.5, - "disclosureTime": "2014-11-03T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.3.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:angular:20141104", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANGULAR-10173" - ], - "CVE": [], - "CWE": [ - "CWE-78" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:53.980250Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2017-01-23T11:10:00Z", - "references": [ - { - "title": "GitHub ChangeLog", - "url": "https://github.com/angular/angular.js/blob/master/CHANGELOG.md%23132-cardiovasculatory-magnification-2014-11-07" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/e676d642f5feb8d3ba88944634afb479ba525c36" - } - ], - "semver": { - "vulnerable": [ - "<1.3.2" - ] - }, - "severity": "medium", - "title": "Arbitrary Command Execution" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-ANGULAR-10170" - ], - "creationTime": "2016-11-01T14:08:59.890000Z", - "credit": [ - "Chirayu Krishnappa" - ], - "cvssScore": 6.8, - "disclosureTime": "2013-06-20T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.2.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:angular:20130621", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANGULAR-10170" - ], - "CVE": [], - "CWE": [ - "CWE-78" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:29.064491Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2017-01-23T10:00:00Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/39841f2ec9b17b3b2920fd1eb548d444251f4f56" - }, - { - "title": "GitHub PR", - "url": "https://github.com/angular/angular.js/pull/3028" - } - ], - "semver": { - "vulnerable": [ - "<1.2.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-ANGULAR-10141" - ], - "creationTime": "2016-11-01T13:57:31.962000Z", - "credit": [ - "Chirayu Krishnappa" - ], - "cvssScore": 7.4, - "disclosureTime": "2014-09-08T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.2.24" - ], - "functions": [], - "functions_new": [], - "id": "npm:angular:20140909", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANGULAR-10141" - ], - "CVE": [], - "CWE": [ - "CWE-502" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:46.328040Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2017-01-23T11:00:00Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/b39e1d47b9a1b39a9fe34c847a81f589fba522f8" - }, - { - "title": "GitHub PR", - "url": "https://github.com/angular/angular.js/pull/8984" - } - ], - "semver": { - "vulnerable": [ - ">=1.2.19 <1.2.24" - ] - }, - "severity": "high", - "title": "Unsafe Object Deserialization" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "alternativeIds": [ - "SNYK-JS-ANGULAR-10140" - ], - "creationTime": "2016-11-01T12:48:50.251000Z", - "credit": [ - "Chirayu Krishnappa", - "Igor Minar" - ], - "cvssScore": 8.1, - "disclosureTime": "2013-06-24T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.1.5" - ], - "functions": [], - "functions_new": [], - "id": "npm:angular:20130625", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANGULAR-10140" - ], - "CVE": [], - "CWE": [ - "CWE-78" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:53.997897Z", - "moduleName": "angular", - "packageManager": "npm", - "packageName": "angular", - "patches": [], - "publicationTime": "2017-01-23T10:20:00Z", - "references": [ - { - "title": "GitHub ChangeLog", - "url": "https://github.com/angular/angular.js/blob/master/CHANGELOG.md%23120rc1-spooky-giraffe-2013-08-13" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/angular/angular.js/commit/5349b20097dc5cdff0216ee219ac5f6e6ef8c219" - }, - { - "title": "GitHub PR", - "url": "https://github.com/angular/angular.js/pull/3043" - } - ], - "semver": { - "vulnerable": [ - "<1.1.5" - ] - }, - "severity": "high", - "title": "Arbitrary Script Injection" - } - ], - "angular-gettext": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-ANGULARGETTEXT-10178" - ], - "creationTime": "2016-11-01T13:19:47.018000Z", - "credit": [ - "Walden Raines" - ], - "cvssScore": 6.5, - "disclosureTime": "2014-06-23T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.0.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:angular-gettext:20140624", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANGULARGETTEXT-10178" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:09.538993Z", - "moduleName": "angular-gettext", - "packageManager": "npm", - "packageName": "angular-gettext", - "patches": [], - "publicationTime": "2017-01-23T09:50:00Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/rubenv/angular-gettext/commit/a1ef4c26c3cae348c601cbbf2f9f4ac96f397755" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/rubenv/angular-gettext/issues/74" - } - ], - "semver": { - "vulnerable": [ - "<1.0.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "angular-jwt": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-ANGULARJWT-12188" - ], - "creationTime": "2018-06-19T23:34:46.002000Z", - "credit": [ - "Stephan Hauser" - ], - "cvssScore": 6.5, - "disclosureTime": "2018-06-05T23:34:46Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.1.10" - ], - "functions": [], - "functions_new": [], - "id": "npm:angular-jwt:20180605", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANGULARJWT-12188" - ], - "CVE": [ - "CVE-2018-11537" - ], - "CWE": [ - "CWE-284" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:53.845148Z", - "moduleName": "angular-jwt", - "packageManager": "npm", - "packageName": "angular-jwt", - "patches": [], - "publicationTime": "2018-08-16T12:57:41Z", - "references": [ - { - "title": "Auth0 Security Bulletins", - "url": "https://auth0.com/docs/security/bulletins/cve-2018-11537" - } - ], - "semver": { - "vulnerable": [ - "<0.1.10" - ] - }, - "severity": "medium", - "title": "Access Restriction Bypass" - } - ], - "angular-redactor": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-ANGULARREDACTOR-12175" - ], - "creationTime": "2018-07-05T22:56:23.408000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2018-07-05T22:56:23.408000Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:angular-redactor:20180705", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANGULARREDACTOR-12175" - ], - "CVE": [ - "CVE-2018-13339" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2018-11-18T11:50:51.817504Z", - "moduleName": "angular-redactor", - "packageManager": "npm", - "packageName": "angular-redactor", - "patches": [], - "publicationTime": "2018-07-19T07:52:05.980000Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/TylerGarlick/angular-redactor/issues/77" - } - ], - "semver": { - "vulnerable": [ - "<=1.1.7" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "ansi2html": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [ - "SNYK-JS-ANSI2HTML-10058" - ], - "creationTime": "2015-11-06T02:09:36.185000Z", - "credit": [ - "Adam Baldwin" - ], - "cvssScore": 7.5, - "disclosureTime": "2015-10-25T01:35:01.611000Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:ansi2html:20151025", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ANSI2HTML-10058" - ], - "CVE": [ - "CVE-2015-9239" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 51 - ] - }, - "language": "js", - "modificationTime": "2018-11-18T11:50:40.277800Z", - "moduleName": "ansi2html", - "packageManager": "npm", - "packageName": "ansi2html", - "patches": [], - "publicationTime": "2015-11-06T02:09:36.185000Z", - "references": [ - { - "title": "GITHUB.COM", - "url": "https://github.com/agnoster/ansi2html/blob/master/lib/index.js%23L52" - }, - { - "title": "WWW.OWASP.ORG", - "url": "https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS" - } - ], - "semver": { - "vulnerable": [ - "<=0.0.1" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "ascii-art": [ - { - "CVSSv3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "alternativeIds": [], - "creationTime": "2018-09-12T12:14:54.418943Z", - "credit": [ - "Douglas Hall" - ], - "cvssScore": 8.6, - "disclosureTime": "2018-09-09T20:03:31Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.4.4" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-ASCIIART-72306", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-94" - ], - "GHSA": [ - "GHSA-9hqj-38j2-5jgm" - ], - "NSP": [ - 727 - ] - }, - "language": "js", - "modificationTime": "2019-02-12T10:28:59.338232Z", - "moduleName": "ascii-art", - "packageManager": "npm", - "packageName": "ascii-art", - "patches": [], - "publicationTime": "2018-09-09T20:03:31Z", - "references": [ - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/390631" - }, - { - "title": "NPM Security Advisory", - "url": "https://www.npmjs.com/advisories/727" - } - ], - "semver": { - "vulnerable": [ - "<1.4.4" - ] - }, - "severity": "high", - "title": "Arbitrary Command Injection" - } - ], - "assign-deep": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2019-06-20T09:31:34.372811Z", - "credit": [ - "Snyk Security Team" - ], - "cvssScore": 7.3, - "disclosureTime": "2019-06-19T09:28:14Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "1.0.1", - "0.4.8" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "index.js", - "functionName": "extend" - }, - "version": [ - "<1.0.0" - ] - }, - { - "functionId": { - "className": null, - "filePath": "index.js", - "functionName": "assign.module.exports" - }, - "version": [ - ">=1.0.0 <1.0.1" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "index.js", - "functionName": "extend" - }, - "version": [ - "<1.0.0" - ] - }, - { - "functionId": { - "filePath": "index.js", - "functionName": "assign.module.exports" - }, - "version": [ - ">=1.0.0 <1.0.1" - ] - } - ], - "id": "SNYK-JS-ASSIGNDEEP-450211", - "identifiers": { - "CVE": [ - "CVE-2019-10745" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 1014 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:58.593555Z", - "moduleName": "assign-deep", - "packageManager": "npm", - "packageName": "assign-deep", - "patches": [], - "publicationTime": "2019-06-20T09:28:12Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/jonschlinkert/assign-deep/commit/90bf1c551d05940898168d04066bbf15060f50cc" - } - ], - "semver": { - "vulnerable": [ - ">=1.0.0 <1.0.1", - "<0.4.8" - ] - }, - "severity": "high", - "title": "Prototype Pollution" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [ - "SNYK-JS-ASSIGNDEEP-12066" - ], - "creationTime": "2018-02-15T08:29:23.804000Z", - "credit": [ - "Olivier Arteau (HoLyVieR)" - ], - "cvssScore": 6.3, - "disclosureTime": "2018-02-15T08:29:23Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.4.7" - ], - "functions": [], - "functions_new": [], - "id": "npm:assign-deep:20180215", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ASSIGNDEEP-12066" - ], - "CVE": [ - "CVE-2018-3720" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 579 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:32.891787Z", - "moduleName": "assign-deep", - "packageManager": "npm", - "packageName": "assign-deep", - "patches": [], - "publicationTime": "2018-02-16T08:29:23Z", - "references": [ - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/310707" - } - ], - "semver": { - "vulnerable": [ - "<0.4.7" - ] - }, - "severity": "medium", - "title": "Prototype Pollution" - } - ], - "astronomia": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-ASTRONOMIA-10919" - ], - "creationTime": "2018-02-25T13:55:42.774000Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 3.7, - "disclosureTime": "2018-02-25T13:55:42.774000Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "1.3.9" - ], - "functions": [], - "functions_new": [], - "id": "npm:astronomia:20180225", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ASTRONOMIA-10919" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.695912Z", - "moduleName": "astronomia", - "packageManager": "npm", - "packageName": "astronomia", - "patches": [], - "publicationTime": "2018-02-25T14:35:12.793000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/commenthol/astronomia/commit/223275f8531ba22d68421465737ce02e1952df89" - } - ], - "semver": { - "vulnerable": [ - "<1.3.9" - ] - }, - "severity": "low", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "atob": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H/E:F/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-ATOB-12131" - ], - "creationTime": "2018-03-04T16:43:31.873000Z", - "credit": [ - "ChALkeR" - ], - "cvssScore": 6.5, - "disclosureTime": "2018-04-29T16:43:31Z", - "exploit": "Functional", - "fixedIn": [ - "2.1.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:atob:20180429", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ATOB-12131" - ], - "CVE": [ - "CVE-2018-3745" - ], - "CWE": [ - "CWE-201" - ], - "NSP": [ - 646 - ] - }, - "language": "js", - "modificationTime": "2020-09-07T12:03:17.240564Z", - "moduleName": "atob", - "packageManager": "npm", - "packageName": "atob", - "patches": [], - "publicationTime": "2018-04-30T13:07:31Z", - "references": [ - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/321686" - } - ], - "semver": { - "vulnerable": [ - "<2.1.0" - ] - }, - "severity": "medium", - "title": "Uninitialized Memory Exposure" - } - ], - "auth0-lock": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:R", - "alternativeIds": [], - "creationTime": "2020-08-20T09:27:39.056113Z", - "credit": [ - "mvisat" - ], - "cvssScore": 3.7, - "disclosureTime": "2020-08-19T21:05:03Z", - "exploit": "Unproven", - "fixedIn": [ - "11.26.3" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-AUTH0LOCK-607904", - "identifiers": { - "CVE": [ - "CVE-2020-15119" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-08-20T10:03:43.562758Z", - "moduleName": "auth0-lock", - "packageManager": "npm", - "packageName": "auth0-lock", - "patches": [], - "publicationTime": "2020-08-20T10:03:43.325676Z", - "references": [ - { - "title": "GitHub Additional Information", - "url": "https://github.com/advisories/GHSA-6gg3-pmm7-97xc" - }, - { - "title": "GitHub Advisory", - "url": "https://github.com/auth0/lock/security/advisories/GHSA-6gg3-pmm7-97xc" - }, - { - "title": "NVD", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15119" - } - ], - "semver": { - "vulnerable": [ - "<11.26.3" - ] - }, - "severity": "low", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [], - "creationTime": "2020-02-02T10:59:16.702674Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2020-01-30T11:04:47Z", - "exploit": "Not Defined", - "fixedIn": [ - "11.21.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-AUTH0LOCK-543943", - "identifiers": { - "CVE": [ - "CVE-2019-20174" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:50.933522Z", - "moduleName": "auth0-lock", - "packageManager": "npm", - "packageName": "auth0-lock", - "patches": [], - "publicationTime": "2020-02-02T15:06:50Z", - "references": [ - { - "title": "GitHub Advisory", - "url": "https://github.com/auth0/lock/security/advisories/GHSA-w2pf-g6r8-pg22" - } - ], - "semver": { - "vulnerable": [ - "<11.21.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-AUTH0LOCK-11083" - ], - "creationTime": "2018-04-09T10:37:27.718000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2018-04-04T17:29:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "11.0.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:auth0-lock:20180409", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-AUTH0LOCK-11083" - ], - "CVE": [ - "CVE-2018-6874" - ], - "CWE": [ - "CWE-352" - ] - }, - "language": "js", - "modificationTime": "2019-06-02T07:10:30.849495Z", - "moduleName": "auth0-lock", - "packageManager": "npm", - "packageName": "auth0-lock", - "patches": [], - "publicationTime": "2018-04-09T15:17:27.297000Z", - "references": [ - { - "title": "Auth0 Security Advisory", - "url": "https://auth0.com/docs/security/bulletins/cve-2018-6874" - } - ], - "semver": { - "vulnerable": [ - "<11.0.0" - ] - }, - "severity": "medium", - "title": "Cross-site Request Forgery (CSRF)" - } - ], - "backbone": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-BACKBONE-10110" - ], - "creationTime": "2016-05-24T06:45:20.086000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2016-05-23T17:50:20Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.1.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:backbone:20160523", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-BACKBONE-10110" - ], - "CVE": [ - "CVE-2016-10537" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 108 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:35.874239Z", - "moduleName": "backbone", - "packageManager": "npm", - "packageName": "backbone", - "patches": [], - "publicationTime": "2016-06-22T17:50:20Z", - "references": [ - { - "title": "GitHub Comparison", - "url": "https://github.com/jashkenas/backbone/compare/0.3.3...0.5.0%23diff-0d56d0d310de7ff18b3cef9c2f8f75dcL1008" - }, - { - "title": "SNYK.IO", - "url": "https://snyk.io/blog/marked-xss-vulnerability/" - } - ], - "semver": { - "vulnerable": [ - "<0.1.2" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-BACKBONE-10054" - ], - "creationTime": "2015-11-06T02:09:36.180000Z", - "credit": [], - "cvssScore": 6.5, - "disclosureTime": "2015-11-06T02:09:36.180000Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.5.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:backbone:20110701", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-BACKBONE-10054" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:40.049922Z", - "moduleName": "backbone", - "packageManager": "npm", - "packageName": "backbone", - "patches": [ - { - "comments": [ - "https://github.com/jashkenas/backbone/commit/0cdc525961d3fa98e810ffae6bcc8e3838e36d93.patch" - ], - "id": "patch:npm:backbone:20110701:0", - "modificationTime": "2019-12-03T11:40:45.759870Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/backbone/20110701/backbone_20110701_0_0_0cdc525961d3fa98e810ffae6bcc8e3838e36d93.patch" - ], - "version": "<0.5.0 >=0.3.3" - } - ], - "publicationTime": "2015-11-06T02:09:36.180000Z", - "references": [ - { - "title": "BACKBONEJS.ORG", - "url": "http://backbonejs.org/%23changelog" - } - ], - "semver": { - "vulnerable": [ - "<0.5.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "base64-url": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:F/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-BASE64URL-12144" - ], - "creationTime": "2018-03-04T10:54:40.689000Z", - "credit": [ - "ChALkeR" - ], - "cvssScore": 8.6, - "disclosureTime": "2018-05-12T10:54:40Z", - "exploit": "Functional", - "fixedIn": [ - "2.0.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:base64-url:20180512", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-BASE64URL-12144" - ], - "CVE": [], - "CWE": [ - "CWE-201" - ], - "GHSA": [ - "GHSA-j4mr-9xw3-c9jx" - ], - "NSP": [ - 660 - ] - }, - "language": "js", - "modificationTime": "2019-06-02T07:14:06.300542Z", - "moduleName": "base64-url", - "packageManager": "npm", - "packageName": "base64-url", - "patches": [], - "publicationTime": "2018-05-13T14:26:26Z", - "references": [ - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/321692" - } - ], - "semver": { - "vulnerable": [ - "<2.0.0" - ] - }, - "severity": "high", - "title": "Uninitialized Memory Exposure" - } - ], - "blueimp-file-upload": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:H/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2018-10-14T07:47:55.419617Z", - "credit": [ - "Larry W Cashdollar" - ], - "cvssScore": 7.3, - "disclosureTime": "2018-10-09T15:23:44Z", - "exploit": "High", - "fixedIn": [ - "9.22.1" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-BLUEIMPFILEUPLOAD-72453", - "identifiers": { - "CVE": [ - "CVE-2018-9206" - ], - "CWE": [ - "CWE-434" - ] - }, - "language": "js", - "modificationTime": "2018-11-18T11:50:39.909905Z", - "moduleName": "blueimp-file-upload", - "packageManager": "npm", - "packageName": "blueimp-file-upload", - "patches": [], - "publicationTime": "2018-10-15T15:33:46Z", - "references": [ - { - "title": "Exploit DB", - "url": "https://exploit-db.com/exploits/45790" - }, - { - "title": "Exploit DB", - "url": "https://www.exploit-db.com/exploits/46182" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/blueimp/jQuery-File-Upload/commit/aeb47e51c67df8a504b7726595576c1c66b5dc2f" - }, - { - "title": "GitHub PR", - "url": "https://github.com/blueimp/jQuery-File-Upload/pull/3514" - }, - { - "title": "Vapidlabs Advisory", - "url": "http://www.vapidlabs.com/advisory.php?v=204" - } - ], - "semver": { - "vulnerable": [ - "<9.22.1" - ] - }, - "severity": "high", - "title": "Arbitrary Code Execution" - } - ], - "bootstrap": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [], - "creationTime": "2019-02-15T11:59:02.487381Z", - "credit": [ - "Yonatan Offek (poiu)" - ], - "cvssScore": 6.5, - "disclosureTime": "2019-02-11T19:32:59Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.4.1", - "4.3.1" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-BOOTSTRAP-173700", - "identifiers": { - "CVE": [ - "CVE-2019-8331" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 891 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:05.534360Z", - "moduleName": "bootstrap", - "packageManager": "npm", - "packageName": "bootstrap", - "patches": [], - "publicationTime": "2019-02-15T19:32:59Z", - "references": [ - { - "title": "Bootstrap Blog", - "url": "https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/twbs/bootstrap/pull/28236/commits/5efa9b531d25927b907e3fa24b818608bc38a2f0" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/twbs/bootstrap-rubygem/commit/a63d04c96d14e42492ccdba1d7f3d6ec1af022a9" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/twbs/bootstrap/issues/28236" - }, - { - "title": "NPM Security Adviory", - "url": "https://www.npmjs.com/advisories/891" - } - ], - "semver": { - "vulnerable": [ - "<3.4.1", - ">=4.0.0 <4.3.1" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [], - "creationTime": "2019-01-21T08:14:15.361480Z", - "credit": [ - "1Jesper1" - ], - "cvssScore": 6.5, - "disclosureTime": "2018-05-29T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.1.2" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-BOOTSTRAP-73560", - "identifiers": { - "CVE": [ - "CVE-2018-14041" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:36.592600Z", - "moduleName": "bootstrap", - "packageManager": "npm", - "packageName": "bootstrap", - "patches": [], - "publicationTime": "2018-06-12T08:15:05Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/twbs/bootstrap/commit/149096016f70fd815540d62c0989fd99cdc809e0" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/twbs/bootstrap/pull/26630/commits/3229efc0811df29765c1d0a949c85362378b0628" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/twbs/bootstrap/pull/26630/commits/3ba186313e9e651bbd52a6a3a0305891dee0a621" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/twbs/bootstrap/pull/26630/commits/efca80bb5bb34546a2e7a9488b89f71457d2ad92" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/twbs/bootstrap/issues/26625" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/twbs/bootstrap/issues/26627" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/twbs/bootstrap/issues/26628" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/twbs/bootstrap/issues/27915%23issuecomment-452140906" - }, - { - "title": "GitHub PR", - "url": "https://github.com/twbs/bootstrap/pull/26630" - } - ], - "semver": { - "vulnerable": [ - ">=4.0.0 <4.1.2" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [], - "creationTime": "2019-01-09T12:07:55.360482Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2019-01-09T05:29:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.4.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-BOOTSTRAP-72890", - "identifiers": { - "CVE": [ - "CVE-2018-20677" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:03.820887Z", - "moduleName": "bootstrap", - "packageManager": "npm", - "packageName": "bootstrap", - "patches": [], - "publicationTime": "2019-01-10T09:27:20Z", - "references": [ - { - "title": "GetBootstrap Blog", - "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/twbs/bootstrap/issues/27045" - }, - { - "title": "GitHub PR", - "url": "https://github.com/twbs/bootstrap/pull/27047" - } - ], - "semver": { - "vulnerable": [ - "<3.4.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [], - "creationTime": "2019-01-09T12:05:26.115587Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2018-08-13T05:41:27Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.4.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-BOOTSTRAP-72889", - "identifiers": { - "CVE": [ - "CVE-2018-20676" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:58.233501Z", - "moduleName": "bootstrap", - "packageManager": "npm", - "packageName": "bootstrap", - "patches": [], - "publicationTime": "2019-01-10T09:27:20Z", - "references": [ - { - "title": "GetBootsrap Blog", - "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/twbs/bootstrap/issues/27044" - }, - { - "title": "GitHub PR", - "url": "https://github.com/twbs/bootstrap/pull/27047" - } - ], - "semver": { - "vulnerable": [ - "<3.4.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-BOOTSTRAP-11109" - ], - "creationTime": "2018-06-12T08:15:05.969000Z", - "credit": [ - "1Jesper1" - ], - "cvssScore": 6.5, - "disclosureTime": "2018-05-29T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.4.0", - "4.1.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:bootstrap:20180529", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-BOOTSTRAP-11109" - ], - "CVE": [ - "CVE-2018-14040", - "CVE-2018-14042" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-01-21T08:10:15.702072Z", - "moduleName": "bootstrap", - "packageManager": "npm", - "packageName": "bootstrap", - "patches": [], - "publicationTime": "2018-06-12T08:15:05Z", - "references": [ - { - "title": "Bootstrap Blog", - "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/twbs/bootstrap/commit/149096016f70fd815540d62c0989fd99cdc809e0" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/twbs/bootstrap/pull/26630/commits/3229efc0811df29765c1d0a949c85362378b0628" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/twbs/bootstrap/pull/26630/commits/3ba186313e9e651bbd52a6a3a0305891dee0a621" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/twbs/bootstrap/pull/26630/commits/efca80bb5bb34546a2e7a9488b89f71457d2ad92" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/twbs/bootstrap/issues/26625" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/twbs/bootstrap/issues/26627" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/twbs/bootstrap/issues/26628" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/twbs/bootstrap/issues/27915%23issuecomment-452140906" - }, - { - "title": "GitHub PR", - "url": "https://github.com/twbs/bootstrap/pull/26630" - } - ], - "semver": { - "vulnerable": [ - "<3.4.0", - ">=4.0.0 <4.1.2" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-BOOTSTRAP-10860" - ], - "creationTime": "2017-11-25T17:23:26.518000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2016-06-27T17:23:26Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.4.0", - "4.0.0-beta.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:bootstrap:20160627", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-BOOTSTRAP-10860" - ], - "CVE": [ - "CVE-2016-10735" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-01-23T17:10:03.493127Z", - "moduleName": "bootstrap", - "packageManager": "npm", - "packageName": "bootstrap", - "patches": [], - "publicationTime": "2018-01-19T09:37:48Z", - "references": [ - { - "title": "Bootstrap Blog", - "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/twbs/bootstrap/commit/9612830701211d757ff95ceccbb494fd2e7ee17e" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/twbs/bootstrap/pull/23687/commits/d9be1da55bf0f94a81e8a2c9acf5574fb801306e" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/twbs/bootstrap/issues/20184" - }, - { - "title": "GitHub PR", - "url": "https://github.com/twbs/bootstrap/pull/23679" - }, - { - "title": "GitHub PR", - "url": "https://github.com/twbs/bootstrap/pull/23687" - } - ], - "semver": { - "vulnerable": [ - "<3.4.0", - ">=4.0.0-alpha <4.0.0-beta.2" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-BOOTSTRAP-10433" - ], - "creationTime": "2017-02-27T10:05:00.075000Z", - "credit": [ - "Peter Corsaro" - ], - "cvssScore": 6.5, - "disclosureTime": "2012-05-09T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.1.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:bootstrap:20120510", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-BOOTSTRAP-10433" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:32.073619Z", - "moduleName": "bootstrap", - "packageManager": "npm", - "packageName": "bootstrap", - "patches": [], - "publicationTime": "2017-04-10T09:39:59Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/twbs/bootstrap/commit/f836473129819c2e348f821ed268451b9b8bf2e4" - }, - { - "title": "GitHub PR", - "url": "https://github.com/twbs/bootstrap/pull/3421" - } - ], - "semver": { - "vulnerable": [ - "<2.1.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "bootstrap-markdown": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-BOOTSTRAPMARKDOWN-10522" - ], - "creationTime": "2017-03-22T12:47:32.443000Z", - "credit": [ - "iJoshuaHD" - ], - "cvssScore": 6.5, - "disclosureTime": "2014-08-25T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:bootstrap-markdown:20140826", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-BOOTSTRAPMARKDOWN-10522" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2018-11-18T11:50:41.076225Z", - "moduleName": "bootstrap-markdown", - "packageManager": "npm", - "packageName": "bootstrap-markdown", - "patches": [], - "publicationTime": "2017-05-30T09:56:36.290000Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/toopay/bootstrap-markdown/issues/98" - } - ], - "semver": { - "vulnerable": [ - "<=2.10.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "bootstrap-tagsinput": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-BOOTSTRAPTAGSINPUT-10115" - ], - "creationTime": "2016-07-20T22:00:03.024000Z", - "credit": [ - "Alex Wong" - ], - "cvssScore": 7.3, - "disclosureTime": "2016-07-20T21:20:51Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:bootstrap-tagsinput:20160720", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-BOOTSTRAPTAGSINPUT-10115" - ], - "CVE": [ - "CVE-2016-1000227" - ], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-v2jq-9475-r5g8" - ], - "NSP": [ - 124 - ] - }, - "language": "js", - "modificationTime": "2020-09-07T12:01:45.227776Z", - "moduleName": "bootstrap-tagsinput", - "packageManager": "npm", - "packageName": "bootstrap-tagsinput", - "patches": [], - "publicationTime": "2016-07-20T21:20:51Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/bootstrap-tagsinput/bootstrap-tagsinput/issues/501" - } - ], - "semver": { - "vulnerable": [ - "<=0.7.1" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - } - ], - "brace-expansion": [ - { - "CVSSv3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [ - "SNYK-JS-BRACEEXPANSION-10483" - ], - "creationTime": "2017-04-26T09:19:21.663000Z", - "credit": [ - "kamael" - ], - "cvssScore": 6.2, - "disclosureTime": "2017-03-01T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.1.7" - ], - "functions": [], - "functions_new": [], - "id": "npm:brace-expansion:20170302", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-BRACEEXPANSION-10483" - ], - "CVE": [ - "CVE-2017-18077" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 338 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:13.321868Z", - "moduleName": "brace-expansion", - "packageManager": "npm", - "packageName": "brace-expansion", - "patches": [], - "publicationTime": "2017-04-26T09:19:21Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/juliangruber/brace-expansion/pull/35/commits/b13381281cead487cbdbfd6a69fb097ea5e456c3" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/juliangruber/brace-expansion/issues/33" - }, - { - "title": "GitHub PR", - "url": "https://github.com/juliangruber/brace-expansion/pull/35" - } - ], - "semver": { - "vulnerable": [ - "<1.1.7" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "braces": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-BRACES-10900" - ], - "creationTime": "2018-02-19T14:36:50Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 3.7, - "disclosureTime": "2018-02-19T20:39:06Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "2.3.1" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "lib/parsers.js", - "functionName": "module.exports" - }, - "version": [ - ">= 2.0.0 <2.3.1" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "lib/parsers.js", - "functionName": "module.exports" - }, - "version": [ - ">= 2.0.0 <2.3.1" - ] - } - ], - "id": "npm:braces:20180219", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-BRACES-10900" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ], - "GHSA": [ - "GHSA-g95f-p29q-9xw4" - ], - "NSP": [ - 786 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:46.785771Z", - "moduleName": "braces", - "packageManager": "npm", - "packageName": "braces", - "patches": [], - "publicationTime": "2018-02-19T16:32:28Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451" - } - ], - "semver": { - "vulnerable": [ - "<2.3.1" - ] - }, - "severity": "low", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "bson": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2020-03-24T15:37:36.850403Z", - "credit": [ - "xiaofen9" - ], - "cvssScore": 8.1, - "disclosureTime": "2020-03-24T15:35:27Z", - "exploit": "Unproven", - "fixedIn": [ - "1.1.4" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-BSON-561052", - "identifiers": { - "CVE": [ - "CVE-2019-2391", - "CVE-2020-7610" - ], - "CWE": [ - "CWE-642" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:02.649274Z", - "moduleName": "bson", - "packageManager": "npm", - "packageName": "bson", - "patches": [], - "publicationTime": "2020-03-24T17:18:18Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/mongodb/js-bson/commit/3809c1313a7b2a8001065f0271199df9fa3d16a8" - }, - { - "title": "Release Note", - "url": "https://github.com/mongodb/js-bson/releases/tag/v1.1.4" - } - ], - "semver": { - "vulnerable": [ - ">=1.0.0 <1.1.4" - ] - }, - "severity": "high", - "title": "Internal Property Tampering" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-BSON-10988" - ], - "creationTime": "2018-02-27T13:46:53.813000Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 3.7, - "disclosureTime": "2018-02-27T13:46:53Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "1.0.5" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "lib/bson/decimal128.js", - "functionName": "Decimal128.fromString" - }, - "version": [ - ">=0.5.0 <1.0.5" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "lib/bson/decimal128.js", - "functionName": "Decimal128.fromString" - }, - "version": [ - ">=0.5.0 <1.0.5" - ] - } - ], - "id": "npm:bson:20180225", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-BSON-10988" - ], - "CVE": [ - "CVE-2018-13863" - ], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:46.818046Z", - "moduleName": "bson", - "packageManager": "npm", - "packageName": "bson", - "patches": [], - "publicationTime": "2018-02-27T16:32:24Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/mongodb/js-bson/commit/bd61c45157c53a1698ff23770160cf4783e9ea4a" - } - ], - "semver": { - "vulnerable": [ - ">=0.5.0 <1.0.5" - ] - }, - "severity": "low", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "buefy": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [], - "creationTime": "2020-08-13T11:00:22.616078Z", - "credit": [ - "Unknown" - ], - "cvssScore": 4.7, - "disclosureTime": "2020-08-13T10:53:02Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.9.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-BUEFY-598386", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-08-17T06:58:23.016611Z", - "moduleName": "buefy", - "packageManager": "npm", - "packageName": "buefy", - "patches": [], - "publicationTime": "2020-08-13T15:33:10Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/buefy/buefy/commit/47d225053458657b4c4030d48ef946c51f7f5994" - } - ], - "semver": { - "vulnerable": [ - "<0.9.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [], - "creationTime": "2020-04-29T12:59:57.693313Z", - "credit": [ - "Cristina Solana" - ], - "cvssScore": 7.3, - "disclosureTime": "2020-04-29T12:55:32Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.8.18" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-BUEFY-567814", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-05-11T15:36:11.108863Z", - "moduleName": "buefy", - "packageManager": "npm", - "packageName": "buefy", - "patches": [], - "publicationTime": "2020-05-11T15:36:11Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/buefy/buefy/commit/f0ff2ae65fee34e247e74e6ab4881c929928c066" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/buefy/buefy/issues/2444" - } - ], - "semver": { - "vulnerable": [ - "<0.8.18" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [], - "creationTime": "2018-12-31T15:17:08.018652Z", - "credit": [ - "the-appatakkar" - ], - "cvssScore": 6.5, - "disclosureTime": "2018-11-19T13:14:05Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.7.2" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-BUEFY-72871", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-xwqw-rf2q-xmhf" - ], - "NSP": [ - 747 - ] - }, - "language": "js", - "modificationTime": "2019-03-19T22:27:05.124559Z", - "moduleName": "buefy", - "packageManager": "npm", - "packageName": "buefy", - "patches": [], - "publicationTime": "2018-12-31T17:37:26Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/buefy/buefy/commit/1b1516bda783ef929485fb2b0d5c67f47c97105c" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/buefy/buefy/issues/1097" - } - ], - "semver": { - "vulnerable": [ - "<0.7.2" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "c3": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-C3-10131" - ], - "creationTime": "2016-08-17T15:13:32.564000Z", - "credit": [ - "Calvin K Cox" - ], - "cvssScore": 4.7, - "disclosureTime": "2016-08-17T15:13:32Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.4.11" - ], - "functions": [], - "functions_new": [], - "id": "npm:c3:20160817", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-C3-10131" - ], - "CVE": [ - "CVE-2016-1000240" - ], - "CWE": [ - "CWE-80" - ], - "GHSA": [ - "GHSA-gvg7-pp82-cff3" - ], - "NSP": [ - 138 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:37.362750Z", - "moduleName": "c3", - "packageManager": "npm", - "packageName": "c3", - "patches": [], - "publicationTime": "2016-08-17T15:13:32Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/c3js/c3/commit/de3864650300488a63d0541620e9828b00e94b42" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/c3js/c3/issues/1536" - } - ], - "semver": { - "vulnerable": [ - "<0.4.11" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "checkit": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C", - "alternativeIds": [ - "SNYK-JS-CHECKIT-10983" - ], - "creationTime": "2018-02-26T14:00:50Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 3.7, - "disclosureTime": "2018-02-26T20:39:06Z", - "exploit": "Proof of Concept", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:checkit:20180226", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-CHECKIT-10983" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.201103Z", - "moduleName": "checkit", - "packageManager": "npm", - "packageName": "checkit", - "patches": [], - "publicationTime": "2018-02-26T14:05:11.654000Z", - "references": [ - { - "title": "GitHub PR", - "url": "https://github.com/tgriesser/checkit/pull/94" - } - ], - "semver": { - "vulnerable": [ - "<=0.7.0" - ] - }, - "severity": "low", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "citeproc": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-CITEPROC-10890" - ], - "creationTime": "2018-02-15T14:36:50Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 7.5, - "disclosureTime": "2018-02-13T20:39:06Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "2.1.184" - ], - "functions": [], - "functions_new": [], - "id": "npm:citeproc:20180214", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-CITEPROC-10890" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.741572Z", - "moduleName": "citeproc", - "packageManager": "npm", - "packageName": "citeproc", - "patches": [], - "publicationTime": "2018-02-15T19:52:28.178000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/Juris-M/citeproc-js/commit/df060e95b1545b3767c5ae89b300e410681062f5" - } - ], - "semver": { - "vulnerable": [ - "<2.1.184" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "ckeditor": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [], - "creationTime": "2018-11-18T11:31:40.601512Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2018-11-14T21:00:22Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.11.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-CKEDITOR-72618", - "identifiers": { - "CVE": [ - "CVE-2018-17960" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2018-11-19T16:15:47.453365Z", - "moduleName": "ckeditor", - "packageManager": "npm", - "packageName": "ckeditor", - "patches": [], - "publicationTime": "2018-11-19T16:15:47.434407Z", - "references": [ - { - "title": "CKEditor Release Tag", - "url": "https://ckeditor.com/cke4/release/CKEditor-4.11.0" - } - ], - "semver": { - "vulnerable": [ - ">=4.0.0 <4.11.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "clusterize.js": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-CLUSTERIZEJS-10211" - ], - "creationTime": "2016-09-28T14:34:10.566000Z", - "credit": [ - "Daniel Lo Nigro" - ], - "cvssScore": 7.1, - "disclosureTime": "2015-04-28T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.3.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:clusterize.js:20150429", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-CLUSTERIZEJS-10211" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-05-30T14:19:02.580518Z", - "moduleName": "clusterize.js", - "packageManager": "npm", - "packageName": "clusterize.js", - "patches": [], - "publicationTime": "2016-12-26T00:00:00Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/NeXTs/Clusterize.js/pull/5/commits/0c3d6486d6dac4c7dd04aa5525d4f705ec3351fc" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/NeXTs/Clusterize.js/issues/4" - } - ], - "semver": { - "vulnerable": [ - "<0.3.1" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - } - ], - "compromise": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-COMPROMISE-10985" - ], - "creationTime": "2018-02-26T14:00:50Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 5.3, - "disclosureTime": "2018-02-26T20:39:06Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "11.5.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:compromise:20180226", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-COMPROMISE-10985" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.652276Z", - "moduleName": "compromise", - "packageManager": "npm", - "packageName": "compromise", - "patches": [], - "publicationTime": "2018-02-26T14:05:11.654000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/spencermountain/compromise/commit/836f659d1cfe799fa10df7f7ea7450f935ec1a46" - } - ], - "semver": { - "vulnerable": [ - "<11.5.1" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "console-io": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-CONSOLEIO-10102" - ], - "creationTime": "2016-04-20T14:42:40.365000Z", - "credit": [ - "Craig Arendt" - ], - "cvssScore": 8.7, - "disclosureTime": "2016-04-18T21:17:58Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.3.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:console-io:20160418", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-CONSOLEIO-10102" - ], - "CVE": [ - "CVE-2016-10532" - ], - "CWE": [ - "CWE-592" - ], - "NSP": [ - 90 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:44.336688Z", - "moduleName": "console-io", - "packageManager": "npm", - "packageName": "console-io", - "patches": [], - "publicationTime": "2016-05-17T21:17:58Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/cloudcmd/console/commit/62f0fbcb36226436af0dad52ffe4d8cd9a0c533f" - }, - { - "title": "GitHub Comparison", - "url": "https://github.com/cloudcmd/console/compare/v2.2.13...v2.3.0" - } - ], - "semver": { - "vulnerable": [ - "<2.3.0" - ] - }, - "severity": "high", - "title": "Authentication Bypass" - } - ], - "content-type-parser": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "alternativeIds": [ - "SNYK-JS-CONTENTTYPEPARSER-10847" - ], - "creationTime": "2017-09-05T10:02:45.497000Z", - "credit": [ - "Cristian-Alexandru Staicu" - ], - "cvssScore": 5.3, - "disclosureTime": "2017-09-05T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.0.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:content-type-parser:20170905", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-CONTENTTYPEPARSER-10847" - ], - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2019-06-02T07:09:43.854793Z", - "moduleName": "content-type-parser", - "packageManager": "npm", - "packageName": "content-type-parser", - "patches": [], - "publicationTime": "2017-12-10T06:02:45Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/jsdom/whatwg-mimetype/commit/26c539a699778f8743b8319c298b5fb28a4328d0" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/jsdom/whatwg-mimetype/issues/3" - } - ], - "semver": { - "vulnerable": [ - "<2.0.0" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "crypto-browserify": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [ - "SNYK-JS-CRYPTOBROWSERIFY-12028" - ], - "creationTime": "2017-12-19T11:31:11.595000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 7.3, - "disclosureTime": "2014-07-21T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.1.11" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "rnj.js", - "functionName": "mathRNG" - }, - "version": [ - "<2.1.11" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "rnj.js", - "functionName": "mathRNG" - }, - "version": [ - "<2.1.11" - ] - } - ], - "id": "npm:crypto-browserify:20140722", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-CRYPTOBROWSERIFY-12028" - ], - "CVE": [], - "CWE": [ - "CWE-330" - ] - }, - "language": "js", - "modificationTime": "2019-02-19T11:16:01.292053Z", - "moduleName": "crypto-browserify", - "packageManager": "npm", - "packageName": "crypto-browserify", - "patches": [], - "publicationTime": "2017-12-25T14:45:01Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/crypto-browserify/crypto-browserify/commit/b8695c478baa705e18cc7130be3af6c679ae0bf7" - } - ], - "semver": { - "vulnerable": [ - "<2.1.11" - ] - }, - "severity": "high", - "title": "Insecure Randomness" - } - ], - "d3.js": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "alternativeIds": [ - "SNYK-JS-D3JS-10707" - ], - "creationTime": "2017-08-02T15:47:12.070000Z", - "credit": [ - "Oscar Bolmsten" - ], - "cvssScore": 8.8, - "disclosureTime": "2017-08-02T15:47:12.070000Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:d3.js:20170802", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-D3JS-10707" - ], - "CVE": [ - "CVE-2017-16044" - ], - "CWE": [ - "CWE-506" - ], - "NSP": [ - 497 - ] - }, - "language": "js", - "modificationTime": "2018-11-18T11:50:41.399407Z", - "moduleName": "d3.js", - "packageManager": "npm", - "packageName": "d3.js", - "patches": [], - "publicationTime": "2017-08-02T13:08:42.301000Z", - "references": [ - { - "title": "Malicious packages published on npm", - "url": "https://iamakulov.com/notes/npm-malicious-packages/" - }, - { - "title": "Typosquatting programming language package managers", - "url": "http://incolumitas.com/2016/06/08/typosquatting-package-managers/" - } - ], - "semver": { - "vulnerable": [ - "<= 1.0.2" - ] - }, - "severity": "high", - "title": "Malicious Package" - } - ], - "datatables": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-DATATABLES-10439" - ], - "creationTime": "2017-03-20T13:17:55.262000Z", - "credit": [ - "Allan Jardine" - ], - "cvssScore": 6.5, - "disclosureTime": "2015-11-05T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.10.10" - ], - "functions": [], - "functions_new": [], - "id": "npm:datatables:20151106", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-DATATABLES-10439" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:00.597772Z", - "moduleName": "datatables", - "packageManager": "npm", - "packageName": "datatables", - "patches": [], - "publicationTime": "2017-05-08T12:34:45.631000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/DataTables/DataTables/commit/6f67df2d21f9858ec40a6e9565c3a653cdb691a6" - } - ], - "semver": { - "vulnerable": [ - "<1.10.10 >=1.10.1" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-DATATABLES-10042" - ], - "creationTime": "2015-09-18T09:29:10Z", - "credit": [ - "Onur Yilmaz" - ], - "cvssScore": 6.5, - "disclosureTime": "2015-09-11T15:59:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.10.10" - ], - "functions": [], - "functions_new": [], - "id": "npm:datatables:20150918", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-DATATABLES-10042" - ], - "CVE": [ - "CVE-2015-6584" - ], - "CWE": [ - "CWE-80" - ], - "NSP": [ - 5 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:34.058958Z", - "moduleName": "datatables", - "packageManager": "npm", - "packageName": "datatables", - "patches": [], - "publicationTime": "2015-09-18T09:29:10Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/DataTables/DataTablesSrc/commit/ccf86dc5982bd8e16d" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/DataTables/DataTables/issues/602" - }, - { - "title": "WWW.NETSPARKER.COM", - "url": "https://www.netsparker.com/cve-2015-6384-xss-vulnerability-identified-in-datatables/" - } - ], - "semver": { - "vulnerable": [ - "<1.10.10" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "deap": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [ - "SNYK-JS-DEAP-12118" - ], - "creationTime": "2018-04-15T20:11:17.541000Z", - "credit": [ - "Olivier Arteau (HoLyVieR)" - ], - "cvssScore": 7.3, - "disclosureTime": "2018-04-15T20:11:17Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.0.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:deap:20180415", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-DEAP-12118" - ], - "CVE": [ - "CVE-2018-3749" - ], - "CWE": [ - "CWE-400" - ], - "GHSA": [ - "GHSA-xrmp-99wj-p6jc" - ], - "NSP": [ - 611 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:44.644948Z", - "moduleName": "deap", - "packageManager": "npm", - "packageName": "deap", - "patches": [], - "publicationTime": "2018-04-17T07:45:48Z", - "references": [ - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/310446" - } - ], - "semver": { - "vulnerable": [ - "<1.0.1" - ] - }, - "severity": "high", - "title": "Prototype Pollution" - } - ], - "decamelize": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [ - "SNYK-JS-DECAMELIZE-10472" - ], - "creationTime": "2017-04-16T09:00:05.019000Z", - "credit": [ - "Jay Freeman" - ], - "cvssScore": 7.5, - "disclosureTime": "2015-12-23T20:58:05.019000Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.1.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:decamelize:20151223", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-DECAMELIZE-10472" - ], - "CVE": [ - "CVE-2017-16023" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 308 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:09.592532Z", - "moduleName": "decamelize", - "packageManager": "npm", - "packageName": "decamelize", - "patches": [], - "publicationTime": "2017-04-16T09:00:05.019000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/sindresorhus/decamelize/commit/76d47d8de360afb574da2e34db87430ce11094e0" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/sindresorhus/decamelize/issues/5" - } - ], - "semver": { - "vulnerable": [ - ">=1.1.0 <1.1.2" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "deep-extend": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [ - "SNYK-JS-DEEPEXTEND-12120" - ], - "creationTime": "2018-04-15T20:11:17.552000Z", - "credit": [ - "Olivier Arteau (HoLyVieR)" - ], - "cvssScore": 7.3, - "disclosureTime": "2018-04-09T20:11:17Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.5.1" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "index.js", - "functionName": "module.exports" - }, - "version": [ - "0.2.1" - ] - }, - { - "functionId": { - "className": null, - "filePath": "index.js", - "functionName": "deepExtend" - }, - "version": [ - "<0.2.1" - ] - }, - { - "functionId": { - "className": null, - "filePath": "index.js", - "functionName": "module.exports.deepExtend" - }, - "version": [ - ">=0.2.2 <0.2.5" - ] - }, - { - "functionId": { - "className": null, - "filePath": "index.js", - "functionName": "deepExtend.module.exports" - }, - "version": [ - ">=0.2.5 <0.4.0" - ] - }, - { - "functionId": { - "className": null, - "filePath": "lib/deep-extend.js", - "functionName": "cloneSpecificValue" - }, - "version": [ - ">=0.4.0 <0.5.1" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "index.js", - "functionName": "module.exports" - }, - "version": [ - "0.2.1" - ] - }, - { - "functionId": { - "filePath": "index.js", - "functionName": "deepExtend" - }, - "version": [ - "<0.2.1" - ] - }, - { - "functionId": { - "filePath": "index.js", - "functionName": "module.exports.deepExtend" - }, - "version": [ - ">=0.2.2 <0.2.5" - ] - }, - { - "functionId": { - "filePath": "index.js", - "functionName": "deepExtend.module.exports" - }, - "version": [ - ">=0.2.5 <0.4.0" - ] - }, - { - "functionId": { - "filePath": "lib/deep-extend.js", - "functionName": "cloneSpecificValue" - }, - "version": [ - ">=0.4.0 <0.5.1" - ] - } - ], - "id": "npm:deep-extend:20180409", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-DEEPEXTEND-12120" - ], - "CVE": [ - "CVE-2018-3750" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 612 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:41.582307Z", - "moduleName": "deep-extend", - "packageManager": "npm", - "packageName": "deep-extend", - "patches": [], - "publicationTime": "2018-04-25T07:45:48Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/unclechu/node-deep-extend/commit/433ee51ed606f4e1867ece57b6ff5a47bebb492f" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/unclechu/node-deep-extend/issues/39" - }, - { - "title": "GitHub PR", - "url": "https://github.com/unclechu/node-deep-extend/pull/40" - }, - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/311333" - } - ], - "semver": { - "vulnerable": [ - "<0.5.1" - ] - }, - "severity": "high", - "title": "Prototype Pollution" - } - ], - "defaults-deep": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [], - "creationTime": "2019-02-07T20:54:15.136659Z", - "credit": [ - "asgerf" - ], - "cvssScore": 7.3, - "disclosureTime": "2018-09-28T00:56:13Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-DEFAULTSDEEP-173661", - "identifiers": { - "CVE": [ - "CVE-2018-16486" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 778 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:03.128822Z", - "moduleName": "defaults-deep", - "packageManager": "npm", - "packageName": "defaults-deep", - "patches": [], - "publicationTime": "2018-09-28T00:56:13Z", - "references": [ - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/380878" - }, - { - "title": "NPM Security Advisory", - "url": "https://www.npmjs.com/advisories/778" - } - ], - "semver": { - "vulnerable": [ - "<=0.2.4" - ] - }, - "severity": "high", - "title": "Prototype Pollution" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [ - "SNYK-JS-DEFAULTSDEEP-12065" - ], - "creationTime": "2018-02-15T08:29:23.800000Z", - "credit": [ - "Olivier Arteau (HoLyVieR)" - ], - "cvssScore": 6.3, - "disclosureTime": "2018-02-15T08:29:23Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.2.4" - ], - "functions": [], - "functions_new": [], - "id": "npm:defaults-deep:20180215", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-DEFAULTSDEEP-12065" - ], - "CVE": [ - "CVE-2018-3723" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 581 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:41.571727Z", - "moduleName": "defaults-deep", - "packageManager": "npm", - "packageName": "defaults-deep", - "patches": [], - "publicationTime": "2018-02-16T08:29:23Z", - "references": [ - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/310514" - } - ], - "semver": { - "vulnerable": [ - "<0.2.4" - ] - }, - "severity": "medium", - "title": "Prototype Pollution" - } - ], - "diff": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-DIFF-11050" - ], - "creationTime": "2018-03-05T16:02:49.081000Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 7.1, - "disclosureTime": "2018-03-05T16:02:49Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "3.5.0" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "parse.js", - "functionName": "parsePatch" - }, - "version": [ - ">=3.0.0 <3.5.0" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "parse.js", - "functionName": "parsePatch" - }, - "version": [ - ">=3.0.0 <3.5.0" - ] - } - ], - "id": "npm:diff:20180305", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-DIFF-11050" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ], - "GHSA": [ - "GHSA-h6ch-v84p-w6p9" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:46.716362Z", - "moduleName": "diff", - "packageManager": "npm", - "packageName": "diff", - "patches": [], - "publicationTime": "2018-03-06T13:02:49Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/kpdecker/jsdiff/commit/2aec4298639bf30fb88a00b356bf404d3551b8c0" - } - ], - "semver": { - "vulnerable": [ - ">=3.0.0 <3.5.0" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "dijit": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "alternativeIds": [], - "creationTime": "2020-06-16T06:15:56.979070Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.3, - "disclosureTime": "2020-06-16T06:12:24Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.11.11", - "1.12.9", - "1.13.8", - "1.14.7", - "1.15.4", - "1.16.3" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-DIJIT-572370", - "identifiers": { - "CVE": [ - "CVE-2020-4051" - ], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-cxjc-r2fp-7mq6" - ] - }, - "language": "js", - "modificationTime": "2020-06-16T15:58:32.484246Z", - "moduleName": "dijit", - "packageManager": "npm", - "packageName": "dijit", - "patches": [], - "publicationTime": "2020-06-16T15:58:32.684757Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301" - } - ], - "semver": { - "vulnerable": [ - "<1.11.11", - ">=1.12.0 <1.12.9", - ">=1.13.0 <1.13.8", - ">=1.14.0 <1.14.7", - ">=1.15.0 <1.15.4", - ">=1.16.0 <1.16.3" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-DIJIT-12062" - ], - "creationTime": "2018-02-05T17:51:11.511000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 5.4, - "disclosureTime": "2018-02-02T15:29:00Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:dijit:20180205", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-DIJIT-12062" - ], - "CVE": [ - "CVE-2018-6561" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-05-10T07:56:33.806044Z", - "moduleName": "dijit", - "packageManager": "npm", - "packageName": "dijit", - "patches": [], - "publicationTime": "2018-02-14T13:22:50Z", - "references": [ - { - "title": "GitHub Poc", - "url": "https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md" - }, - { - "title": "NVD", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6561" - } - ], - "semver": { - "vulnerable": [ - "<=1.16.3" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "dojo": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2020-03-04T23:35:04.619860Z", - "credit": [ - "Snyk Security Team" - ], - "cvssScore": 4.2, - "disclosureTime": "2020-03-04T23:33:21Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "1.11.10", - "1.12.8", - "1.13.7", - "1.14.6", - "1.15.3", - "1.16.2" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-DOJO-559224", - "identifiers": { - "CVE": [ - "CVE-2020-5258" - ], - "CWE": [ - "CWE-400" - ], - "GHSA": [ - "GHSA-jxfh-8wgv-vfr2" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:03.198780Z", - "moduleName": "dojo", - "packageManager": "npm", - "packageName": "dojo", - "patches": [], - "publicationTime": "2020-03-11T23:33:19Z", - "references": [ - { - "title": "GitHub Advisory", - "url": "https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171d" - } - ], - "semver": { - "vulnerable": [ - "<1.11.10", - ">=1.12.0 <1.12.8", - ">=1.13.0 <1.13.7", - ">=1.14.0 <1.14.6", - ">=1.15.0 <1.15.3", - ">=1.16.0 <1.16.2" - ] - }, - "severity": "medium", - "title": "Prototype Pollution" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2019-06-07T16:12:58.559557Z", - "credit": [ - "bix" - ], - "cvssScore": 5.4, - "disclosureTime": "2010-05-16T16:03:33Z", - "exploit": "Functional", - "fixedIn": [ - "1.0.3", - "1.1.2", - "1.2.4", - "1.3.3", - "1.4.2" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-DOJO-174934", - "identifiers": { - "CVE": [ - "CVE-2010-2273" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 972 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:47.198294Z", - "moduleName": "dojo", - "packageManager": "npm", - "packageName": "dojo", - "patches": [], - "publicationTime": "2019-06-07T16:03:27Z", - "references": [ - { - "title": "Dojo Bug Tracker", - "url": "https://bugs.dojotoolkit.org/ticket/10773" - }, - { - "title": "Exploit Example", - "url": "https://blog.gdssecurity.com/labs/2010/3/12/multiple-dom-based-xss-in-dojo-toolkit-sdk.html" - } - ], - "semver": { - "vulnerable": [ - ">=1.0.0 <1.0.3", - ">=1.1.0 <1.1.2", - ">=1.2.0 <1.2.4", - ">=1.3.0 <1.3.3", - ">=1.4.0 <1.4.2" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [], - "creationTime": "2019-06-07T13:27:28.470318Z", - "credit": [ - "Unknown" - ], - "cvssScore": 5.4, - "disclosureTime": "2015-10-10T13:25:01Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.2.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-DOJO-174933", - "identifiers": { - "CVE": [ - "CVE-2015-5654" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 973 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:46.434847Z", - "moduleName": "dojo", - "packageManager": "npm", - "packageName": "dojo", - "patches": [], - "publicationTime": "2019-06-07T13:24:53Z", - "references": [ - { - "title": "Security Tracker", - "url": "https://www.securitytracker.com/id/1034848" - } - ], - "semver": { - "vulnerable": [ - "<1.2.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [], - "creationTime": "2018-09-12T12:12:31.111354Z", - "credit": [ - "bryanforbes" - ], - "cvssScore": 6.5, - "disclosureTime": "2018-09-06T17:48:41Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.14" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-DOJO-72305", - "identifiers": { - "CVE": [ - "CVE-2018-1000665" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-23T12:36:25.455396Z", - "moduleName": "dojo", - "packageManager": "npm", - "packageName": "dojo", - "patches": [], - "publicationTime": "2018-09-06T17:48:41Z", - "references": [ - { - "title": "Dojo Toolkit Release", - "url": "https://dojotoolkit.org/blog/dojo-1-14-released" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/dojo/dojo/commit/9117ffd5a3863e44c92fcd58564c0da22be858f4" - }, - { - "title": "GitHub PR", - "url": "https://github.com/dojo/dojo/pull/307" - } - ], - "semver": { - "vulnerable": [ - "<1.14" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-DOJO-11134" - ], - "creationTime": "2018-08-18T02:10:29.667000Z", - "credit": [ - "bryanforbes" - ], - "cvssScore": 5.4, - "disclosureTime": "2018-01-13T00:29:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.10.10", - "1.11.6", - "1.12.4", - "1.13.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:dojo:20180818", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-DOJO-11134" - ], - "CVE": [ - "CVE-2018-5673" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-23T12:34:41.790214Z", - "moduleName": "dojo", - "packageManager": "npm", - "packageName": "dojo", - "patches": [], - "publicationTime": "2018-08-19T13:36:15Z", - "references": [ - { - "title": "Dojo Toolkit Security Release", - "url": "https://dojotoolkit.org/blog/dojo-1-14-released" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/dojo/dojo/commit/33eb767c477c6953446d9af8f5229d44d3dd8500" - }, - { - "title": "GitHub PR", - "url": "https://github.com/dojo/dojo/pull/307" - } - ], - "semver": { - "vulnerable": [ - "<1.10.10", - ">=1.11.0 <1.11.6", - ">=1.12.0 <1.12.4", - ">=1.13.0 <1.13.1" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-DOJO-10108" - ], - "creationTime": "2016-05-24T06:45:20.086000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 4.3, - "disclosureTime": "2009-04-09T15:08:00Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:dojo:20160523", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-DOJO-10108" - ], - "CVE": [ - "CVE-2008-6681" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 107 - ] - }, - "language": "js", - "modificationTime": "2020-07-17T15:58:07.147913Z", - "moduleName": "dojo", - "packageManager": "npm", - "packageName": "dojo", - "patches": [], - "publicationTime": "2016-06-22T00:00:00Z", - "references": [ - { - "title": "BUGS.DOJOTOOLKIT.ORG", - "url": "https://bugs.dojotoolkit.org/changeset/8069/legacy" - }, - { - "title": "BUGS.DOJOTOOLKIT.ORG", - "url": "https://bugs.dojotoolkit.org/ticket/2140" - } - ], - "semver": { - "vulnerable": [ - "<0.0.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-DOJO-10053" - ], - "creationTime": "2015-11-06T02:09:36.180000Z", - "credit": [], - "cvssScore": 6.5, - "disclosureTime": "2010-06-15T14:30:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.4.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:dojo:20100614-6", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-DOJO-10053" - ], - "CVE": [ - "CVE-2010-2275" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:39.289378Z", - "moduleName": "dojo", - "packageManager": "npm", - "packageName": "dojo", - "patches": [], - "publicationTime": "2015-11-06T02:09:36.180000Z", - "references": [ - { - "title": "WWW.CVEDETAILS.COM", - "url": "http://www.cvedetails.com/cve/CVE-2010-2275/" - } - ], - "semver": { - "vulnerable": [ - "<1.4.2" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-DOJO-10052" - ], - "creationTime": "2015-11-06T02:09:36.180000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2010-06-15T14:30:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.4.4", - "1.0.3", - "1.1.2", - "1.2.4", - "1.3.3", - "1.4.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:dojo:20100614", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-DOJO-10052" - ], - "CVE": [ - "CVE-2010-2272", - "CVE-2010-2276" - ], - "CWE": [ - "CWE-16" - ] - }, - "language": "js", - "modificationTime": "2020-06-18T14:12:34.370548Z", - "moduleName": "dojo", - "packageManager": "npm", - "packageName": "dojo", - "patches": [], - "publicationTime": "2015-11-06T02:09:36Z", - "references": [ - { - "title": "DOJOTOOLKIT.ORG", - "url": "http://dojotoolkit.org/blog/dojo-security-advisory" - }, - { - "title": "WWW.CVEDETAILS.COM", - "url": "http://www.cvedetails.com/cve/CVE-2010-2272/" - }, - { - "title": "WWW.CVEDETAILS.COM", - "url": "http://www.cvedetails.com/cve/CVE-2010-2276/" - } - ], - "semver": { - "vulnerable": [ - ">=0.4.0 <0.4.4", - ">=1.0.0 <1.0.3", - ">=1.1.0 <1.1.2", - ">=1.2.0 <1.2.4", - ">=1.3.0 <1.3.3", - ">=1.4.0 <1.4.2" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-DOJO-10051" - ], - "creationTime": "2015-11-06T02:09:36.180000Z", - "credit": [], - "cvssScore": 6.5, - "disclosureTime": "2009-04-09T15:08:00Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:dojo:20090409", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-DOJO-10051" - ], - "CVE": [ - "CVE-2008-6681" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-07-17T15:58:07.147913Z", - "moduleName": "dojo", - "packageManager": "npm", - "packageName": "dojo", - "patches": [], - "publicationTime": "2015-11-06T02:09:36.180000Z", - "references": [ - { - "title": "WWW.CVEDETAILS.COM", - "url": "http://www.cvedetails.com/cve/CVE-2008-6681/" - } - ], - "semver": { - "vulnerable": [ - "<0.0.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "dojox": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2020-03-04T23:38:08.808609Z", - "credit": [ - "Snyk Security Team" - ], - "cvssScore": 4.2, - "disclosureTime": "2020-03-04T23:37:05Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "1.11.10", - "1.12.8", - "1.13.7", - "1.14.6", - "1.15.3", - "1.16.2" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-DOJOX-559225", - "identifiers": { - "CVE": [ - "CVE-2020-5259" - ], - "CWE": [ - "CWE-400" - ], - "GHSA": [ - "GHSA-3hw5-q855-g6cw" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:03.756654Z", - "moduleName": "dojox", - "packageManager": "npm", - "packageName": "dojox", - "patches": [], - "publicationTime": "2020-03-11T10:10:43Z", - "references": [ - { - "title": "GitHub Advisory", - "url": "https://github.com/dojo/dojox/security/advisories/GHSA-3hw5-q855-g6cw" - } - ], - "semver": { - "vulnerable": [ - "<1.11.10", - ">=1.12.0 <1.12.8", - ">=1.13.0 <1.13.7", - ">=1.14.0 <1.14.6", - ">=1.15.0 <1.15.3", - ">=1.16.0 <1.16.2" - ] - }, - "severity": "medium", - "title": "Prototype Pollution" - }, - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2020-02-07T11:47:27.792653Z", - "credit": [ - "Jonathan Leitschuh" - ], - "cvssScore": 7.3, - "disclosureTime": "2020-02-07T11:46:29Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "1.16.1", - "1.15.2", - "1.14.5", - "1.13.6", - "1.12.7", - "1.11.9" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-DOJOX-548257", - "identifiers": { - "CVE": [ - "CVE-2019-10785" - ], - "CWE": [ - "CWE-119" - ], - "GHSA": [ - "GHSA-pg97-ww7h-5mjr" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:04.806332Z", - "moduleName": "dojox", - "packageManager": "npm", - "packageName": "dojox", - "patches": [], - "publicationTime": "2020-02-07T11:46:28Z", - "references": [ - { - "title": "GitHub Advisory", - "url": "https://github.com/dojo/dojox/security/advisories/GHSA-pg97-ww7h-5mjr" - }, - { - "title": "GitHub PR", - "url": "https://github.com/dojo/dojox/pull/315" - } - ], - "semver": { - "vulnerable": [ - ">=1.16.0 <1.16.1", - ">=1.15.0 <1.15.2", - ">=1.4.0 <1.14.5", - ">=1.13.0 <1.13.6", - ">=1.12.0 <1.12.7", - "<1.11.9" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-DOJOX-12190" - ], - "creationTime": "2018-08-18T02:10:29.667000Z", - "credit": [ - "Moritz Bechler" - ], - "cvssScore": 5.4, - "disclosureTime": "2018-08-18T02:10:29Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.10.10", - "1.11.6", - "1.12.4", - "1.13.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:dojox:20180818", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-DOJOX-12190" - ], - "CVE": [ - "CVE-2018-15494" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-23T15:29:46.854544Z", - "moduleName": "dojox", - "packageManager": "npm", - "packageName": "dojox", - "patches": [], - "publicationTime": "2018-08-19T13:36:15Z", - "references": [ - { - "title": "Dojo Toolkit Release Blog", - "url": "https://dojotoolkit.org/blog/dojo-1-14-released" - }, - { - "title": "GitHub PR", - "url": "https://github.com/dojo/dojox/pull/283" - } - ], - "semver": { - "vulnerable": [ - "<1.10.10", - ">=1.11.0 <1.11.6", - ">=1.12.0 <1.12.4", - ">=1.13.0 <1.13.1" - ] - }, - "severity": "medium", - "title": "Arbitrary String Injection" - } - ], - "dompurify": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "alternativeIds": [], - "creationTime": "2019-10-22T14:48:47.264178Z", - "credit": [ - "Masato Kinugawa" - ], - "cvssScore": 9.1, - "disclosureTime": "2019-09-24T05:15:00Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-DOMPURIFY-474012", - "identifiers": { - "CVE": [ - "CVE-2019-16728" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-07-10T14:14:23.955012Z", - "moduleName": "dompurify", - "packageManager": "npm", - "packageName": "dompurify", - "patches": [], - "publicationTime": "2019-10-22T14:48:59Z", - "references": [], - "semver": { - "vulnerable": [ - "<0.0.0" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "alternativeIds": [], - "creationTime": "2019-09-24T07:46:48.899067Z", - "credit": [ - "Michal Bentkowski" - ], - "cvssScore": 9.1, - "disclosureTime": "2019-09-24T05:15:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.0.3" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-DOMPURIFY-468981", - "identifiers": { - "CVE": [ - "CVE-2019-16728" - ], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-chqj-j4fh-rw7m" - ], - "NSP": [ - 1223, - 1205 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:55.854910Z", - "moduleName": "dompurify", - "packageManager": "npm", - "packageName": "dompurify", - "patches": [], - "publicationTime": "2019-09-24T07:47:11Z", - "references": [ - { - "title": "GitHub Release", - "url": "https://github.com/cure53/DOMPurify/releases/tag/2.0.7" - }, - { - "title": "NPM Security Advisory", - "url": "https://www.npmjs.com/advisories/1223" - }, - { - "title": "Research Blog Post", - "url": "https://research.securitum.com/dompurify-bypass-using-mxss/" - } - ], - "semver": { - "vulnerable": [ - "<2.0.3" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-DOMPURIFY-10478" - ], - "creationTime": "2017-03-06T09:35:28.881000Z", - "credit": [ - "jampy" - ], - "cvssScore": 6.5, - "disclosureTime": "2016-04-11T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.8.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:dompurify:20160412", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-DOMPURIFY-10478" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:33.588066Z", - "moduleName": "dompurify", - "packageManager": "npm", - "packageName": "dompurify", - "patches": [], - "publicationTime": "2017-04-24T09:35:28.881000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/cure53/DOMPurify/commit/6eccdd38fc11bc6df22386700ec2278cb743f8eb" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/cure53/DOMPurify/issues/148" - } - ], - "semver": { - "vulnerable": [ - ">=0.7.3 <0.8.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-DOMPURIFY-10477" - ], - "creationTime": "2017-03-06T09:51:04.831000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2015-02-16T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.6.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:dompurify:20150217", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-DOMPURIFY-10477" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:12.572279Z", - "moduleName": "dompurify", - "packageManager": "npm", - "packageName": "dompurify", - "patches": [], - "publicationTime": "2017-04-24T09:21:04.831000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/cure53/DOMPurify/commit/16e431f9749c7bc8c4e9ed438df1098d57b3aa2f" - } - ], - "semver": { - "vulnerable": [ - "<0.6.1 >=0.4.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-DOMPURIFY-10476" - ], - "creationTime": "2017-03-06T09:17:58.114000Z", - "credit": [ - "Mathias Karlsson" - ], - "cvssScore": 6.5, - "disclosureTime": "2014-10-07T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.4.4" - ], - "functions": [], - "functions_new": [], - "id": "npm:dompurify:20141008", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-DOMPURIFY-10476" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:11.834465Z", - "moduleName": "dompurify", - "packageManager": "npm", - "packageName": "dompurify", - "patches": [], - "publicationTime": "2017-04-24T09:10:58.114000Z", - "references": [ - { - "title": "DOMPurify Report", - "url": "https://cure53.de/pentest-report_dompurify.pdf" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/cure53/DOMPurify/commit/4817f34ac0d413c002adb03d14da169f71057771" - } - ], - "semver": { - "vulnerable": [ - "<0.4.4 " - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-DOMPURIFY-10475" - ], - "creationTime": "2017-03-06T09:56:39.697000Z", - "credit": [ - "cure53" - ], - "cvssScore": 6.5, - "disclosureTime": "2014-03-07T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.3" - ], - "functions": [], - "functions_new": [], - "id": "npm:dompurify:20140308", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-DOMPURIFY-10475" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:10.335744Z", - "moduleName": "dompurify", - "packageManager": "npm", - "packageName": "dompurify", - "patches": [], - "publicationTime": "2017-04-24T08:56:39.697000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/cure53/DOMPurify/commit/78037ea4db57daba7e171242378d3d97c517dd08" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/cure53/DOMPurify/issues/14" - } - ], - "semver": { - "vulnerable": [ - "<0.3" - ] - }, - "severity": "medium", - "title": "Insecure Defaults" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-DOMPURIFY-10474" - ], - "creationTime": "2017-04-21T02:09:36.180000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2017-04-21T02:09:36.180000Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.8.6" - ], - "functions": [], - "functions_new": [], - "id": "npm:dompurify:20170421", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-DOMPURIFY-10474" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:11.091555Z", - "moduleName": "dompurify", - "packageManager": "npm", - "packageName": "dompurify", - "patches": [], - "publicationTime": "2017-04-24T09:42:36.180000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/cure53/DOMPurify/commit/27908090e4a2d0a75f15924d68bed07ea5e52998" - }, - { - "title": "GitHub Release", - "url": "https://github.com/cure53/DOMPurify/releases/tag/0.8.6" - } - ], - "semver": { - "vulnerable": [ - "<0.8.6" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "ducktype": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-DUCKTYPE-11085" - ], - "creationTime": "2018-04-15T15:16:33.210000Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 7.1, - "disclosureTime": "2018-04-15T15:16:33.210000Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "1.2.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:ducktype:20180219", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-DUCKTYPE-11085" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.738990Z", - "moduleName": "ducktype", - "packageManager": "npm", - "packageName": "ducktype", - "patches": [], - "publicationTime": "2018-04-15T15:16:33.210000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/josdejong/ducktype/commit/d8b4c902598c9104d5c56225c3fffcbe1368eff6" - } - ], - "semver": { - "vulnerable": [ - "<1.2.1" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "dustjs-linkedin": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", - "alternativeIds": [ - "SNYK-JS-DUSTJSLINKEDIN-10136" - ], - "creationTime": "2016-09-14T00:00:00Z", - "credit": [ - "Michael Stepankin" - ], - "cvssScore": 8.6, - "disclosureTime": "2015-01-09T00:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.6.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:dustjs-linkedin:20160819", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-DUSTJSLINKEDIN-10136" - ], - "CVE": [], - "CWE": [ - "CWE-95" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:54.001097Z", - "moduleName": "dustjs-linkedin", - "packageManager": "npm", - "packageName": "dustjs-linkedin", - "patches": [], - "publicationTime": "2016-09-14T00:00:00Z", - "references": [ - { - "title": "Artsploit Blog", - "url": "https://artsploit.blogspot.co.il/2016/08/pprce2.html" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/linkedin/dustjs/pull/534/commits/884be3bb3a34a843e6fb411100088e9b02326bd4" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/linkedin/dustjs/issues/741" - }, - { - "title": "GitHub PR", - "url": "https://github.com/linkedin/dustjs/pull/534" - } - ], - "semver": { - "vulnerable": [ - "<2.6.0" - ] - }, - "severity": "high", - "title": "Code Injection" - } - ], - "easyxdm": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-EASYXDM-10523" - ], - "creationTime": "2017-03-22T09:49:43.665000Z", - "credit": [ - "Krzystof Kotowicz" - ], - "cvssScore": 5.3, - "disclosureTime": "2013-01-09T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.4.19" - ], - "functions": [], - "functions_new": [], - "id": "npm:easyxdm:20130110", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-EASYXDM-10523" - ], - "CVE": [ - "CVE-2014-1403" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:15.575154Z", - "moduleName": "easyxdm", - "packageManager": "npm", - "packageName": "easyxdm", - "patches": [], - "publicationTime": "2017-05-30T09:56:36.368000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/oyvindkinsey/easyXDM/commit/a3194d32c25a0d27a10a47304eb9c9be93ffbf13" - }, - { - "title": "Seclists Full Disclosure", - "url": "http://seclists.org/fulldisclosure/2014/Feb/5" - } - ], - "semver": { - "vulnerable": [ - "<2.4.19" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "ember": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-EMBER-10050" - ], - "creationTime": "2015-11-06T02:09:36.180000Z", - "credit": [ - "Robert Jackson" - ], - "cvssScore": 3.1, - "disclosureTime": "2015-11-06T02:09:36Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.4.0-beta.2", - "1.3.1", - "1.2.1", - "1.1.3", - "1.0.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:ember:20140114", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-EMBER-10050" - ], - "CVE": [ - "CVE-2014-0013", - "CVE-2014-0014" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:37.037753Z", - "moduleName": "ember", - "packageManager": "npm", - "packageName": "ember", - "patches": [], - "publicationTime": "2015-11-06T02:09:36Z", - "references": [ - { - "title": "GROUPS.GOOGLE.COM", - "url": "https://groups.google.com/forum/%23%21topic/ember-security/2kpXXCxISS4" - }, - { - "title": "GROUPS.GOOGLE.COM", - "url": "https://groups.google.com/forum/%23%21topic/ember-security/PSE4RzTi6l4" - } - ], - "semver": { - "vulnerable": [ - ">=1.4.0-beta.1 <1.4.0-beta.2", - ">=1.3.0 <1.3.1", - ">=1.2.0 <1.2.1", - ">=1.1.0 <1.1.3", - ">=1.0.0 <1.0.1" - ] - }, - "severity": "low", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-EMBER-10049" - ], - "creationTime": "2015-11-06T02:09:36.180000Z", - "credit": [ - "Hyder Ali" - ], - "cvssScore": 3.1, - "disclosureTime": "2015-11-06T02:09:36Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.2.2", - "1.3.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:ember:20140214", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-EMBER-10049" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-06-24T12:17:26.755253Z", - "moduleName": "ember", - "packageManager": "npm", - "packageName": "ember", - "patches": [], - "publicationTime": "2015-11-06T02:09:36Z", - "references": [ - { - "title": "GROUPS.GOOGLE.COM", - "url": "https://groups.google.com/forum/%23%21topic/ember-security/1h6FRgr8lXQ" - } - ], - "semver": { - "vulnerable": [ - ">=1.2.0 <1.2.2", - ">=1.3.0 <1.3.1" - ] - }, - "severity": "low", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-EMBER-10045" - ], - "creationTime": "2015-11-06T02:09:36.180000Z", - "credit": [ - "Mario Heiderich" - ], - "cvssScore": 4.3, - "disclosureTime": "2015-11-06T02:09:36.180000Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.0.0-rc.1.1", - "1.0.0-rc.2.1", - "1.0.0-rc.3.1", - "1.0.0-rc.4.1", - "1.0.0-rc.5.1", - "1.0.0-rc.6.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:ember:20130105", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-EMBER-10045" - ], - "CVE": [ - "CVE-2013-4170" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-04-06T16:45:13.204193Z", - "moduleName": "ember", - "packageManager": "npm", - "packageName": "ember", - "patches": [], - "publicationTime": "2015-11-06T02:09:36.180000Z", - "references": [ - { - "title": "GROUPS.GOOGLE.COM", - "url": "https://groups.google.com/forum/%23%21topic/ember-security/dokLVwwxAdM" - } - ], - "semver": { - "vulnerable": [ - ">= 1.0.0-rc.1 <1.0.0-rc.1.1", - ">= 1.0.0-rc.2 <1.0.0-rc.2.1", - ">= 1.0.0-rc.3 <1.0.0-rc.3.1", - ">= 1.0.0-rc.4 <1.0.0-rc.4.1", - ">= 1.0.0-rc.5 <1.0.0-rc.5.1", - ">= 1.0.0-rc.6 <1.0.0-rc.6.1" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "emojione": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-EMOJIONE-10121" - ], - "creationTime": "2016-07-25T22:53:17.243000Z", - "credit": [ - "Andrea Giammarchi" - ], - "cvssScore": 7.3, - "disclosureTime": "2016-07-25T16:25:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.3.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:emojione:20160725", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-EMOJIONE-10121" - ], - "CVE": [ - "CVE-2016-1000231" - ], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-46m8-42hm-wvvw" - ], - "NSP": [ - 129 - ] - }, - "language": "js", - "modificationTime": "2020-09-07T12:00:47.104594Z", - "moduleName": "emojione", - "packageManager": "npm", - "packageName": "emojione", - "patches": [], - "publicationTime": "2016-07-25T16:25:00Z", - "references": [ - { - "title": "GIST.GITHUB.COM", - "url": "https://gist.github.com/WebReflection/df05641bd04954f6d366" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/Ranks/emojione/commit/613079b16c00e47fb3c44744a67ed88a9295afb1" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/Ranks/emojione/issues/61" - } - ], - "semver": { - "vulnerable": [ - "<1.3.1" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - } - ], - "engine.io": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "alternativeIds": [ - "SNYK-JS-ENGINEIO-10204" - ], - "creationTime": "2016-09-27T07:41:29.146000Z", - "credit": [ - "Nils Kuhnhenn" - ], - "cvssScore": 5.3, - "disclosureTime": "2014-02-11T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.0.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:engine.io:20140212", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ENGINEIO-10204" - ], - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:15.514145Z", - "moduleName": "engine.io", - "packageManager": "npm", - "packageName": "engine.io", - "patches": [], - "publicationTime": "2016-11-15T07:41:29.146000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/socketio/engine.io/commit/27141f962d72e6e1b0940f0cca88265799966b39" - }, - { - "title": "GitHub PR", - "url": "https://github.com/socketio/engine.io/pull/223" - } - ], - "semver": { - "vulnerable": [ - "<1.0.0" - ] - }, - "severity": "medium", - "title": "Denial of Service (DoS)" - } - ], - "engine.io-client": [ - { - "CVSSv3": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-ENGINEIOCLIENT-10103" - ], - "creationTime": "2016-04-26T18:00:02.845000Z", - "credit": [ - "David Johansson" - ], - "cvssScore": 8.1, - "disclosureTime": "2016-04-26T16:24:32Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.6.9" - ], - "functions": [], - "functions_new": [], - "id": "npm:engine.io-client:20160426", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ENGINEIOCLIENT-10103" - ], - "CVE": [ - "CVE-2016-10536" - ], - "CWE": [ - "CWE-295", - "CWE-300" - ], - "NSP": [ - 99 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:43.777573Z", - "moduleName": "engine.io-client", - "packageManager": "npm", - "packageName": "engine.io-client", - "patches": [ - { - "comments": [], - "id": "patch:npm:engine.io-client:20160426:0", - "modificationTime": "2019-12-03T11:40:45.827432Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/engine.io-client/20160426/engine.io-client_20160426_0_0_2a7a011932094d4970dc68abd32e78265495a621.patch" - ], - "version": "<= 1.6.8 >=1.6.0" - }, - { - "comments": [], - "id": "patch:npm:engine.io-client:20160426:1", - "modificationTime": "2019-12-03T11:40:45.828434Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/engine.io-client/20160426/engine.io-client_20160426_0_1_2a7a011932094d4970dc68abd32e78265495a621.patch" - ], - "version": "<1.6.0 >=1.5.0" - } - ], - "publicationTime": "2016-05-31T00:00:00Z", - "references": [ - { - "title": "Cigital Blog", - "url": "https://www.cigital.com/blog/node-js-socket-io/" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/socketio/engine.io-client/commit/2c55b278a491bf45313ecc0825cf800e2f7ff5c1" - } - ], - "semver": { - "vulnerable": [ - "<1.6.9" - ] - }, - "severity": "high", - "title": "Insecure Defaults" - } - ], - "exceljs": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-EXCELJS-11132" - ], - "creationTime": "2018-08-05T17:51:10.908000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.8, - "disclosureTime": "2018-07-14T17:51:10Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.6.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:exceljs:20180805", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-EXCELJS-11132" - ], - "CVE": [ - "CVE-2018-16459" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 733 - ] - }, - "language": "js", - "modificationTime": "2019-12-23T15:55:33.486758Z", - "moduleName": "exceljs", - "packageManager": "npm", - "packageName": "exceljs", - "patches": [], - "publicationTime": "2018-08-07T13:46:08Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/guyonroche/exceljs/commit/9066cd89a9fad055166b53ce9e75a42e7636bac1" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/guyonroche/exceljs/issues/608" - }, - { - "title": "Hackerone Report", - "url": "https://hackerone.com/reports/356809" - }, - { - "title": "NPM Security Advisory", - "url": "https://www.npmjs.com/advisories/733" - } - ], - "semver": { - "vulnerable": [ - "<1.6.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "extend": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [ - "SNYK-JS-EXTEND-12179" - ], - "creationTime": "2018-07-23T17:51:10.908000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 7.3, - "disclosureTime": "2018-04-24T17:51:10Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.0.2", - "3.0.2" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "index.js", - "functionName": "module.exports" - }, - "version": [ - "<2.0.2", - ">=3.0.0 <3.0.2" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "index.js", - "functionName": "module.exports" - }, - "version": [ - "<2.0.2", - ">=3.0.0 <3.0.2" - ] - } - ], - "id": "npm:extend:20180424", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-EXTEND-12179" - ], - "CVE": [ - "CVE-2018-16492" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 996 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:41.566047Z", - "moduleName": "extend", - "packageManager": "npm", - "packageName": "extend", - "patches": [ - { - "comments": [], - "id": "patch:npm:extend:20180424:0", - "modificationTime": "2019-12-03T11:40:45.727650Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/extend/20180424/extend_20180424_0_0_0e68e71d93507fcc391e398bc84abd0666b28190.patch" - ], - "version": ">=3.0.0 <3.0.2" - } - ], - "publicationTime": "2018-07-23T13:46:08Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/justmoon/node-extend/commit/0e68e71d93507fcc391e398bc84abd0666b28190" - }, - { - "title": "GitHub PR", - "url": "https://github.com/justmoon/node-extend/pull/48%23issuecomment-398261612" - }, - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/381185" - } - ], - "semver": { - "vulnerable": [ - "<2.0.2", - ">=3.0.0 <3.0.2" - ] - }, - "severity": "high", - "title": "Prototype Pollution" - } - ], - "favico.js": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-FAVICOJS-10412" - ], - "creationTime": "2017-03-20T11:31:24.900000Z", - "credit": [ - "Diego Casorran" - ], - "cvssScore": 6.5, - "disclosureTime": "2015-09-06T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.3.10" - ], - "functions": [], - "functions_new": [], - "id": "npm:favico.js:20150907", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-FAVICOJS-10412" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-05-30T14:48:15.156731Z", - "moduleName": "favico.js", - "packageManager": "npm", - "packageName": "favico.js", - "patches": [], - "publicationTime": "2017-05-08T12:34:45.766000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/ejci/favico.js/commit/14ae05c48da0b187247996f3cf2eaf5a42411a4f" - }, - { - "title": "GitHub PR", - "url": "https://github.com/ejci/favico.js/pull/98" - } - ], - "semver": { - "vulnerable": [ - "<0.3.10" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "faye": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C", - "alternativeIds": [], - "creationTime": "2020-04-28T14:43:34.491167Z", - "credit": [ - "Unknown" - ], - "cvssScore": 7.5, - "disclosureTime": "2020-04-28T13:40:17Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "1.0.4", - "1.1.3", - "1.2.5" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-FAYE-567757", - "identifiers": { - "CVE": [ - "CVE-2020-11020" - ], - "CWE": [ - "CWE-284" - ], - "GHSA": [ - "GHSA-qpg4-4w7w-2mq5" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:05.074389Z", - "moduleName": "faye", - "packageManager": "npm", - "packageName": "faye", - "patches": [], - "publicationTime": "2020-04-28T14:59:13Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/faye/faye/commit/3e22055d314f3dfb4e087cccedd40b21c91788a8" - } - ], - "semver": { - "vulnerable": [ - "<1.0.4", - ">=1.1.0 <1.1.3", - ">=1.2.0 <1.2.5" - ] - }, - "severity": "high", - "title": "Improper Access Control" - }, - { - "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "alternativeIds": [], - "creationTime": "2020-04-23T11:19:16.166251Z", - "credit": [ - "Unknown" - ], - "cvssScore": 7.4, - "disclosureTime": "2014-07-08T11:12:11Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.1.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-FAYE-567269", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-352" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:04.004204Z", - "moduleName": "faye", - "packageManager": "npm", - "packageName": "faye", - "patches": [], - "publicationTime": "2020-04-23T15:07:21Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/faye/faye/commit/de93b9d1bb7397631d8357325b4af665f8c1f1e1" - }, - { - "title": "Rosetta Flash Blog", - "url": "http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/" - } - ], - "semver": { - "vulnerable": [ - "<1.1.0" - ] - }, - "severity": "high", - "title": "Cross-Site Request Forgery (CSRF)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-FAYE-10457" - ], - "creationTime": "2017-03-06T12:10:12.391000Z", - "credit": [ - "Thai Duong", - "Juliano Rizzo" - ], - "cvssScore": 4.3, - "disclosureTime": "2011-09-06T19:55:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.8.9" - ], - "functions": [], - "functions_new": [], - "id": "npm:faye:20121107", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-FAYE-10457" - ], - "CVE": [ - "CVE-2011-3389" - ], - "CWE": [ - "CWE-300" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:06.602040Z", - "moduleName": "faye", - "packageManager": "npm", - "packageName": "faye", - "patches": [], - "publicationTime": "2017-03-28T08:30:28.513000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/faye/faye/commit/e407e08c68dd885896552b59ce65503be85030ad" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/faye/faye/issues/171" - }, - { - "title": "VNHACKER.BLOGSPOT.CO.IL", - "url": "https://vnhacker.blogspot.co.il/2011/09/beast.html" - } - ], - "semver": { - "vulnerable": [ - "<0.8.9 >=0.5.0" - ] - }, - "severity": "medium", - "title": "Insecure Defaults" - } - ], - "fernet": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-FERNET-10206" - ], - "creationTime": "2016-10-14T22:50:33.951000Z", - "credit": [ - "Chris Continanza" - ], - "cvssScore": 5.9, - "disclosureTime": "2014-03-06T08:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.1.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:fernet:20140306", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-FERNET-10206" - ], - "CVE": [], - "CWE": [ - "CWE-208" - ] - }, - "language": "js", - "modificationTime": "2019-05-30T14:19:00.416930Z", - "moduleName": "fernet", - "packageManager": "npm", - "packageName": "fernet", - "patches": [], - "publicationTime": "2016-11-22T17:50:33.951000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/csquared/fernet.js/commit/29c456543c69604289931b4e8979ec17bbeeff33" - }, - { - "title": "GitHub PR", - "url": "https://github.com/csquared/fernet.js/pull/7" - } - ], - "semver": { - "vulnerable": [ - "<0.1.0 >=0.0.1" - ] - }, - "severity": "medium", - "title": "Timing Attack" - } - ], - "foundation-sites": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-FOUNDATIONSITES-10743" - ], - "creationTime": "2017-08-02T10:42:11.945000Z", - "credit": [ - "Nathaniel Paulus" - ], - "cvssScore": 6.5, - "disclosureTime": "2017-08-01T21:00:00Z", - "exploit": "Functional", - "fixedIn": [ - "6.0.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:foundation-sites:20170802", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-FOUNDATIONSITES-10743" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:17.843250Z", - "moduleName": "foundation-sites", - "packageManager": "npm", - "packageName": "foundation-sites", - "patches": [], - "publicationTime": "2017-08-02T13:09:44Z", - "references": [], - "semver": { - "vulnerable": [ - "<6.0.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-FOUNDATIONSITES-10414" - ], - "creationTime": "2017-03-06T12:57:37.670000Z", - "credit": [ - "Maya Kokits" - ], - "cvssScore": 6.5, - "disclosureTime": "2015-06-18T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "5.5.3" - ], - "functions": [], - "functions_new": [], - "id": "npm:foundation-sites:20150619", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-FOUNDATIONSITES-10414" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:53.862837Z", - "moduleName": "foundation-sites", - "packageManager": "npm", - "packageName": "foundation-sites", - "patches": [], - "publicationTime": "2017-03-13T08:00:22Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/zurb/foundation-sites/commit/bf57af9429fbe5e4b18e32e951504136df996e10" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/zurb/foundation-sites/issues/6639" - }, - { - "title": "GitHub PR", - "url": "https://github.com/zurb/foundation-sites/pull/6640" - } - ], - "semver": { - "vulnerable": [ - "<5.5.3" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-FOUNDATIONSITES-10413" - ], - "creationTime": "2017-03-06T12:29:55.952000Z", - "credit": [ - "Mathieu Amiot" - ], - "cvssScore": 6.5, - "disclosureTime": "2012-07-16T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.0.6" - ], - "functions": [], - "functions_new": [], - "id": "npm:foundation-sites:20120717", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-FOUNDATIONSITES-10413" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-03-02T14:14:04.551339Z", - "moduleName": "foundation-sites", - "packageManager": "npm", - "packageName": "foundation-sites", - "patches": [], - "publicationTime": "2017-03-13T08:00:22Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/zurb/foundation-sites/commit/f3b408c955011cf19c69be3e5a3c582ced5fd24c" - }, - { - "title": "GitHub PR", - "url": "https://github.com/zurb/foundation-sites/pull/659" - } - ], - "semver": { - "vulnerable": [ - ">=3.0.0 <3.0.6" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "fuelux": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-FUELUX-10124" - ], - "creationTime": "2016-07-25T22:53:17.242000Z", - "credit": [ - "Keenan Jaenicke" - ], - "cvssScore": 7.3, - "disclosureTime": "2016-07-25T17:04:28Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.15.7" - ], - "functions": [], - "functions_new": [], - "id": "npm:fuelux:20160725", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-FUELUX-10124" - ], - "CVE": [ - "CVE-2016-1000235" - ], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-fwcw-5qw2-87mp" - ], - "NSP": [ - 133 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:53.904105Z", - "moduleName": "fuelux", - "packageManager": "npm", - "packageName": "fuelux", - "patches": [], - "publicationTime": "2016-07-25T17:04:28Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/ExactTarget/fuelux/issues/1841" - } - ], - "semver": { - "vulnerable": [ - "<3.15.7" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - } - ], - "fullpage.js": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-FULLPAGEJS-10441" - ], - "creationTime": "2017-03-20T09:25:36.668000Z", - "credit": [ - "t-ashula" - ], - "cvssScore": 6.5, - "disclosureTime": "2015-12-06T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.7.6" - ], - "functions": [], - "functions_new": [], - "id": "npm:fullpage.js:20151207", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-FULLPAGEJS-10441" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:02.834361Z", - "moduleName": "fullpage.js", - "packageManager": "npm", - "packageName": "fullpage.js", - "patches": [], - "publicationTime": "2017-05-08T12:34:45.833000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/alvarotrigo/fullPage.js/commit/03356365ca81b3177357aed42a34a7df5b5351b4" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/alvarotrigo/fullPage.js/pull/1705/commits/186c16ec140976e878f2e4ef4256920dc928d23e" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/alvarotrigo/fullPage.js/issues/1747" - }, - { - "title": "GitHub PR", - "url": "https://github.com/alvarotrigo/fullPage.js/pull/1705" - } - ], - "semver": { - "vulnerable": [ - "<2.7.6" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "getstats": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:U/RC:C", - "alternativeIds": [ - "SNYK-JS-GETSTATS-10953" - ], - "creationTime": "2018-02-26T18:05:55.637000Z", - "credit": [ - "Liang Gong" - ], - "cvssScore": 7.5, - "disclosureTime": "2018-02-26T18:05:55.637000Z", - "exploit": "Functional", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:getstats:20180226", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-GETSTATS-10953" - ], - "CVE": [], - "CWE": [ - "CWE-22" - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.599802Z", - "moduleName": "getstats", - "packageManager": "npm", - "packageName": "getstats", - "patches": [], - "publicationTime": "2018-02-26T18:05:55.637000Z", - "references": [ - { - "title": "PoC by Liang Gong", - "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/getstats" - } - ], - "semver": { - "vulnerable": [ - "<=1.2.0" - ] - }, - "severity": "high", - "title": "Directory Traversal" - } - ], - "git-username": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-GITUSERNAME-10984" - ], - "creationTime": "2018-02-26T14:00:50Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 3.7, - "disclosureTime": "2018-02-26T20:39:06Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "0.5.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:git-username:20180226", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-GITUSERNAME-10984" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.588300Z", - "moduleName": "git-username", - "packageManager": "npm", - "packageName": "git-username", - "patches": [], - "publicationTime": "2018-02-26T14:05:11Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/jonschlinkert/git-username/commit/b4313b31a0d2b51105f96307d6306e150f3df80d" - }, - { - "title": "GitHub PR", - "url": "https://github.com/jonschlinkert/git-username/pull/3" - } - ], - "semver": { - "vulnerable": [ - "<0.5.1" - ] - }, - "severity": "low", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "github-url-to-object": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-GITHUBURLTOOBJECT-10986" - ], - "creationTime": "2018-02-26T14:00:50Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 3.7, - "disclosureTime": "2018-02-26T20:39:06Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "4.0.4" - ], - "functions": [], - "functions_new": [], - "id": "npm:github-url-to-object:20180226", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-GITHUBURLTOOBJECT-10986" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.661015Z", - "moduleName": "github-url-to-object", - "packageManager": "npm", - "packageName": "github-url-to-object", - "patches": [], - "publicationTime": "2018-02-26T14:05:11.654000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/zeke/github-url-to-object/commit/c209cfaade9d5516b5ae81814c5d7b2a53571c90" - }, - { - "title": "GitHub PR", - "url": "https://github.com/zeke/github-url-to-object/pull/34" - } - ], - "semver": { - "vulnerable": [ - "<4.0.4" - ] - }, - "severity": "low", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "gmail-js": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-GMAILJS-10116" - ], - "creationTime": "2016-07-21T16:00:02.338000Z", - "credit": [ - "Gursev Singh Kalra" - ], - "cvssScore": 8.1, - "disclosureTime": "2016-07-21T14:59:33Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.6.5" - ], - "functions": [], - "functions_new": [], - "id": "npm:gmail-js:20160721", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-GMAILJS-10116" - ], - "CVE": [ - "CVE-2016-1000228" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 125 - ] - }, - "language": "js", - "modificationTime": "2019-05-30T14:13:12.798057Z", - "moduleName": "gmail-js", - "packageManager": "npm", - "packageName": "gmail-js", - "patches": [], - "publicationTime": "2016-07-21T14:59:33Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/KartikTalwar/gmail.js/commit/82f1876bdc379531043d3f46ee19b338e8ec907d" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/KartikTalwar/gmail.js/issues/281" - }, - { - "title": "OWASP", - "url": "https://www.owasp.org/index.php/DOM_Based_XSS" - } - ], - "semver": { - "vulnerable": [ - "<0.6.5" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - } - ], - "google-closure-library": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [], - "creationTime": "2020-03-26T13:40:49.597165Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2020-03-26T12:25:52Z", - "exploit": "Not Defined", - "fixedIn": [ - "20200315.0.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-GOOGLECLOSURELIBRARY-561341", - "identifiers": { - "CVE": [ - "CVE-2020-8910" - ], - "CWE": [ - "CWE-200" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:01.638754Z", - "moduleName": "google-closure-library", - "packageManager": "npm", - "packageName": "google-closure-library", - "patches": [], - "publicationTime": "2020-03-26T12:25:52Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/google/closure-library/commit/294fc00b01d248419d8f8de37580adf2a0024fc9" - }, - { - "title": "GitHub Release", - "url": "https://github.com/google/closure-library/releases/tag/v20200315" - } - ], - "semver": { - "vulnerable": [ - "<20200315.0.0" - ] - }, - "severity": "medium", - "title": "Insufficient Validation" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [], - "creationTime": "2019-04-25T11:17:34.115311Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2019-02-22T15:59:06Z", - "exploit": "Not Defined", - "fixedIn": [ - "20190301.0.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-GOOGLECLOSURELIBRARY-174519", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-r9q4-w3fm-wrm2" - ], - "NSP": [ - 878 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:41.392147Z", - "moduleName": "google-closure-library", - "packageManager": "npm", - "packageName": "google-closure-library", - "patches": [], - "publicationTime": "2019-04-25T15:59:06Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/google/closure-library/commit/16201e8c00b98aa4d46a2c6830006ed4608532f4%23diff-1c4efe3483d9d435a96462ea24811bb7" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/google/closure-library/commit/c79ab48e8e962fee57e68739c00e16b9934c0ffa%23commitcomment-33294853" - } - ], - "semver": { - "vulnerable": [ - ">=20190121.0.0 <20190301.0.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "handlebars": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2020-04-28T14:26:34.538485Z", - "credit": [ - "macasun" - ], - "cvssScore": 6.5, - "disclosureTime": "2020-04-27T22:13:11Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "4.6.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-HANDLEBARS-567742", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:04.769831Z", - "moduleName": "handlebars", - "packageManager": "npm", - "packageName": "handlebars", - "patches": [], - "publicationTime": "2020-04-28T14:28:34Z", - "references": [ - { - "title": "GitHub PR", - "url": "https://github.com/handlebars-lang/handlebars.js/pull/1633" - }, - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/726364" - } - ], - "semver": { - "vulnerable": [ - "<4.6.0" - ] - }, - "severity": "medium", - "title": "Prototype Pollution" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "alternativeIds": [], - "creationTime": "2019-11-20T09:54:27.277624Z", - "credit": [ - "Vladyslav Babkin" - ], - "cvssScore": 9.8, - "disclosureTime": "2019-11-18T19:42:01Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.5.3", - "3.0.8" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-HANDLEBARS-534988", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 1325 - ] - }, - "language": "js", - "modificationTime": "2020-02-27T09:35:22.610611Z", - "moduleName": "handlebars", - "packageManager": "npm", - "packageName": "handlebars", - "patches": [], - "publicationTime": "2019-11-20T09:55:17Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/wycats/handlebars.js/commit/198887808780bbef9dba67a8af68ece091d5baa7" - }, - { - "title": "NPM Security Advisory", - "url": "https://www.npmjs.com/advisories/1325" - } - ], - "semver": { - "vulnerable": [ - ">=4.0.0 <4.5.3", - "<3.0.8" - ] - }, - "severity": "high", - "title": "Prototype Pollution" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L", - "alternativeIds": [], - "creationTime": "2019-11-15T15:45:34.906048Z", - "credit": [ - "Francois Lajeunesse-Robert" - ], - "cvssScore": 8.1, - "disclosureTime": "2019-11-14T15:29:41Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.5.3", - "3.0.8" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-HANDLEBARS-534478", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-94" - ], - "NSP": [ - 1316, - 1324 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:03.589231Z", - "moduleName": "handlebars", - "packageManager": "npm", - "packageName": "handlebars", - "patches": [], - "publicationTime": "2019-11-15T15:48:43Z", - "references": [ - { - "title": "NPM Security Advisory #1", - "url": "https://www.npmjs.com/advisories/1316" - }, - { - "title": "NPM Security Advisory #2", - "url": "https://www.npmjs.com/advisories/1324" - } - ], - "semver": { - "vulnerable": [ - ">=4.0.0 <4.5.3", - "<3.0.8" - ] - }, - "severity": "high", - "title": "Arbitrary Code Execution" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [], - "creationTime": "2019-11-05T12:16:29.016014Z", - "credit": [ - "Unknown" - ], - "cvssScore": 7.5, - "disclosureTime": "2019-10-30T15:57:14Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.4.5" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-HANDLEBARS-480388", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 1300 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:55.577532Z", - "moduleName": "handlebars", - "packageManager": "npm", - "packageName": "handlebars", - "patches": [], - "publicationTime": "2019-11-05T12:19:43Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/wycats/handlebars.js/commit/8d5530ee2c3ea9f0aee3fde310b9f36887d00b8b" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/wycats/handlebars.js/issues/1579" - }, - { - "title": "NPM Security Advisory", - "url": "https://www.npmjs.com/advisories/1300" - } - ], - "semver": { - "vulnerable": [ - ">=4.0.0 <4.4.5" - ] - }, - "severity": "high", - "title": "Denial of Service (DoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [], - "creationTime": "2019-09-25T13:12:40.749568Z", - "credit": [ - "itszn" - ], - "cvssScore": 7.3, - "disclosureTime": "2019-09-24T15:14:43Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.3.0", - "3.8.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-HANDLEBARS-469063", - "identifiers": { - "CVE": [ - "CVE-2019-19919" - ], - "CWE": [ - "CWE-471" - ], - "NSP": [ - 1164 - ] - }, - "language": "js", - "modificationTime": "2020-02-27T09:38:25.232243Z", - "moduleName": "handlebars", - "packageManager": "npm", - "packageName": "handlebars", - "patches": [], - "publicationTime": "2019-09-25T14:33:59Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/wycats/handlebars.js/commit/213c0bbe3c4bd83a534d67384e5afa0000347ff6" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/wycats/handlebars.js/commit/7b67a29a8c926b38af265c727ff6551fbb277111" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/wycats/handlebars.js/issues/1558" - }, - { - "title": "Reference", - "url": "https://www.npmjs.com/advisories/1164" - }, - { - "title": "Release Notes", - "url": "https://github.com/wycats/handlebars.js/blob/master/release-notes.md%23v430---september-24th-2019" - } - ], - "semver": { - "vulnerable": [ - ">=4.0.0 <4.3.0", - "<3.8.0" - ] - }, - "severity": "high", - "title": "Prototype Pollution" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [], - "creationTime": "2019-04-14T11:55:45.212136Z", - "credit": [ - "Nils Knappmeier" - ], - "cvssScore": 7.3, - "disclosureTime": "2019-04-13T06:31:34Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.0.7", - "4.1.2", - "4.0.14" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "lib/handlebars/helpers/lookup.js", - "functionName": "module.exports" - }, - "version": [ - ">3.0.6 <4.1.2" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "lib/handlebars/helpers/lookup.js", - "functionName": "module.exports" - }, - "version": [ - ">3.0.6 <4.1.2" - ] - } - ], - "id": "SNYK-JS-HANDLEBARS-174183", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-471" - ], - "GHSA": [ - "GHSA-q42p-pg8m-cqh6" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:03.054230Z", - "moduleName": "handlebars", - "packageManager": "npm", - "packageName": "handlebars", - "patches": [], - "publicationTime": "2019-04-14T06:31:34Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/wycats/handlebars.js/commit/cd38583216dce3252831916323202749431c773e" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/wycats/handlebars.js/issues/1495" - }, - { - "title": "SNYK-JS-HANDLEBARS-173692", - "url": "https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692" - } - ], - "semver": { - "vulnerable": [ - ">=3.0.0 <3.0.7", - ">=4.1.0 <4.1.2", - ">=4.0.0 <4.0.14" - ] - }, - "severity": "high", - "title": "Prototype Pollution" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [], - "creationTime": "2019-02-14T16:46:18.024227Z", - "credit": [ - "Mahmoud Gamal", - "Matias Lang" - ], - "cvssScore": 7.3, - "disclosureTime": "2018-12-28T20:34:57Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.0.14", - "4.1.2" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "dist/amd/handlebars/compiler/javascript-compiler.js", - "functionName": "JavaScriptCompiler.prototype.nameLookup" - }, - "version": [ - ">1.0.12 <4.0.13" - ] - }, - { - "functionId": { - "className": null, - "filePath": "dist/handlebars.js", - "functionName": "JavaScriptCompiler.Handlebars.JavaScriptCompiler" - }, - "version": [ - ">=1.0.6 <=1.0.12" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "dist/amd/handlebars/compiler/javascript-compiler.js", - "functionName": "JavaScriptCompiler.prototype.nameLookup" - }, - "version": [ - ">1.0.12 <4.0.13" - ] - }, - { - "functionId": { - "filePath": "dist/handlebars.js", - "functionName": "JavaScriptCompiler.Handlebars.JavaScriptCompiler" - }, - "version": [ - ">=1.0.6 <=1.0.12" - ] - } - ], - "id": "SNYK-JS-HANDLEBARS-173692", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-471" - ], - "GHSA": [ - "GHSA-6r5x-hmgg-7h53" - ], - "NSP": [ - 755 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:56.040863Z", - "moduleName": "handlebars", - "packageManager": "npm", - "packageName": "handlebars", - "patches": [], - "publicationTime": "2019-02-14T17:52:50Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/wycats/handlebars.js/commit/7372d4e9dffc9d70c09671aa28b9392a1577fd86" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/wycats/handlebars.js/issues/1495" - }, - { - "title": "NPM Security Advisory", - "url": "https://www.npmjs.com/advisories/755" - } - ], - "semver": { - "vulnerable": [ - "<4.0.14", - ">=4.1.0 <4.1.2" - ] - }, - "severity": "high", - "title": "Prototype Pollution" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-HANDLEBARS-10068" - ], - "creationTime": "2015-12-14T23:52:16.811000Z", - "credit": [ - "Matias P. Brutti" - ], - "cvssScore": 5.3, - "disclosureTime": "2015-12-07T16:52:07Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.0.0" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "lib/handlebars/utils.js", - "functionName": "escapeExpression" - }, - "version": [ - "<4.0.0" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "lib/handlebars/utils.js", - "functionName": "escapeExpression" - }, - "version": [ - "<4.0.0" - ] - } - ], - "id": "npm:handlebars:20151207", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-HANDLEBARS-10068" - ], - "CVE": [ - "CVE-2015-8861" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 61 - ] - }, - "language": "js", - "modificationTime": "2019-02-14T17:52:40.408079Z", - "moduleName": "handlebars", - "packageManager": "npm", - "packageName": "handlebars", - "patches": [ - { - "comments": [ - "https://github.com/wycats/handlebars.js/commit/83b8e846a3569bd366cf0b6bdc1e4604d1a2077e" - ], - "id": "patch:npm:handlebars:20151207:0", - "modificationTime": "2019-12-03T11:40:45.781030Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/handlebars/20151207/handlebars_0.patch" - ], - "version": "<4.0.0 >=3.0.2" - } - ], - "publicationTime": "2015-12-14T23:52:16Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/wycats/handlebars.js/commit/83b8e846a3569bd366cf0b6bdc1e4604d1a2077e" - } - ], - "semver": { - "vulnerable": [ - "<4.0.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-HANDLEBARS-10047" - ], - "creationTime": "2015-11-06T02:09:36.180000Z", - "credit": [], - "cvssScore": 5.3, - "disclosureTime": "2015-11-06T02:09:36.180000Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:handlebars:20110425", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-HANDLEBARS-10047" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:52.100258Z", - "moduleName": "handlebars", - "packageManager": "npm", - "packageName": "handlebars", - "patches": [ - { - "comments": [ - "https://github.com/rgrove/handlebars.js/commit/b291a1ad8c9a33f834d126450635f0b6ca546a0c.patch" - ], - "id": "patch:npm:handlebars:20110425:0", - "modificationTime": "2019-12-03T11:40:45.758729Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/handlebars/20110425/handlebars_20110425_0_0_b291a1ad8c9a33f834d126450635f0b6ca546a0c.patch" - ], - "version": "<=1.0.0-beta.3" - } - ], - "publicationTime": "2015-11-06T02:09:36.180000Z", - "references": [ - { - "title": "GitHub PR", - "url": "https://github.com/wycats/handlebars.js/pull/68" - } - ], - "semver": { - "vulnerable": [ - "<=1.0.0-beta.3" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "haraka": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2019-08-01T08:10:18.951375Z", - "credit": [ - "Unknown" - ], - "cvssScore": 8.1, - "disclosureTime": "2018-06-15T08:09:35Z", - "exploit": "High", - "fixedIn": [ - "2.8.20" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-HARAKA-456231", - "identifiers": { - "CVE": [ - "CVE-2016-1000282" - ], - "CWE": [ - "CWE-94" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:43.985934Z", - "moduleName": "haraka", - "packageManager": "npm", - "packageName": "haraka", - "patches": [], - "publicationTime": "2019-08-01T08:09:26Z", - "references": [ - { - "title": "Exploit DB", - "url": "https://www.exploit-db.com/exploits/41162" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/haraka/Haraka/commit/ff7646d879b1c21d0cfcd5f1d62eaf607cc452a8" - } - ], - "semver": { - "vulnerable": [ - "<2.8.20" - ] - }, - "severity": "high", - "title": "Remote Code Execution (RCE)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [ - "SNYK-JS-HARAKA-11112" - ], - "creationTime": "2018-06-25T13:44:14.646000Z", - "credit": [ - "Joran Dirk Greef (Ronomon)" - ], - "cvssScore": 7.5, - "disclosureTime": "2018-06-25T13:44:14.646000Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.8.19" - ], - "functions": [], - "functions_new": [], - "id": "npm:haraka:20180625", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-HARAKA-11112" - ], - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2019-06-02T07:10:37.327748Z", - "moduleName": "haraka", - "packageManager": "npm", - "packageName": "haraka", - "patches": [], - "publicationTime": "2018-06-25T13:44:14.646000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/haraka/Haraka/commit/ff7646d879b1c21d0cfcd5f1d62eaf607cc452a8" - }, - { - "title": "GitHub PR", - "url": "https://github.com/haraka/Haraka/pull/2447" - } - ], - "semver": { - "vulnerable": [ - "<2.8.19" - ] - }, - "severity": "high", - "title": "Denial of Service (DoS)" - } - ], - "harb": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:U/RC:C", - "alternativeIds": [ - "SNYK-JS-HARB-10911" - ], - "creationTime": "2018-02-20T14:36:50Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 3.7, - "disclosureTime": "2018-02-21T16:19:06Z", - "exploit": "Proof of Concept", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:harb:20180222", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-HARB-10911" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.594805Z", - "moduleName": "harb", - "packageManager": "npm", - "packageName": "harb", - "patches": [], - "publicationTime": "2018-02-22T15:42:01.763000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/SheetJS/js-xlsx/commit/88e9e31ebf067c40b58c84dc1a7a842750c379ba" - } - ], - "semver": { - "vulnerable": [ - "<=1.0.0" - ] - }, - "severity": "low", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "hawk": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "alternativeIds": [ - "SNYK-JS-HAWK-10080" - ], - "creationTime": "2016-01-19T23:24:51.834000Z", - "credit": [ - "Adam Baldwin" - ], - "cvssScore": 3.7, - "disclosureTime": "2016-01-19T21:51:35Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.1.3", - "4.1.1" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "lib/hawk.js", - "functionName": "exports.authenticate" - }, - "version": [ - "<=0.0.6" - ] - }, - { - "functionId": { - "className": null, - "filePath": "lib/index.js", - "functionName": "exports.authenticate" - }, - "version": [ - ">=0.0.7 <0.10.0" - ] - }, - { - "functionId": { - "className": null, - "filePath": "lib/server.js", - "functionName": "exports.authenticate" - }, - "version": [ - ">=0.10.0 <0.12.1" - ] - }, - { - "functionId": { - "className": null, - "filePath": "lib/server.js", - "functionName": "exports.authenticateBewit" - }, - "version": [ - ">=0.12.1 <3.1.3", - ">=4.0.0 <4.1.1" - ] - }, - { - "functionId": { - "className": null, - "filePath": "lib/utils.js", - "functionName": "exports.parseHost" - }, - "version": [ - ">=0.3.0 <3.1.3", - ">=4.0.0 <4.1.1" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "lib/hawk.js", - "functionName": "exports.authenticate" - }, - "version": [ - "<=0.0.6" - ] - }, - { - "functionId": { - "filePath": "lib/index.js", - "functionName": "exports.authenticate" - }, - "version": [ - ">=0.0.7 <0.10.0" - ] - }, - { - "functionId": { - "filePath": "lib/server.js", - "functionName": "exports.authenticate" - }, - "version": [ - ">=0.10.0 <0.12.1" - ] - }, - { - "functionId": { - "filePath": "lib/server.js", - "functionName": "exports.authenticateBewit" - }, - "version": [ - ">=0.12.1 <3.1.3", - ">=4.0.0 <4.1.1" - ] - }, - { - "functionId": { - "filePath": "lib/utils.js", - "functionName": "exports.parseHost" - }, - "version": [ - ">=0.3.0 <3.1.3", - ">=4.0.0 <4.1.1" - ] - } - ], - "id": "npm:hawk:20160119", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-HAWK-10080" - ], - "CVE": [ - "CVE-2016-2515" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 77 - ] - }, - "language": "js", - "modificationTime": "2019-04-29T17:06:31.778992Z", - "moduleName": "hawk", - "packageManager": "npm", - "packageName": "hawk", - "patches": [ - { - "comments": [], - "id": "patch:npm:hawk:20160119:0", - "modificationTime": "2019-12-03T11:40:45.789189Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/hawk/20160119/hawk_20160119_0_0_0833f99ba64558525995a7e21d4093da1f3e15fa.patch" - ], - "version": "<4.1.1 >=4.0.0" - }, - { - "comments": [], - "id": "patch:npm:hawk:20160119:1", - "modificationTime": "2019-12-03T11:40:45.790286Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/hawk/20160119/hawk_20160119_0_1_0833f99ba64558525995a7e21d4093da1f3e15fa.patch" - ], - "version": "<=3.1.2 >=3.0.0" - }, - { - "comments": [], - "id": "patch:npm:hawk:20160119:2", - "modificationTime": "2019-12-03T11:40:45.791342Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/hawk/20160119/hawk_20160119_0_2_0833f99ba64558525995a7e21d4093da1f3e15fa.patch" - ], - "version": "<= 2.3.1 >= 2.2.0" - }, - { - "comments": [], - "id": "patch:npm:hawk:20160119:3", - "modificationTime": "2019-12-03T11:40:45.792397Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/hawk/20160119/hawk_20160119_0_3_0833f99ba64558525995a7e21d4093da1f3e15fa.patch" - ], - "version": "<= 1.1.1 >= 1.0.0" - } - ], - "publicationTime": "2016-01-19T23:24:51Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/hapijs/hawk/commit/0833f99ba64558525995a7e21d4093da1f3e15fa" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/hueniverse/hawk/issues/168" - } - ], - "semver": { - "vulnerable": [ - "<3.1.3", - ">=4.0.0 <4.1.1" - ] - }, - "severity": "low", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "highcharts": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2020-06-11T08:33:05.776850Z", - "credit": [ - "Torstein Hønsi" - ], - "cvssScore": 8.7, - "disclosureTime": "2020-06-11T08:30:10Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "7.2.2", - "8.1.1" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-HIGHCHARTS-571995", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-gr4j-r575-g665" - ], - "NSP": [ - 1227 - ] - }, - "language": "js", - "modificationTime": "2020-08-25T16:26:37.492587Z", - "moduleName": "highcharts", - "packageManager": "npm", - "packageName": "highcharts", - "patches": [], - "publicationTime": "2020-06-11T08:33:11Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/highcharts/highcharts/issues/13559" - }, - { - "title": "NPM Security Advisory", - "url": "https://www.npmjs.com/advisories/1227" - }, - { - "title": "PoC", - "url": "https://jsfiddle.net/highcharts/zvnhej9L/" - } - ], - "semver": { - "vulnerable": [ - "<7.2.2", - ">=8.0.0 <8.1.1" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-HIGHCHARTS-11012" - ], - "creationTime": "2018-03-01T16:02:49.081000Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 7.1, - "disclosureTime": "2018-03-01T16:02:49Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "6.1.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:highcharts:20180225", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-HIGHCHARTS-11012" - ], - "CVE": [ - "CVE-2018-20801" - ], - "CWE": [ - "CWE-185", - "CWE-400" - ], - "GHSA": [ - "GHSA-m45f-4828-5cv5" - ], - "NSP": [ - 793 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:53.944814Z", - "moduleName": "highcharts", - "packageManager": "npm", - "packageName": "highcharts", - "patches": [], - "publicationTime": "2018-03-01T16:02:49Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/highcharts/highcharts/commit/7c547e1e0f5e4379f94396efd559a566668c0dfa" - } - ], - "semver": { - "vulnerable": [ - "<6.1.0" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "html-dom-parser": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-HTMLDOMPARSER-10904" - ], - "creationTime": "2018-02-20T14:36:50Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 3.7, - "disclosureTime": "2018-02-20T20:39:06Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "0.1.3" - ], - "functions": [], - "functions_new": [], - "id": "npm:html-dom-parser:20180220", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-HTMLDOMPARSER-10904" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:46.705578Z", - "moduleName": "html-dom-parser", - "packageManager": "npm", - "packageName": "html-dom-parser", - "patches": [], - "publicationTime": "2018-02-20T17:25:11Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/remarkablemark/html-dom-parser/commit/b80d699bbbd45d254379e6916152c918998e3b10" - }, - { - "title": "GitHub PR", - "url": "https://github.com/remarkablemark/html-dom-parser/pull/8" - } - ], - "semver": { - "vulnerable": [ - "<0.1.3" - ] - }, - "severity": "low", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "i18next": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2020-07-19T10:21:15.892249Z", - "credit": [ - "Snyk Security Team" - ], - "cvssScore": 4.8, - "disclosureTime": "2020-07-11T10:19:01Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "19.6.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-I18NEXT-585930", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-07-19T16:14:31.125195Z", - "moduleName": "i18next", - "packageManager": "npm", - "packageName": "i18next", - "patches": [], - "publicationTime": "2020-07-19T16:14:30.529190Z", - "references": [ - { - "title": "GitHub PR", - "url": "https://github.com/i18next/i18next/pull/1482" - } - ], - "semver": { - "vulnerable": [ - "<19.6.0" - ] - }, - "severity": "medium", - "title": "Prototype Pollution" - }, - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [], - "creationTime": "2020-07-09T07:42:26.820588Z", - "credit": [ - "lynn" - ], - "cvssScore": 4.9, - "disclosureTime": "2020-07-09T07:34:11Z", - "exploit": "Not Defined", - "fixedIn": [ - "19.5.5" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-I18NEXT-575536", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-119" - ] - }, - "language": "js", - "modificationTime": "2020-07-09T14:37:29.985246Z", - "moduleName": "i18next", - "packageManager": "npm", - "packageName": "i18next", - "patches": [], - "publicationTime": "2020-07-09T14:37:29.376715Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/i18next/i18next/commit/360c8a92dcfe90964b433fa947f7f467a10887da" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/i18next/i18next/issues/1479" - } - ], - "semver": { - "vulnerable": [ - "<19.5.5" - ] - }, - "severity": "medium", - "title": "Buffer Overflow" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-I18NEXT-10392" - ], - "creationTime": "2017-01-23T08:40:29.649000Z", - "credit": [ - "alexmchardy" - ], - "cvssScore": 6.5, - "disclosureTime": "2016-10-12T21:00:00Z", - "exploit": "High", - "fixedIn": [ - "3.4.4" - ], - "functions": [], - "functions_new": [], - "id": "npm:i18next:20161013", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-I18NEXT-10392" - ], - "CVE": [ - "CVE-2017-16010" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 326 - ] - }, - "language": "js", - "modificationTime": "2019-12-23T12:39:47.811510Z", - "moduleName": "i18next", - "packageManager": "npm", - "packageName": "i18next", - "patches": [], - "publicationTime": "2017-02-13T08:40:29.649000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/i18next/i18next/pull/826/commits/d367309d4427c2d651b0f0b304504cf59c056cab" - }, - { - "title": "GitHub PR", - "url": "https://github.com/i18next/i18next/pull/826" - } - ], - "semver": { - "vulnerable": [ - ">=2.0.0 <3.4.4" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-I18NEXT-10391" - ], - "creationTime": "2017-01-23T08:35:35.650000Z", - "credit": [ - "KJ Tsanaktsidis" - ], - "cvssScore": 6.5, - "disclosureTime": "2015-10-17T21:00:00Z", - "exploit": "High", - "fixedIn": [ - "1.10.3" - ], - "functions": [], - "functions_new": [], - "id": "npm:i18next:20151018", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-I18NEXT-10391" - ], - "CVE": [ - "CVE-2017-16008" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 325 - ] - }, - "language": "js", - "modificationTime": "2019-12-23T12:42:27.631848Z", - "moduleName": "i18next", - "packageManager": "npm", - "packageName": "i18next", - "patches": [], - "publicationTime": "2017-02-13T08:35:35Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/i18next/i18next/pull/443/commits/34e8e13a2b64708a0aed01092e4dbfd0e5013831" - }, - { - "title": "GitHub PR", - "url": "https://github.com/i18next/i18next/pull/443" - } - ], - "semver": { - "vulnerable": [ - "<1.10.3" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "is-my-json-valid": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2020-08-02T12:14:47.006233Z", - "credit": [ - "chalker" - ], - "cvssScore": 7.3, - "disclosureTime": "2020-07-31T17:14:47Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "2.20.3" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-ISMYJSONVALID-597167", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-94" - ] - }, - "language": "js", - "modificationTime": "2020-08-02T15:04:45.893491Z", - "moduleName": "is-my-json-valid", - "packageManager": "npm", - "packageName": "is-my-json-valid", - "patches": [], - "publicationTime": "2020-08-02T15:04:45.880122Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/mafintosh/is-my-json-valid/commit/3419563687df463b4ca709a2b46be8e15d6a2b3d" - }, - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/894308" - } - ], - "semver": { - "vulnerable": [ - "<2.20.3" - ] - }, - "severity": "high", - "title": "Arbitrary Code Execution" - }, - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2020-08-02T12:09:52.577067Z", - "credit": [ - "chalker" - ], - "cvssScore": 7.5, - "disclosureTime": "2020-07-31T17:13:38Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "2.20.2" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-ISMYJSONVALID-597165", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-08-02T15:04:47.420926Z", - "moduleName": "is-my-json-valid", - "packageManager": "npm", - "packageName": "is-my-json-valid", - "patches": [], - "publicationTime": "2020-08-02T15:04:47.405171Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/mafintosh/is-my-json-valid/commit/c3fc04fc455d40e9b29537f8e2c73a28ce106edb" - }, - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/909757" - } - ], - "semver": { - "vulnerable": [ - "<2.20.2" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-ISMYJSONVALID-10887" - ], - "creationTime": "2018-02-15T14:36:50Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 3.7, - "disclosureTime": "2018-02-13T20:39:06Z", - "exploit": "Functional", - "fixedIn": [ - "1.4.1", - "2.17.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:is-my-json-valid:20180214", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ISMYJSONVALID-10887" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ], - "GHSA": [ - "GHSA-4x7c-cx64-49w8" - ], - "NSP": [ - 572 - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.620384Z", - "moduleName": "is-my-json-valid", - "packageManager": "npm", - "packageName": "is-my-json-valid", - "patches": [], - "publicationTime": "2018-02-15T19:52:28Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/mafintosh/is-my-json-valid/commit/b3051b277f7caa08cd2edc6f74f50aeda65d2976" - }, - { - "title": "GitHub PR", - "url": "https://github.com/mafintosh/is-my-json-valid/pull/159" - }, - { - "title": "Hackerone Report", - "url": "https://hackerone.com/reports/317548" - } - ], - "semver": { - "vulnerable": [ - "<1.4.1", - ">=2.0.0 <2.17.2" - ] - }, - "severity": "low", - "title": "Regular Expression Denial of Service (ReDoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-ISMYJSONVALID-10079" - ], - "creationTime": "2016-01-18T12:28:12.885000Z", - "credit": [ - "Adam Baldwin" - ], - "cvssScore": 7.5, - "disclosureTime": "2016-01-18T04:29:55Z", - "exploit": "Functional", - "fixedIn": [ - "2.12.4" - ], - "functions": [], - "functions_new": [], - "id": "npm:is-my-json-valid:20160118", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ISMYJSONVALID-10079" - ], - "CVE": [ - "CVE-2016-2537" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 76 - ] - }, - "language": "js", - "modificationTime": "2019-07-29T12:46:59.131459Z", - "moduleName": "is-my-json-valid", - "packageManager": "npm", - "packageName": "is-my-json-valid", - "patches": [ - { - "comments": [], - "id": "patch:npm:is-my-json-valid:20160118:0", - "modificationTime": "2019-12-03T11:40:45.786915Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/is-my-json-valid/20160118/imjv_20160118_0_0_eca4beb21e61877d76fdf6bea771f72f39544d9b.patch" - ], - "version": "<=2.12.3 >=2.0.3" - }, - { - "comments": [], - "id": "patch:npm:is-my-json-valid:20160118:1", - "modificationTime": "2019-12-03T11:40:45.787990Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/is-my-json-valid/20160118/imjv_20160118_0_1_eca4beb21e61877d76fdf6bea771f72f39544d9b.patch" - ], - "version": "<2.0.3 >=1.3.4" - } - ], - "publicationTime": "2016-01-18T12:28:12Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/mafintosh/is-my-json-valid/commit/eca4beb21e61877d76fdf6bea771f72f39544d9b" - } - ], - "semver": { - "vulnerable": [ - "<2.12.4" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "is-url": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-ISURL-11086" - ], - "creationTime": "2018-04-15T15:16:33.552000Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 7.1, - "disclosureTime": "2018-03-19T15:16:33Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "1.2.4" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "index.js", - "functionName": "isURL" - }, - "version": [ - "<1.2.4" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "index.js", - "functionName": "isURL" - }, - "version": [ - "<1.2.4" - ] - } - ], - "id": "npm:is-url:20180319", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ISURL-11086" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.251598Z", - "moduleName": "is-url", - "packageManager": "npm", - "packageName": "is-url", - "patches": [], - "publicationTime": "2018-04-15T15:16:33Z", - "references": [ - { - "title": "GitHub PR", - "url": "https://github.com/segmentio/is-url/pull/18" - } - ], - "semver": { - "vulnerable": [ - "<1.2.4" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "ismobilejs": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [], - "creationTime": "2018-11-21T11:53:37.046812Z", - "credit": [ - "Cristian-Alexandru Staicu" - ], - "cvssScore": 7.5, - "disclosureTime": "2017-09-05T17:51:11Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.5.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-ISMOBILEJS-72624", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2018-12-16T14:51:35.260688Z", - "moduleName": "ismobilejs", - "packageManager": "npm", - "packageName": "ismobilejs", - "patches": [], - "publicationTime": "2018-06-25T13:19:27Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/kaimallea/isMobile/commit/8a075cf2a58b7e25bbb15827612d49b79f8cd9bc" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/kaimallea/isMobile/issues/66" - } - ], - "semver": { - "vulnerable": [ - "<0.5.0" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "jplayer": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-JPLAYER-12199" - ], - "creationTime": "2018-08-13T08:22:58.092000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2013-05-11T08:22:58.092000Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.2.20" - ], - "functions": [], - "functions_new": [], - "id": "npm:jplayer:20130511", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JPLAYER-12199" - ], - "CVE": [ - "CVE-2013-1942" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:29.546622Z", - "moduleName": "jplayer", - "packageManager": "npm", - "packageName": "jplayer", - "patches": [], - "publicationTime": "2018-08-21T14:05:45.058000Z", - "references": [ - { - "title": "NVD", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1942" - } - ], - "semver": { - "vulnerable": [ - "<2.2.20" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-JPLAYER-12197" - ], - "creationTime": "2018-08-13T08:22:58.092000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2013-08-15T17:55:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.3.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:jplayer:20180813", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JPLAYER-12197" - ], - "CVE": [ - "CVE-2013-2023" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:28.805086Z", - "moduleName": "jplayer", - "packageManager": "npm", - "packageName": "jplayer", - "patches": [], - "publicationTime": "2018-08-21T14:05:45.133000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/jplayer/jPlayer/commit/8ccc429598d62eebe9f65a0a4e6fd406a123c8b4" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/jplayer/jPlayer/issues/162" - } - ], - "semver": { - "vulnerable": [ - "<2.3.2" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-JPLAYER-11136" - ], - "creationTime": "2018-08-13T08:22:58.092000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2013-08-17T16:55:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.3.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:jplayer:20180814", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JPLAYER-11136" - ], - "CVE": [ - "CVE-2013-2022" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:34.386609Z", - "moduleName": "jplayer", - "packageManager": "npm", - "packageName": "jplayer", - "patches": [], - "publicationTime": "2018-08-21T14:05:45.193000Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/jplayer/jPlayer/issues/162" - } - ], - "semver": { - "vulnerable": [ - "<2.3.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "jqtree": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-JQTREE-10123" - ], - "creationTime": "2016-07-25T22:53:17.243000Z", - "credit": [ - "Monisha-M" - ], - "cvssScore": 7.3, - "disclosureTime": "2016-07-25T16:25:39Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.3.4" - ], - "functions": [], - "functions_new": [], - "id": "npm:jqtree:20160725", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JQTREE-10123" - ], - "CVE": [ - "CVE-2016-1000234" - ], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-gjhx-gxwx-jx9j" - ], - "NSP": [ - 132 - ] - }, - "language": "js", - "modificationTime": "2020-09-07T11:59:25.698291Z", - "moduleName": "jqtree", - "packageManager": "npm", - "packageName": "jqtree", - "patches": [], - "publicationTime": "2016-07-25T16:25:39Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/mbraak/jqTree/issues/437" - } - ], - "semver": { - "vulnerable": [ - "<1.3.4" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - } - ], - "jquery": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2020-05-19T11:29:29.873826Z", - "credit": [ - "Robert McLaughlin" - ], - "cvssScore": 5.4, - "disclosureTime": "2020-05-19T11:26:48Z", - "exploit": "Unproven", - "fixedIn": [ - "1.9.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-JQUERY-569619", - "identifiers": { - "CVE": [ - "CVE-2020-7656" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-05-19T16:10:02.557171Z", - "moduleName": "jquery", - "packageManager": "npm", - "packageName": "jquery", - "patches": [], - "publicationTime": "2020-05-19T13:16:51Z", - "references": [ - { - "title": "GitHub Additional Information", - "url": "https://github.com/jquery/jquery/blob/9e6393b0bcb52b15313f88141d0bd7dd54227426/src/ajax.js%23L203" - } - ], - "semver": { - "vulnerable": [ - "<1.9.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:R", - "alternativeIds": [], - "creationTime": "2020-04-30T12:29:39.885866Z", - "credit": [ - "Masato Kinugawa" - ], - "cvssScore": 6.5, - "disclosureTime": "2020-04-29T23:02:09Z", - "exploit": "Unproven", - "fixedIn": [ - "3.5.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-JQUERY-567880", - "identifiers": { - "CVE": [ - "CVE-2020-11022" - ], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-v73w-r9xg-7cr9" - ], - "NSP": [ - 1518 - ] - }, - "language": "js", - "modificationTime": "2020-05-05T06:44:17.559695Z", - "moduleName": "jquery", - "packageManager": "npm", - "packageName": "jquery", - "patches": [], - "publicationTime": "2020-04-29T23:02:09Z", - "references": [ - { - "title": "GHSA", - "url": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77" - }, - { - "title": "JQuery 3.5.0 Release", - "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/" - }, - { - "title": "JQuery Upgrade Guide", - "url": "https://jquery.com/upgrade-guide/3.5/" - } - ], - "semver": { - "vulnerable": [ - ">=1.2.0 <3.5.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2020-04-13T07:16:49.518552Z", - "credit": [ - "Masato Kinugawa" - ], - "cvssScore": 6.3, - "disclosureTime": "2020-04-10T00:00:00Z", - "exploit": "Unproven", - "fixedIn": [ - "3.5.0" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "src/manipulation.js", - "functionName": "htmlPrefilter" - }, - "version": [ - ">=1.0.3 <3.5.0" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "src/manipulation.js", - "functionName": "htmlPrefilter" - }, - "version": [ - ">=1.0.3 <3.5.0" - ] - } - ], - "id": "SNYK-JS-JQUERY-565129", - "identifiers": { - "CVE": [ - "CVE-2020-11023" - ], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-jpcq-cgw6-v4j6" - ] - }, - "language": "js", - "modificationTime": "2020-05-11T07:50:37.649500Z", - "moduleName": "jquery", - "packageManager": "npm", - "packageName": "jquery", - "patches": [], - "publicationTime": "2020-04-13T15:33:49Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77" - }, - { - "title": "Release Notes", - "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/" - } - ], - "semver": { - "vulnerable": [ - ">=1.0.3 <3.5.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [], - "creationTime": "2019-03-27T08:43:07.568451Z", - "credit": [ - "Semmle Security Research Team" - ], - "cvssScore": 5.6, - "disclosureTime": "2019-03-26T08:40:15Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.4.0" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "test/core.js", - "functionName": "module.exports.jQuery.extend(Object, Object)" - }, - "version": [ - "<=1.8.3" - ] - }, - { - "functionId": { - "className": null, - "filePath": "src/core.js", - "functionName": "jQuery.extend.jQuery.fn.extend" - }, - "version": [ - ">1.8.3 <=2.2.4" - ] - }, - { - "functionId": { - "className": null, - "filePath": "dist/core.js", - "functionName": "jQuery.extend.jQuery.fn.extend" - }, - "version": [ - ">2.2.4 <=3.3.1" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "test/core.js", - "functionName": "module.exports.jQuery.extend(Object, Object)" - }, - "version": [ - "<=1.8.3" - ] - }, - { - "functionId": { - "filePath": "src/core.js", - "functionName": "jQuery.extend.jQuery.fn.extend" - }, - "version": [ - ">1.8.3 <=2.2.4" - ] - }, - { - "functionId": { - "filePath": "dist/core.js", - "functionName": "jQuery.extend.jQuery.fn.extend" - }, - "version": [ - ">2.2.4 <=3.3.1" - ] - } - ], - "id": "SNYK-JS-JQUERY-174006", - "identifiers": { - "CVE": [ - "CVE-2019-11358", - "CVE-2019-5428" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 796 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:01.438521Z", - "moduleName": "jquery", - "packageManager": "npm", - "packageName": "jquery", - "patches": [], - "publicationTime": "2019-03-27T08:40:08Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b" - }, - { - "title": "GitHub PR", - "url": "https://github.com/jquery/jquery/pull/4333" - }, - { - "title": "Hackerone Report", - "url": "https://hackerone.com/reports/454365" - }, - { - "title": "Snyk Blog", - "url": "https://snyk.io/blog/after-three-years-of-silence-a-new-jquery-prototype-pollution-vulnerability-emerges-once-again/" - }, - { - "title": "Third-Party Backported Patches Repo", - "url": "https://github.com/DanielRuf/snyk-js-jquery-174006" - } - ], - "semver": { - "vulnerable": [ - "<3.4.0" - ] - }, - "severity": "medium", - "title": "Prototype Pollution" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-JQUERY-10187" - ], - "creationTime": "2016-11-06T15:37:35.224000Z", - "credit": [ - "Michał Gołębiowski" - ], - "cvssScore": 3.7, - "disclosureTime": "2016-05-28T21:00:00Z", - "exploit": "Functional", - "fixedIn": [ - "3.0.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:jquery:20160529", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JQUERY-10187" - ], - "CVE": [ - "CVE-2016-10707" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 330 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:18.167230Z", - "moduleName": "jquery", - "packageManager": "npm", - "packageName": "jquery", - "patches": [], - "publicationTime": "2016-12-26T15:37:35Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/jquery/jquery/issues/3133" - }, - { - "title": "GitHub PR", - "url": "https://github.com/jquery/jquery/pull/3134" - }, - { - "title": "jsfiddle", - "url": "https://jsfiddle.net/shnann6y/2/" - } - ], - "semver": { - "vulnerable": [ - ">=3.0.0-rc1 <3.0.0" - ] - }, - "severity": "low", - "title": "Denial of Service (DoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-JQUERY-10186" - ], - "creationTime": "2016-11-06T15:12:44.538000Z", - "credit": [ - "Egor Homakov" - ], - "cvssScore": 5.4, - "disclosureTime": "2015-06-26T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.12.2", - "2.2.2", - "3.0.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:jquery:20150627", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JQUERY-10186" - ], - "CVE": [ - "CVE-2015-9251", - "CVE-2017-16012" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 328 - ] - }, - "language": "js", - "modificationTime": "2019-06-21T14:19:55.221734Z", - "moduleName": "jquery", - "packageManager": "npm", - "packageName": "jquery", - "patches": [], - "publicationTime": "2016-11-27T00:00:00Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/jquery/jquery/issues/2432" - }, - { - "title": "GitHub PR", - "url": "https://github.com/jquery/jquery/pull/2588" - } - ], - "semver": { - "vulnerable": [ - "<1.12.2", - ">=1.12.3 <2.2.2", - ">=2.2.3 <3.0.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-JQUERY-10185" - ], - "creationTime": "2016-11-06T14:16:53.138000Z", - "credit": [ - "Mauro Risonho de Paula Assumpção" - ], - "cvssScore": 5.4, - "disclosureTime": "2014-09-01T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.6.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:jquery:20140902", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JQUERY-10185" - ], - "CVE": [ - "CVE-2014-6071" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:22.392941Z", - "moduleName": "jquery", - "packageManager": "npm", - "packageName": "jquery", - "patches": [], - "publicationTime": "2016-10-20T14:16:53Z", - "references": [ - { - "title": "RedHat Bugzilla Bug", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id&%23x3D%3B1136683" - }, - { - "title": "Seclists Full Disclosure", - "url": "http://seclists.org/fulldisclosure/2014/Sep/10" - } - ], - "semver": { - "vulnerable": [ - ">=1.4.2 <1.6.2" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-JQUERY-10184" - ], - "creationTime": "2016-11-06T13:53:57.686000Z", - "credit": [ - "Richard Gibson" - ], - "cvssScore": 5.4, - "disclosureTime": "2012-06-19T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.9.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:jquery:20120206", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JQUERY-10184" - ], - "CVE": [ - "CVE-2012-6708", - "CVE-2017-16011" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 329 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:24.611114Z", - "moduleName": "jquery", - "packageManager": "npm", - "packageName": "jquery", - "patches": [], - "publicationTime": "2016-10-20T14:16:53Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d" - }, - { - "title": "JQuery Issue tracker", - "url": "https://bugs.jquery.com/ticket/11290" - }, - { - "title": "jsfiddle", - "url": "http://jsfiddle.net/C8dgG/" - } - ], - "semver": { - "vulnerable": [ - ">=1.7.1 <1.9.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-JQUERY-10183" - ], - "creationTime": "2016-11-06T15:25:26.117000Z", - "credit": [ - "Dave Methvin" - ], - "cvssScore": 5.4, - "disclosureTime": "2011-06-05T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.6.3" - ], - "functions": [], - "functions_new": [], - "id": "npm:jquery:20110606", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JQUERY-10183" - ], - "CVE": [ - "CVE-2011-4969" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:29.902621Z", - "moduleName": "jquery", - "packageManager": "npm", - "packageName": "jquery", - "patches": [], - "publicationTime": "2016-10-20T14:16:53Z", - "references": [ - { - "title": "Bundled Versions", - "url": "https://github.com/rails/jquery-rails/blob/master/VERSIONS.md" - }, - { - "title": "JQuery Release Note", - "url": "http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/" - }, - { - "title": "JQuery Ticket", - "url": "https://bugs.jquery.com/ticket/9521" - }, - { - "title": "OSS security Advisory", - "url": "http://www.openwall.com/lists/oss-security/2013/01/31/3" - } - ], - "semver": { - "vulnerable": [ - "<1.6.3" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "jquery-colorbox": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-JQUERYCOLORBOX-12029" - ], - "creationTime": "2017-12-19T12:10:24.749000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2017-11-14T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:jquery-colorbox:20171115", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JQUERYCOLORBOX-12029" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-06-11T14:48:03.911792Z", - "moduleName": "jquery-colorbox", - "packageManager": "npm", - "packageName": "jquery-colorbox", - "patches": [], - "publicationTime": "2017-12-25T14:45:01Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/jackmoore/colorbox/issues/846" - }, - { - "title": "GitHub PR", - "url": "https://github.com/jackmoore/colorbox/pull/847" - } - ], - "semver": { - "vulnerable": [ - "<=1.6.4" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "jquery-file-upload": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:F/RL:W/RC:C", - "alternativeIds": [], - "creationTime": "2018-11-20T09:12:14.280630Z", - "credit": [ - "Unknown" - ], - "cvssScore": 3.1, - "disclosureTime": "2018-11-02T17:24:21Z", - "exploit": "Functional", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-JQUERYFILEUPLOAD-72622", - "identifiers": { - "CVE": [ - "CVE-2018-9207" - ], - "CWE": [ - "CWE-94" - ] - }, - "language": "js", - "modificationTime": "2018-11-22T16:37:04.272552Z", - "moduleName": "jquery-file-upload", - "packageManager": "npm", - "packageName": "jquery-file-upload", - "patches": [], - "publicationTime": "2018-11-22T16:37:04Z", - "references": [ - { - "title": "VapidLabs Security Advisory", - "url": "http://www.vapidlabs.com/advisory.php?v=206" - } - ], - "semver": { - "vulnerable": [ - "<=4.0.11" - ] - }, - "severity": "low", - "title": "Arbitrary Code Execution" - } - ], - "jquery-migrate": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-JQUERYMIGRATE-10197" - ], - "creationTime": "2016-12-26T09:46:52.647000Z", - "credit": [ - "Mario Heiderich" - ], - "cvssScore": 5.4, - "disclosureTime": "2013-04-18T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.2.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:jquery-migrate:20130419", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JQUERYMIGRATE-10197" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:46.831255Z", - "moduleName": "jquery-migrate", - "packageManager": "npm", - "packageName": "jquery-migrate", - "patches": [], - "publicationTime": "2016-12-26T09:46:52Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/jquery/jquery-migrate/commit/91d55f51fd28908d98d5c5fba6b63c3475213556" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/jquery/jquery-migrate/issues/36" - }, - { - "title": "JSFiddle", - "url": "http://jsfiddle.net/GFdJD/3/" - }, - { - "title": "Minded Security Blog", - "url": "http://blog.mindedsecurity.com/2013/04/jquery-migrate-is-sink-too.html" - } - ], - "semver": { - "vulnerable": [ - "<1.2.1" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "jquery-mobile": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [], - "creationTime": "2019-05-07T16:10:41.605054Z", - "credit": [ - "Juho Nurminen" - ], - "cvssScore": 6.5, - "disclosureTime": "2019-05-04T06:24:46Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-JQUERYMOBILE-174599", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-fj93-7wm4-8x2g" - ], - "NSP": [ - 883 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:01.106578Z", - "moduleName": "jquery-mobile", - "packageManager": "npm", - "packageName": "jquery-mobile", - "patches": [], - "publicationTime": "2019-05-07T16:18:15Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/jquery/jquery-mobile/commit/b0d9cc758a48f13321750d7409fb7655dcdf2b50" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/jquery/jquery-mobile/issues/8640" - }, - { - "title": "GitHub PR", - "url": "https://github.com/jquery/jquery-mobile/pull/8649" - }, - { - "title": "GitHub PR", - "url": "https://github.com/jquery/jquery-mobile/pull/8650" - }, - { - "title": "NPM", - "url": "https://www.npmjs.com/advisories/883" - }, - { - "title": "Vulnerability Report", - "url": "https://gist.github.com/jupenur/e5d0c6f9b58aa81860bf74e010cf1685" - } - ], - "semver": { - "vulnerable": [ - "<=1.5.0-alpha.1" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-JQUERYMOBILE-10199" - ], - "creationTime": "2016-11-09T11:28:34.624000Z", - "credit": [ - "Masato Kinugawa" - ], - "cvssScore": 6.5, - "disclosureTime": "2012-08-01T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.2.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:jquery-mobile:20120802", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JQUERYMOBILE-10199" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:55.890436Z", - "moduleName": "jquery-mobile", - "packageManager": "npm", - "packageName": "jquery-mobile", - "patches": [], - "publicationTime": "2016-12-26T11:28:34Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/jquery/jquery-mobile/commit/370413072db4fd8ee0da4455d9a08abc9ef5ba24" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/jquery/jquery-mobile/issues/4787" - }, - { - "title": "JQuery mobile changelog", - "url": "http://jquerymobile.com/changelog/1.2.0/" - } - ], - "semver": { - "vulnerable": [ - "<1.2.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "jquery-ui": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-JQUERYUI-10189" - ], - "creationTime": "2016-11-06T15:04:27.065000Z", - "credit": [ - "Scott González" - ], - "cvssScore": 4.3, - "disclosureTime": "2012-11-26T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.10.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:jquery-ui:20121127", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JQUERYUI-10189" - ], - "CVE": [ - "CVE-2012-6662" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:11.779603Z", - "moduleName": "jquery-ui", - "packageManager": "npm", - "packageName": "jquery-ui", - "patches": [], - "publicationTime": "2016-12-26T15:04:27Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde" - }, - { - "title": "JQuery UI Ticket", - "url": "https://bugs.jqueryui.com/ticket/8861" - } - ], - "semver": { - "vulnerable": [ - "<1.10.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-JQUERYUI-10188" - ], - "creationTime": "2016-12-26T14:37:13.516000Z", - "credit": [ - "shadowman131" - ], - "cvssScore": 4.3, - "disclosureTime": "2010-09-02T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.10.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:jquery-ui:20100903", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JQUERYUI-10188" - ], - "CVE": [ - "CVE-2010-5312" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:23.121637Z", - "moduleName": "jquery-ui", - "packageManager": "npm", - "packageName": "jquery-ui", - "patches": [], - "publicationTime": "2017-02-13T14:37:13Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3" - }, - { - "title": "Jquery Ticket", - "url": "https://bugs.jqueryui.com/ticket/6016" - }, - { - "title": "OSS security Advisory", - "url": "http://www.openwall.com/lists/oss-security/2014/11/14/8" - } - ], - "semver": { - "vulnerable": [ - "<1.10.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-JQUERYUI-10118" - ], - "creationTime": "2016-07-22T00:00:02.715000Z", - "credit": [ - "Phat Ly" - ], - "cvssScore": 7.3, - "disclosureTime": "2016-07-21T22:21:41Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.12.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:jquery-ui:20160721", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JQUERYUI-10118" - ], - "CVE": [ - "CVE-2016-7103" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 127 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:31.396318Z", - "moduleName": "jquery-ui", - "packageManager": "npm", - "packageName": "jquery-ui", - "patches": [], - "publicationTime": "2016-07-21T22:21:41Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/jquery/api.jqueryui.com/issues/281" - }, - { - "title": "GitHub PR", - "url": "https://github.com/jquery/jquery-ui/pull/1622" - } - ], - "semver": { - "vulnerable": [ - "<1.12.0" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - } - ], - "jquery-ujs": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-JQUERYUJS-10039" - ], - "creationTime": "2015-06-24T06:00:00Z", - "credit": [ - "Ben Toews of GitHub" - ], - "cvssScore": 6.5, - "disclosureTime": "2015-06-24T06:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.0.4" - ], - "functions": [], - "functions_new": [], - "id": "npm:jquery-ujs:20150624", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JQUERYUJS-10039" - ], - "CVE": [ - "CVE-2015-1840" - ], - "CWE": [ - "CWE-352" - ], - "GHSA": [ - "GHSA-6qqj-rx4w-r3cj" - ], - "NSP": [ - 15 - ] - }, - "language": "js", - "modificationTime": "2020-07-07T12:03:14.379291Z", - "moduleName": "jquery-ujs", - "packageManager": "npm", - "packageName": "jquery-ujs", - "patches": [], - "publicationTime": "2015-06-24T06:00:00Z", - "references": [ - { - "title": "Google Security Forum", - "url": "https://groups.google.com/forum/%23%21msg/rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J" - }, - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/49935" - } - ], - "semver": { - "vulnerable": [ - "<1.0.4" - ] - }, - "severity": "medium", - "title": "Cross-site Request Forgery (CSRF)" - } - ], - "jquery.js": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "alternativeIds": [ - "SNYK-JS-JQUERYJS-10712" - ], - "creationTime": "2017-08-02T15:47:13.736000Z", - "credit": [ - "Oscar Bolmsten" - ], - "cvssScore": 8.8, - "disclosureTime": "2017-08-02T15:47:13.736000Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:jquery.js:20170802", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JQUERYJS-10712" - ], - "CVE": [ - "CVE-2017-16045" - ], - "CWE": [ - "CWE-506" - ], - "NSP": [ - 496 - ] - }, - "language": "js", - "modificationTime": "2018-11-18T11:50:41.408938Z", - "moduleName": "jquery.js", - "packageManager": "npm", - "packageName": "jquery.js", - "patches": [], - "publicationTime": "2017-08-02T13:08:44.716000Z", - "references": [ - { - "title": "Malicious packages published on npm", - "url": "https://iamakulov.com/notes/npm-malicious-packages/" - }, - { - "title": "Typosquatting programming language package managers", - "url": "http://incolumitas.com/2016/06/08/typosquatting-package-managers/" - } - ], - "semver": { - "vulnerable": [ - "<= 1.0.2" - ] - }, - "severity": "high", - "title": "Malicious Package" - } - ], - "js-quantities": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [ - "SNYK-JS-JSQUANTITIES-10745" - ], - "creationTime": "2017-08-02T09:28:40.371000Z", - "credit": [ - "hakas" - ], - "cvssScore": 7.5, - "disclosureTime": "2016-12-01T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.6.4" - ], - "functions": [], - "functions_new": [], - "id": "npm:js-quantities:20161202", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JSQUANTITIES-10745" - ], - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2019-05-30T14:51:19.186224Z", - "moduleName": "js-quantities", - "packageManager": "npm", - "packageName": "js-quantities", - "patches": [], - "publicationTime": "2017-08-02T13:11:45.317000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/gentooboontoo/js-quantities/commit/06a7879ce122e0cabe424d17a3b6ee6d099c69c4" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/gentooboontoo/js-quantities/issues/74" - }, - { - "title": "GitHub PR", - "url": "https://github.com/gentooboontoo/js-quantities/pull/75" - } - ], - "semver": { - "vulnerable": [ - "<1.6.4" - ] - }, - "severity": "high", - "title": "Denial of Service (DoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [ - "SNYK-JS-JSQUANTITIES-10744" - ], - "creationTime": "2017-08-02T09:26:18.913000Z", - "credit": [ - "Zach Bjornson" - ], - "cvssScore": 7.5, - "disclosureTime": "2016-11-10T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.7.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:js-quantities:20161111", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JSQUANTITIES-10744" - ], - "CVE": [], - "CWE": [ - "CWE-119" - ] - }, - "language": "js", - "modificationTime": "2019-12-23T15:34:17.839578Z", - "moduleName": "js-quantities", - "packageManager": "npm", - "packageName": "js-quantities", - "patches": [], - "publicationTime": "2017-08-02T13:10:45Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/gentooboontoo/js-quantities/commit/6a0be76dfdcc32eda984c9af68f0e997ea29a191" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/gentooboontoo/js-quantities/issues/73" - }, - { - "title": "GitHub PR", - "url": "https://github.com/gentooboontoo/js-quantities/pull/86" - } - ], - "semver": { - "vulnerable": [ - "<1.7.0" - ] - }, - "severity": "high", - "title": "Out of Memory Crash" - } - ], - "js-yaml": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "alternativeIds": [], - "creationTime": "2019-04-07T11:15:19.826828Z", - "credit": [ - "Alex Kocharin" - ], - "cvssScore": 8.1, - "disclosureTime": "2019-04-05T15:54:43Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.13.1" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "lib/js-yaml/loader.js", - "functionName": "loadAll.storeMappingPair" - }, - "version": [ - ">1.0.3 <=2.1.3" - ] - }, - { - "functionId": { - "className": null, - "filePath": "lib/js-yaml/loader.js", - "functionName": "storeMappingPair" - }, - "version": [ - ">2.1.3 <3.13.1" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "lib/js-yaml/loader.js", - "functionName": "loadAll.storeMappingPair" - }, - "version": [ - ">1.0.3 <=2.1.3" - ] - }, - { - "functionId": { - "filePath": "lib/js-yaml/loader.js", - "functionName": "storeMappingPair" - }, - "version": [ - ">2.1.3 <3.13.1" - ] - } - ], - "id": "SNYK-JS-JSYAML-174129", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-94" - ], - "GHSA": [ - "GHSA-8j8c-7jfh-h6hx" - ], - "NSP": [ - 813 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:01.431138Z", - "moduleName": "js-yaml", - "packageManager": "npm", - "packageName": "js-yaml", - "patches": [], - "publicationTime": "2019-04-07T15:54:43Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/nodeca/js-yaml/pull/480/commits/e18afbf1edcafb7add2c4c7b22abc8d6ebc2fa61" - }, - { - "title": "GitHub PR", - "url": "https://github.com/nodeca/js-yaml/pull/480" - }, - { - "title": "NPM Security Advisory", - "url": "https://www.npmjs.com/advisories/813" - } - ], - "semver": { - "vulnerable": [ - "<3.13.1" - ] - }, - "severity": "high", - "title": "Arbitrary Code Execution" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:O", - "alternativeIds": [], - "creationTime": "2019-04-07T06:54:27.718678Z", - "credit": [ - "eemeli" - ], - "cvssScore": 5.9, - "disclosureTime": "2019-04-04T19:38:41Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.5.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-JSYAML-174117", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:00.941979Z", - "moduleName": "js-yaml", - "packageManager": "npm", - "packageName": "js-yaml", - "patches": [], - "publicationTime": "2019-04-05T19:38:41Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/eemeli/yaml/commit/d42b492c4eb4d976881230444d0eb039bf81cee0" - }, - { - "title": "GitHub PR", - "url": "https://github.com/eemeli/yaml/pull/104" - } - ], - "semver": { - "vulnerable": [ - "<1.5.0" - ] - }, - "severity": "medium", - "title": "Denial of Service (DoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:O", - "alternativeIds": [], - "creationTime": "2019-03-24T09:59:28.172265Z", - "credit": [ - "Shawn Rasheed", - "Jens DIetrich" - ], - "cvssScore": 5.9, - "disclosureTime": "2019-03-18T21:29:08Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.13.0" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "lib/js-yaml/loader.js", - "functionName": "storeMappingPair" - }, - "version": [ - ">=3.0.0 <3.13.0" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "lib/js-yaml/loader.js", - "functionName": "storeMappingPair" - }, - "version": [ - ">=3.0.0 <3.13.0" - ] - } - ], - "id": "SNYK-JS-JSYAML-173999", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-400" - ], - "GHSA": [ - "GHSA-2pr6-76vf-7546" - ], - "NSP": [ - 788 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:55.564388Z", - "moduleName": "js-yaml", - "packageManager": "npm", - "packageName": "js-yaml", - "patches": [], - "publicationTime": "2019-03-24T10:00:08Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/nodeca/js-yaml/commit/a567ef3c6e61eb319f0bfc2671d91061afb01235" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/nodeca/js-yaml/issues/475" - } - ], - "semver": { - "vulnerable": [ - ">=3.0.0 <3.13.0" - ] - }, - "severity": "medium", - "title": "Denial of Service (DoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:H/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-JSYAML-10004" - ], - "creationTime": "2013-06-23T19:23:50Z", - "credit": [ - "Neal Poole" - ], - "cvssScore": 6.5, - "disclosureTime": "2013-06-23T19:23:50Z", - "exploit": "High", - "fixedIn": [ - "2.0.5" - ], - "functions": [], - "functions_new": [], - "id": "npm:js-yaml:20130623", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JSYAML-10004" - ], - "CVE": [ - "CVE-2013-4660" - ], - "CWE": [ - "CWE-20" - ], - "NSP": [ - 16 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:12.825706Z", - "moduleName": "js-yaml", - "packageManager": "npm", - "packageName": "js-yaml", - "patches": [], - "publicationTime": "2013-06-23T19:23:50Z", - "references": [ - { - "title": "Code Execution via YAML in JS-YAML Node.js Module", - "url": "https://nealpoole.com/blog/2013/06/code-execution-via-yaml-in-js-yaml-nodejs-module/" - }, - { - "title": "Exploit DB", - "url": "https://exploit-db.com/exploits/28655" - } - ], - "semver": { - "vulnerable": [ - "<2.0.5" - ] - }, - "severity": "medium", - "title": "Code Execution due to Deserialization" - } - ], - "jshamcrest": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [ - "SNYK-JS-JSHAMCREST-10075" - ], - "creationTime": "2016-01-06T09:20:33.108000Z", - "credit": [ - "Adam Baldwin" - ], - "cvssScore": 7.5, - "disclosureTime": "2016-01-05T23:05:18.308000Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:jshamcrest:20160105", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JSHAMCREST-10075" - ], - "CVE": [ - "CVE-2016-10521" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 53 - ] - }, - "language": "js", - "modificationTime": "2018-11-18T11:50:40.303935Z", - "moduleName": "jshamcrest", - "packageManager": "npm", - "packageName": "jshamcrest", - "patches": [], - "publicationTime": "2016-01-06T09:20:33.108000Z", - "references": [ - { - "title": "WWW.OWASP.ORG", - "url": "https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS" - } - ], - "semver": { - "vulnerable": [ - "<=0.7.1" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "jspdf": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2020-07-03T09:29:05.004978Z", - "credit": [ - "Snyk Security Team" - ], - "cvssScore": 6.3, - "disclosureTime": "2020-06-04T09:28:46Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "2.0.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-JSPDF-575256", - "identifiers": { - "CVE": [ - "CVE-2020-7690" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-08-11T14:11:35.489344Z", - "moduleName": "jspdf", - "packageManager": "npm", - "packageName": "jspdf", - "patches": [], - "publicationTime": "2020-07-03T13:40:35Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/MrRio/jsPDF/issues/2795" - }, - { - "title": "GitHub PR", - "url": "https://github.com/MrRio/jsPDF/pull/2806" - } - ], - "semver": { - "vulnerable": [ - "<2.0.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2020-05-06T12:52:01.172573Z", - "credit": [ - "Snyk Security Team" - ], - "cvssScore": 6.3, - "disclosureTime": "2020-05-06T13:44:19Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "2.0.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-JSPDF-568273", - "identifiers": { - "CVE": [ - "CVE-2020-7691" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-08-11T14:11:22.139349Z", - "moduleName": "jspdf", - "packageManager": "npm", - "packageName": "jspdf", - "patches": [], - "publicationTime": "2020-07-03T13:43:54Z", - "references": [], - "semver": { - "vulnerable": [ - "<2.0.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-JSPDF-10451" - ], - "creationTime": "2017-03-06T14:36:31.788000Z", - "credit": [ - "Diego Casorran" - ], - "cvssScore": 6.5, - "disclosureTime": "2014-03-26T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.1.135" - ], - "functions": [], - "functions_new": [], - "id": "npm:jspdf:20140327", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JSPDF-10451" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:05.856871Z", - "moduleName": "jspdf", - "packageManager": "npm", - "packageName": "jspdf", - "patches": [], - "publicationTime": "2017-03-28T08:29:28.722000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/MrRio/jsPDF/commit/626567755ca1ed35295fd75c2a70654449332468" - } - ], - "semver": { - "vulnerable": [ - "<1.1.135" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "jsrender": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [ - "SNYK-JS-JSRENDER-10093" - ], - "creationTime": "2016-03-31T09:02:43.772000Z", - "credit": [ - "Paweł Hałdrzyński" - ], - "cvssScore": 6.3, - "disclosureTime": "2016-03-30T22:25:57Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:jsrender:20160330", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JSRENDER-10093" - ], - "CVE": [ - "CVE-2016-3942" - ], - "CWE": [ - "CWE-94" - ], - "NSP": [ - 97 - ] - }, - "language": "js", - "modificationTime": "2018-11-18T11:50:40.340019Z", - "moduleName": "jsrender", - "packageManager": "npm", - "packageName": "jsrender", - "patches": [], - "publicationTime": "2016-03-31T09:02:43.772000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/BorisMoore/jsrender/commit/f984e139deb0a7648d5b543860ec652c21f6dcf6" - } - ], - "semver": { - "vulnerable": [ - "<=0.9.73" - ] - }, - "severity": "medium", - "title": "Template Injection" - } - ], - "jstree": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [], - "creationTime": "2018-10-24T13:11:11.575126Z", - "credit": [ - "Dusan Vuckovic" - ], - "cvssScore": 7.3, - "disclosureTime": "2018-10-15T12:53:42Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.3.7" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-JSTREE-72490", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-94" - ] - }, - "language": "js", - "modificationTime": "2018-12-16T14:47:36.703999Z", - "moduleName": "jstree", - "packageManager": "npm", - "packageName": "jstree", - "patches": [], - "publicationTime": "2018-10-21T07:10:38Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/vakata/jstree/commit/2a08acf1f95e1a156ebb7a5408f1b9470940fe3a" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/vakata/jstree/issues/2133" - } - ], - "semver": { - "vulnerable": [ - "<3.3.7" - ] - }, - "severity": "high", - "title": "Arbitrary Code Injection" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-JSTREE-10647" - ], - "creationTime": "2017-03-06T11:44:48.982000Z", - "credit": [ - "Josh Heidenreich" - ], - "cvssScore": 6.5, - "disclosureTime": "2014-07-09T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.0.3" - ], - "functions": [], - "functions_new": [], - "id": "npm:jstree:20140710", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-JSTREE-10647" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:17.080313Z", - "moduleName": "jstree", - "packageManager": "npm", - "packageName": "jstree", - "patches": [], - "publicationTime": "2017-06-21T14:07:50.549000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/vakata/jstree/commit/94f8f564bd01290d04ac1ec8e2e4b51b14fb15dc" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/vakata/jstree/issues/756" - }, - { - "title": "GitHub PR", - "url": "https://github.com/vakata/jstree/pull/764" - } - ], - "semver": { - "vulnerable": [ - "<3.0.3" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "knex": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "alternativeIds": [], - "creationTime": "2019-10-07T12:52:43.842229Z", - "credit": [ - "Snyk Security Research Team" - ], - "cvssScore": 9.8, - "disclosureTime": "2019-10-07T12:51:14Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.19.5" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-KNEX-471962", - "identifiers": { - "CVE": [ - "CVE-2019-10757" - ], - "CWE": [ - "CWE-89" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:49.563281Z", - "moduleName": "knex", - "packageManager": "npm", - "packageName": "knex", - "patches": [], - "publicationTime": "2019-10-07T12:51:11Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/tgriesser/knex/commit/988fb243898d746a759d422762685a79eddf99ca" - }, - { - "title": "GitHub PR", - "url": "https://github.com/tgriesser/knex/pull/3382" - } - ], - "semver": { - "vulnerable": [ - "<0.19.5" - ] - }, - "severity": "high", - "title": "SQL Injection" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", - "alternativeIds": [ - "SNYK-JS-KNEX-10228" - ], - "creationTime": "2016-12-14T14:43:39.695000Z", - "credit": [ - "Jorge Godoy" - ], - "cvssScore": 6.5, - "disclosureTime": "2015-04-12T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.6.23", - "0.7.6" - ], - "functions": [], - "functions_new": [], - "id": "npm:knex:20150413", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-KNEX-10228" - ], - "CVE": [], - "CWE": [ - "CWE-89" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:38.097712Z", - "moduleName": "knex", - "packageManager": "npm", - "packageName": "knex", - "patches": [], - "publicationTime": "2016-12-20T16:43:39.695000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/tgriesser/knex/commit/13995d6936208fe0a968b9ae0f46a2f19faacffc" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/tgriesser/knex/issues/737" - } - ], - "semver": { - "vulnerable": [ - "<0.6.23", - ">=0.7.0 <0.7.6" - ] - }, - "severity": "medium", - "title": "SQL Injection" - } - ], - "knockout": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-KNOCKOUT-11019" - ], - "creationTime": "2018-02-27T09:21:16.225000Z", - "credit": [ - "mbest" - ], - "cvssScore": 6.1, - "disclosureTime": "2018-02-12T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.5.0-beta" - ], - "functions": [], - "functions_new": [], - "id": "npm:knockout:20180213", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-KNOCKOUT-11019" - ], - "CVE": [ - "CVE-2019-14862" - ], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-qfmr-6qvh-49gm" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:53.909637Z", - "moduleName": "knockout", - "packageManager": "npm", - "packageName": "knockout", - "patches": [], - "publicationTime": "2018-03-01T15:59:48Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/knockout/knockout/commit/7e280b2b8a04cc19176b5171263a5c68bda98efb" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/knockout/knockout/issues/1244" - }, - { - "title": "GitHub PR", - "url": "https://github.com/knockout/knockout/pull/2345" - } - ], - "semver": { - "vulnerable": [ - "<3.5.0-beta" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-KNOCKOUT-10415" - ], - "creationTime": "2017-03-01T12:39:34.669000Z", - "credit": [ - "Steven Sanderson" - ], - "cvssScore": 5.4, - "disclosureTime": "2013-06-30T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.0.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:knockout:20130701", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-KNOCKOUT-10415" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-23T14:07:51.129645Z", - "moduleName": "knockout", - "packageManager": "npm", - "packageName": "knockout", - "patches": [], - "publicationTime": "2017-03-13T08:00:22.295000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/knockout/knockout/commit/0f6e3c9dcc7df4a1b8e8b7c4ec3d5b8c5eb4e4c2" - }, - { - "title": "GitHub PR", - "url": "https://github.com/knockout/knockout/pull/1022" - } - ], - "semver": { - "vulnerable": [ - ">=2.1.0-pre <3.0.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "lodash": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2020-08-21T12:52:58.443440Z", - "credit": [ - "awarau" - ], - "cvssScore": 7.3, - "disclosureTime": "2020-08-21T10:34:29Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "4.17.17" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-LODASH-608086", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-08-27T16:44:20.914177Z", - "moduleName": "lodash", - "packageManager": "npm", - "packageName": "lodash", - "patches": [], - "publicationTime": "2020-08-21T12:53:03Z", - "references": [ - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/864701" - } - ], - "semver": { - "vulnerable": [ - "<4.17.17" - ] - }, - "severity": "high", - "title": "Prototype Pollution" - }, - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "alternativeIds": [], - "creationTime": "2020-07-24T12:05:01.916784Z", - "credit": [ - "reeser" - ], - "cvssScore": 9.8, - "disclosureTime": "2020-07-24T12:00:52Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.17.20" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-LODASH-590103", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-08-16T12:11:40.402299Z", - "moduleName": "lodash", - "packageManager": "npm", - "packageName": "lodash", - "patches": [], - "publicationTime": "2020-08-16T13:09:06Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/lodash/lodash/issues/4874" - } - ], - "semver": { - "vulnerable": [ - "<4.17.20" - ] - }, - "severity": "high", - "title": "Prototype Pollution" - }, - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C", - "alternativeIds": [], - "creationTime": "2020-04-28T14:32:13.683154Z", - "credit": [ - "posix" - ], - "cvssScore": 6.3, - "disclosureTime": "2020-04-27T22:14:18Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "4.17.16" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-LODASH-567746", - "identifiers": { - "CVE": [ - "CVE-2020-8203" - ], - "CWE": [ - "CWE-400" - ], - "GHSA": [ - "GHSA-p6mc-m468-83gw" - ], - "NSP": [ - 1523 - ] - }, - "language": "js", - "modificationTime": "2020-07-09T08:34:04.944267Z", - "moduleName": "lodash", - "packageManager": "npm", - "packageName": "lodash", - "patches": [ - { - "comments": [], - "id": "patch:SNYK-JS-LODASH-567746:0", - "modificationTime": "2020-04-30T14:28:46.729327Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/lodash/20200430/lodash_0_0_20200430_6baae67d501e4c45021280876d42efe351e77551.patch" - ], - "version": ">=4.14.2" - } - ], - "publicationTime": "2020-04-28T14:59:14Z", - "references": [ - { - "title": "GitHub PR", - "url": "https://github.com/lodash/lodash/pull/4759" - }, - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/712065" - } - ], - "semver": { - "vulnerable": [ - "<4.17.16" - ] - }, - "severity": "medium", - "title": "Prototype Pollution" - }, - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2019-06-19T12:04:21.040000Z", - "credit": [ - "Snyk Security Team" - ], - "cvssScore": 7.3, - "disclosureTime": "2019-06-19T11:45:02Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "4.17.12" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "lodash.js", - "functionName": "runInContext.customDefaultsMerge" - }, - "version": [ - ">=4.17.3 <4.17.12" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "lodash.js", - "functionName": "runInContext.customDefaultsMerge" - }, - "version": [ - ">=4.17.3 <4.17.12" - ] - } - ], - "id": "SNYK-JS-LODASH-450202", - "identifiers": { - "CVE": [ - "CVE-2019-10744" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 1065 - ] - }, - "language": "js", - "modificationTime": "2020-08-24T08:59:58.227467Z", - "moduleName": "lodash", - "packageManager": "npm", - "packageName": "lodash", - "patches": [ - { - "comments": [], - "id": "patch:SNYK-JS-LODASH-450202:0", - "modificationTime": "2019-12-03T11:40:45.719849Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/lodash/20190702/lodash_20190702_0_0_1f8ea07746963a535385a5befc19fa687a627d2b.patch" - ], - "version": "=4.17.11" - } - ], - "publicationTime": "2019-07-02T11:45:01Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/lodash/lodash/issues/4348" - }, - { - "title": "GitHub PR", - "url": "https://github.com/lodash/lodash/pull/4336" - }, - { - "title": "GitHub PR", - "url": "https://github.com/lodash/lodash/pull/4355" - }, - { - "title": "GitHub PR", - "url": "https://github.com/sailshq/lodash/pull/1" - }, - { - "title": "Node Security Advisory", - "url": "https://www.npmjs.com/advisories/1065" - }, - { - "title": "Snyk Blog", - "url": "https://snyk.io/blog/snyk-research-team-discovers-severe-prototype-pollution-security-vulnerabilities-affecting-all-versions-of-lodash/" - } - ], - "semver": { - "vulnerable": [ - "<4.17.12" - ] - }, - "severity": "high", - "title": "Prototype Pollution" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [], - "creationTime": "2019-02-03T09:18:05.060741Z", - "credit": [ - "cristianstaicu" - ], - "cvssScore": 4.4, - "disclosureTime": "2017-09-05T09:14:29Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.17.11" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "lodash.js", - "functionName": "hasUnicodeWord" - }, - "version": [ - ">=4.15.0 <4.17.11" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "lodash.js", - "functionName": "hasUnicodeWord" - }, - "version": [ - ">=4.15.0 <4.17.11" - ] - } - ], - "id": "SNYK-JS-LODASH-73639", - "identifiers": { - "CVE": [ - "CVE-2019-1010266" - ], - "CWE": [ - "CWE-185" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:57.941198Z", - "moduleName": "lodash", - "packageManager": "npm", - "packageName": "lodash", - "patches": [], - "publicationTime": "2019-04-05T09:14:22Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/lodash/lodash/commit/5c08f18d365b64063bfbfa686cbb97cdd6267347" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/lodash/lodash/issues/3359" - }, - { - "title": "GitHub PR", - "url": "https://github.com/lodash/lodash/pull/4450" - } - ], - "semver": { - "vulnerable": [ - "<4.17.11" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - }, - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [], - "creationTime": "2019-02-03T09:06:37.726000Z", - "credit": [ - "asgerf" - ], - "cvssScore": 7.3, - "disclosureTime": "2018-08-31T18:21:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.17.11" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "lodash.js", - "functionName": "merge" - }, - "version": [ - ">=0.9.0 <1.0.0" - ] - }, - { - "functionId": { - "className": null, - "filePath": "dist/lodash.js", - "functionName": "merge" - }, - "version": [ - ">=1.0.0 <1.0.3" - ] - }, - { - "functionId": { - "className": null, - "filePath": "dist/lodash.js", - "functionName": "runInContext.merge" - }, - "version": [ - ">=1.1.0 <2.0.0" - ] - }, - { - "functionId": { - "className": null, - "filePath": "lodash.js", - "functionName": "runInContext.merge" - }, - "version": [ - ">=2.0.0 <3.0.0" - ] - }, - { - "functionId": { - "className": null, - "filePath": "index.js", - "functionName": "runInContext.baseMerge" - }, - "version": [ - ">=3.0.0 <4.0.0" - ] - }, - { - "functionId": { - "className": null, - "filePath": "index.js", - "functionName": "runInContext.baseMergeDeep" - }, - "version": [ - ">=3.0.0 <4.0.0" - ] - }, - { - "functionId": { - "className": null, - "filePath": "lodash.js", - "functionName": "runInContext.mergeDefaults" - }, - "version": [ - ">=4.0.0 <4.17.3" - ] - }, - { - "functionId": { - "className": null, - "filePath": "lodash.js", - "functionName": "runInContext.assignMergeValue" - }, - "version": [ - ">=4.0.0 <4.17.5" - ] - }, - { - "functionId": { - "className": null, - "filePath": "lodash.js", - "functionName": "runInContext.baseMerge" - }, - "version": [ - ">=4.0.0 <4.17.5" - ] - }, - { - "functionId": { - "className": null, - "filePath": "lodash.js", - "functionName": "runInContext.baseMergeDeep" - }, - "version": [ - ">=4.0.0 <4.17.5" - ] - }, - { - "functionId": { - "className": null, - "filePath": "lodash.js", - "functionName": "safeGet" - }, - "version": [ - ">=4.17.5 <4.17.11" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "lodash.js", - "functionName": "merge" - }, - "version": [ - ">=0.9.0 <1.0.0" - ] - }, - { - "functionId": { - "filePath": "dist/lodash.js", - "functionName": "merge" - }, - "version": [ - ">=1.0.0 <1.0.3" - ] - }, - { - "functionId": { - "filePath": "dist/lodash.js", - "functionName": "runInContext.merge" - }, - "version": [ - ">=1.1.0 <2.0.0" - ] - }, - { - "functionId": { - "filePath": "lodash.js", - "functionName": "runInContext.merge" - }, - "version": [ - ">=2.0.0 <3.0.0" - ] - }, - { - "functionId": { - "filePath": "index.js", - "functionName": "runInContext.baseMerge" - }, - "version": [ - ">=3.0.0 <4.0.0" - ] - }, - { - "functionId": { - "filePath": "index.js", - "functionName": "runInContext.baseMergeDeep" - }, - "version": [ - ">=3.0.0 <4.0.0" - ] - }, - { - "functionId": { - "filePath": "lodash.js", - "functionName": "runInContext.mergeDefaults" - }, - "version": [ - ">=4.0.0 <4.17.3" - ] - }, - { - "functionId": { - "filePath": "lodash.js", - "functionName": "runInContext.assignMergeValue" - }, - "version": [ - ">=4.0.0 <4.17.5" - ] - }, - { - "functionId": { - "filePath": "lodash.js", - "functionName": "runInContext.baseMerge" - }, - "version": [ - ">=4.0.0 <4.17.5" - ] - }, - { - "functionId": { - "filePath": "lodash.js", - "functionName": "runInContext.baseMergeDeep" - }, - "version": [ - ">=4.0.0 <4.17.5" - ] - }, - { - "functionId": { - "filePath": "lodash.js", - "functionName": "safeGet" - }, - "version": [ - ">=4.17.5 <4.17.11" - ] - } - ], - "id": "SNYK-JS-LODASH-73638", - "identifiers": { - "CVE": [ - "CVE-2018-16487" - ], - "CWE": [ - "CWE-400" - ], - "GHSA": [ - "GHSA-4xc9-xhrj-v574" - ], - "NSP": [ - 1066, - 1068, - 1071, - 782 - ] - }, - "language": "js", - "modificationTime": "2020-08-24T08:59:09.185738Z", - "moduleName": "lodash", - "packageManager": "npm", - "packageName": "lodash", - "patches": [], - "publicationTime": "2019-02-01T18:21:00Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/lodash/lodash/commit/90e6199a161b6445b01454517b40ef65ebecd2ad" - }, - { - "title": "GitHub PR", - "url": "https://github.com/lodash/lodash/pull/4337" - }, - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/380873" - }, - { - "title": "NPM Security Advisory", - "url": "https://www.npmjs.com/advisories/1066" - }, - { - "title": "NPM Security Advisory", - "url": "https://www.npmjs.com/advisories/1068" - }, - { - "title": "NPM Security Advisory", - "url": "https://www.npmjs.com/advisories/1071" - }, - { - "title": "NPM Security Advisory", - "url": "https://www.npmjs.com/advisories/782" - } - ], - "semver": { - "vulnerable": [ - "<4.17.11" - ] - }, - "severity": "high", - "title": "Prototype Pollution" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [ - "SNYK-JS-LODASH-174180" - ], - "creationTime": "2018-02-12T22:28:27.654000Z", - "credit": [ - "Olivier Arteau (HoLyVieR)" - ], - "cvssScore": 6.3, - "disclosureTime": "2018-01-30T22:28:27Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.17.5" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "dist/lodash.js", - "functionName": "merge" - }, - "version": [ - ">= 1.0.0 <1.0.3" - ] - }, - { - "functionId": { - "className": null, - "filePath": "lodash.js", - "functionName": "merge" - }, - "version": [ - ">=0.9.0 <1.0.0" - ] - }, - { - "functionId": { - "className": null, - "filePath": "dist/lodash.js", - "functionName": "runInContext.merge" - }, - "version": [ - ">=1.1.0 <2.0.0" - ] - }, - { - "functionId": { - "className": null, - "filePath": "lodash.js", - "functionName": "runInContext.merge" - }, - "version": [ - ">=2.0.0 <3.0.0" - ] - }, - { - "functionId": { - "className": null, - "filePath": "index.js", - "functionName": "runInContext.baseMergeDeep" - }, - "version": [ - ">=3.0.0 <4.0.0" - ] - }, - { - "functionId": { - "className": null, - "filePath": "lodash.js", - "functionName": "runInContext.baseMerge" - }, - "version": [ - ">=4.0.0 <4.17.5" - ] - }, - { - "functionId": { - "className": null, - "filePath": "lodash.js", - "functionName": "runInContext.baseMergeDeep" - }, - "version": [ - ">=4.0.0 <4.17.5" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "dist/lodash.js", - "functionName": "merge" - }, - "version": [ - ">= 1.0.0 <1.0.3" - ] - }, - { - "functionId": { - "filePath": "lodash.js", - "functionName": "merge" - }, - "version": [ - ">=0.9.0 <1.0.0" - ] - }, - { - "functionId": { - "filePath": "dist/lodash.js", - "functionName": "runInContext.merge" - }, - "version": [ - ">=1.1.0 <2.0.0" - ] - }, - { - "functionId": { - "filePath": "lodash.js", - "functionName": "runInContext.merge" - }, - "version": [ - ">=2.0.0 <3.0.0" - ] - }, - { - "functionId": { - "filePath": "index.js", - "functionName": "runInContext.baseMergeDeep" - }, - "version": [ - ">=3.0.0 <4.0.0" - ] - }, - { - "functionId": { - "filePath": "lodash.js", - "functionName": "runInContext.baseMerge" - }, - "version": [ - ">=4.0.0 <4.17.5" - ] - }, - { - "functionId": { - "filePath": "lodash.js", - "functionName": "runInContext.baseMergeDeep" - }, - "version": [ - ">=4.0.0 <4.17.5" - ] - } - ], - "id": "npm:lodash:20180130", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-LODASH-174180" - ], - "CVE": [ - "CVE-2018-3721" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 1067, - 1069, - 1070, - 577 - ] - }, - "language": "js", - "modificationTime": "2020-08-25T09:41:03.189638Z", - "moduleName": "lodash", - "packageManager": "npm", - "packageName": "lodash", - "patches": [ - { - "comments": [], - "id": "patch:npm:lodash:20180130:0", - "modificationTime": "2019-12-03T11:40:45.883000Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/lodash/20180130/20180130_0_0_lodash_d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a.patch" - ], - "version": "=3.10.1" - } - ], - "publicationTime": "2018-02-14T13:22:50Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a" - }, - { - "title": "GitHub PR", - "url": "https://github.com/lodash/lodash/pull/4337" - }, - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/310443" - }, - { - "title": "NPM Security Advisory", - "url": "https://www.npmjs.com/advisories/1067" - }, - { - "title": "NPM Security Advisory", - "url": "https://www.npmjs.com/advisories/1069" - }, - { - "title": "NPM Security Advisory", - "url": "https://www.npmjs.com/advisories/1070" - } - ], - "semver": { - "vulnerable": [ - "<4.17.5" - ] - }, - "severity": "medium", - "title": "Prototype Pollution" - } - ], - "mapbox.js": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-MAPBOXJS-10077" - ], - "creationTime": "2016-01-14T09:03:36.375000Z", - "credit": [ - "Abdullah (enderun07)" - ], - "cvssScore": 3.1, - "disclosureTime": "2016-01-12T23:35:56.853000Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.6.6", - "2.2.4" - ], - "functions": [], - "functions_new": [], - "id": "npm:mapbox.js:20160112", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MAPBOXJS-10077" - ], - "CVE": [ - "CVE-2017-1000043" - ], - "CWE": [ - "CWE-74" - ], - "NSP": [ - 74 - ] - }, - "language": "js", - "modificationTime": "2020-04-06T16:45:15.852164Z", - "moduleName": "mapbox.js", - "packageManager": "npm", - "packageName": "mapbox.js", - "patches": [], - "publicationTime": "2016-01-14T09:03:36.375000Z", - "references": [ - { - "title": "GitHub PR", - "url": "https://github.com/mapbox/mapbox.js/pull/1102" - }, - { - "title": "Hackerone", - "url": "https://hackerone.com/reports/99245" - } - ], - "semver": { - "vulnerable": [ - "<1.6.6", - "< 2.2.4 > 2.0.0" - ] - }, - "severity": "low", - "title": "Content Injection via TileJSON Name" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-MAPBOXJS-10061" - ], - "creationTime": "2015-11-06T02:09:36.186000Z", - "credit": [ - "Juan Broullón" - ], - "cvssScore": 3.1, - "disclosureTime": "2015-10-24T21:00:40Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.6.5", - "2.1.7" - ], - "functions": [], - "functions_new": [], - "id": "npm:mapbox.js:20151024", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MAPBOXJS-10061" - ], - "CVE": [ - "CVE-2017-1000042" - ], - "CWE": [ - "CWE-74" - ], - "GHSA": [ - "GHSA-qr28-7j6p-9hmv" - ], - "NSP": [ - 49 - ] - }, - "language": "js", - "modificationTime": "2020-08-05T08:51:38.657289Z", - "moduleName": "mapbox.js", - "packageManager": "npm", - "packageName": "mapbox.js", - "patches": [ - { - "comments": [ - "https://github.com/mapbox/mapbox.js/commit/538d229ab6767bb4c3f3969c417f9884189c1512.patch" - ], - "id": "patch:npm:mapbox.js:20151024:0", - "modificationTime": "2019-12-03T11:40:45.770885Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/mapbox.js/20151024/mapbox.js_20151024_0_0_538d229ab6767bb4c3f3969c417f9884189c1512.patch" - ], - "version": "=2.1.6" - } - ], - "publicationTime": "2015-11-06T02:09:36Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/mapbox/mapbox.js/commit/538d229ab6767bb4c3f3969c417f9884189c1512" - }, - { - "title": "Hackerone", - "url": "https://hackerone.com/reports/54327a" - } - ], - "semver": { - "vulnerable": [ - "<1.6.5", - ">2.0.0 <2.1.7" - ] - }, - "severity": "low", - "title": "Content Injection via TileJSON attribute" - } - ], - "markdown-it": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:R", - "alternativeIds": [], - "creationTime": "2019-08-15T14:36:54.583523Z", - "credit": [ - "andersk" - ], - "cvssScore": 5.3, - "disclosureTime": "2019-08-14T03:00:26Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "10.0.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-MARKDOWNIT-459438", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2019-10-09T16:37:38.402825Z", - "moduleName": "markdown-it", - "packageManager": "npm", - "packageName": "markdown-it", - "patches": [], - "publicationTime": "2019-10-09T14:37:09Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/markdown-it/markdown-it/commit/07a62c6c751455da95a4ec9dfad2576b9dcd766a" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/markdown-it/markdown-it/issues/583" - } - ], - "semver": { - "vulnerable": [ - "<10.0.0" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-MARKDOWNIT-10378" - ], - "creationTime": "2017-01-16T12:49:26.864000Z", - "credit": [ - "Alex Kocharin" - ], - "cvssScore": 5.4, - "disclosureTime": "2015-07-01T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.3.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:markdown-it:20150702", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MARKDOWNIT-10378" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:41.839079Z", - "moduleName": "markdown-it", - "packageManager": "npm", - "packageName": "markdown-it", - "patches": [], - "publicationTime": "2017-02-13T12:49:26.864000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/markdown-it/markdown-it/commit/019bbda5f5ee8b7d00f2633340aef3b0d000e3f1" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/markdown-it/markdown-it/issues/128" - } - ], - "semver": { - "vulnerable": [ - "<4.3.1 >=4.0.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-MARKDOWNIT-10144" - ], - "creationTime": "2016-09-12T00:00:00.780000Z", - "credit": [ - "Vitaly Puzrin" - ], - "cvssScore": 5.4, - "disclosureTime": "2015-03-31T00:00:00.780000Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.1.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:markdown-it:20160912", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MARKDOWNIT-10144" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:34.333987Z", - "moduleName": "markdown-it", - "packageManager": "npm", - "packageName": "markdown-it", - "patches": [ - { - "comments": [], - "id": "patch:npm:markdown-it:20160912:0", - "modificationTime": "2019-12-03T11:40:45.846949Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/markdown-it/20160912/markdown-it_20160912_0_0_f76d3beb46abd121892a2e2e5c78376354c214e3.patch" - ], - "version": "4.0.3" - } - ], - "publicationTime": "2016-09-27T00:00:00Z", - "references": [ - { - "title": "GitHub ChangeLog", - "url": "https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md%23410--2015-03-31" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/markdown-it/markdown-it/commit/f76d3beb46abd121892a2e2e5c78376354c214e3" - }, - { - "title": "GitHub Comparison", - "url": "https://github.com/markdown-it/markdown-it/compare/4.0.3...4.1.0" - } - ], - "semver": { - "vulnerable": [ - "<4.1.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "marked": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:R", - "alternativeIds": [], - "creationTime": "2020-07-13T15:50:25.938503Z", - "credit": [ - "Unknown" - ], - "cvssScore": 5.9, - "disclosureTime": "2020-07-13T15:47:58Z", - "exploit": "Unproven", - "fixedIn": [ - "1.1.1" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-MARKED-584281", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-07-27T15:44:10.510833Z", - "moduleName": "marked", - "packageManager": "npm", - "packageName": "marked", - "patches": [], - "publicationTime": "2020-07-27T15:44:09.661335Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/markedjs/marked/commit/bd4f8c464befad2b304d51e33e89e567326e62e0" - } - ], - "semver": { - "vulnerable": [ - "<1.1.1" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS )" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "alternativeIds": [], - "creationTime": "2019-07-04T15:39:07.026548Z", - "credit": [ - "Nick Starke", - "Adam Cazzolla" - ], - "cvssScore": 5.3, - "disclosureTime": "2018-04-16T15:34:35Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.4.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-MARKED-451540", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:56.167484Z", - "moduleName": "marked", - "packageManager": "npm", - "packageName": "marked", - "patches": [], - "publicationTime": "2019-07-04T15:34:22Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/markedjs/marked/commit/09afabf69c6d0c919c03443f47bdfe476566105d" - }, - { - "title": "GitHub PR", - "url": "https://github.com/markedjs/marked/pull/1224" - } - ], - "semver": { - "vulnerable": [ - "<0.4.0" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "alternativeIds": [], - "creationTime": "2019-07-02T10:01:14.757540Z", - "credit": [ - "Bart Grantham" - ], - "cvssScore": 5.3, - "disclosureTime": "2019-05-28T09:25:56Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.7.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-MARKED-451341", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 1076 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:41:06.018662Z", - "moduleName": "marked", - "packageManager": "npm", - "packageName": "marked", - "patches": [], - "publicationTime": "2019-07-02T09:25:50Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/markedjs/marked/commit/0ee3aa988b3e846a1952813f9eeaa96c85b3d8f5" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/markedjs/marked/commit/47365c124e85f5dd7485e9e5418f76393b6c12b7" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/markedjs/marked/issues/1493" - }, - { - "title": "GitHub PR", - "url": "https://github.com/markedjs/marked/pull/1515" - }, - { - "title": "NPM Advisory", - "url": "https://www.npmjs.com/advisories/1076" - } - ], - "semver": { - "vulnerable": [ - ">=0.4.0 <0.7.0" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "alternativeIds": [], - "creationTime": "2019-04-07T06:53:01.452330Z", - "credit": [ - "Anders Kaseorg" - ], - "cvssScore": 5.3, - "disclosureTime": "2019-04-04T20:27:50Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.6.2" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-MARKED-174116", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 812 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:55.625666Z", - "moduleName": "marked", - "packageManager": "npm", - "packageName": "marked", - "patches": [], - "publicationTime": "2019-04-07T06:53:47Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/markedjs/marked/commit/00f1f7a23916ef27186d0904635aa3509af63d47" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/markedjs/marked/pull/1460/commits/be27472a8169dda7875330939f8115ab677cdc07" - }, - { - "title": "GitHub PR", - "url": "https://github.com/markedjs/marked/pull/1460" - }, - { - "title": "NPM Security Advisory", - "url": "https://www.npmjs.com/advisories/812" - } - ], - "semver": { - "vulnerable": [ - ">=0.1.3 <0.6.2" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [], - "creationTime": "2019-02-01T14:28:20.826354Z", - "credit": [ - "Vanessa219" - ], - "cvssScore": 4.4, - "disclosureTime": "2019-01-30T17:55:35Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.6.1" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-MARKED-73637", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:55.916974Z", - "moduleName": "marked", - "packageManager": "npm", - "packageName": "marked", - "patches": [], - "publicationTime": "2019-01-30T17:55:35Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/markedjs/marked/pull/1305/commits/9c976cda1ce80e45901290c51c57e40a7ea31266" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/markedjs/marked/pull/1408/commits/cc8a45288b59ca10a8fedaed9028072021be9999" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/markedjs/marked/issues/1405" - }, - { - "title": "GitHub PR", - "url": "https://github.com/markedjs/marked/pull/1408" - } - ], - "semver": { - "vulnerable": [ - ">=0.5.0 <0.6.1" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-MARKED-10990" - ], - "creationTime": "2018-02-27T15:06:27.571000Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 7.5, - "disclosureTime": "2018-02-27T15:06:27Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "0.3.18" - ], - "functions": [], - "functions_new": [], - "id": "npm:marked:20180225", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MARKED-10990" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ], - "GHSA": [ - "GHSA-xf5p-87ch-gxw2" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:46.804831Z", - "moduleName": "marked", - "packageManager": "npm", - "packageName": "marked", - "patches": [], - "publicationTime": "2018-02-27T16:32:24Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/markedjs/marked/pull/1083/commits/b15e42b67cec9ded8505e9d68bb8741ad7a9590d" - }, - { - "title": "GitHub PR", - "url": "https://github.com/markedjs/marked/pull/1083" - } - ], - "semver": { - "vulnerable": [ - "<0.3.18" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-MARKED-10850" - ], - "creationTime": "2017-12-04T00:00:00.780000Z", - "credit": [ - "Andrew Krasichkov" - ], - "cvssScore": 4.8, - "disclosureTime": "2017-08-15T00:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.3.9" - ], - "functions": [], - "functions_new": [], - "id": "npm:marked:20170815-1", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MARKED-10850" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-wjmf-58vc-xqjr" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:53.855775Z", - "moduleName": "marked", - "packageManager": "npm", - "packageName": "marked", - "patches": [], - "publicationTime": "2017-12-25T15:00:00Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/markedjs/marked/pull/976/commits/cb72584c5d9d32ebfdbb99e35fb9b81af2b79686" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/chjj/marked/issues/926" - }, - { - "title": "GitHub PR", - "url": "https://github.com/chjj/marked/pull/958" - } - ], - "semver": { - "vulnerable": [ - "<0.3.9" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-MARKED-10849" - ], - "creationTime": "2017-12-04T00:00:00.780000Z", - "credit": [ - "Andrew Krasichkov" - ], - "cvssScore": 7.5, - "disclosureTime": "2017-08-15T00:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.3.9" - ], - "functions": [], - "functions_new": [], - "id": "npm:marked:20170815", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MARKED-10849" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-8wp3-cp9v-44fm" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:53.990650Z", - "moduleName": "marked", - "packageManager": "npm", - "packageName": "marked", - "patches": [], - "publicationTime": "2017-12-25T15:00:00Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/markedjs/marked/pull/976/commits/6d1901ff71abb83aa32ca9a5ce47471382ea42a9" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/chjj/marked/issues/925" - }, - { - "title": "GitHub PR", - "url": "https://github.com/chjj/marked/pull/958" - } - ], - "semver": { - "vulnerable": [ - "<0.3.9" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [ - "SNYK-JS-MARKED-10782" - ], - "creationTime": "2017-09-21T08:07:51.834000Z", - "credit": [ - "Cristian-Alexandru Staicu" - ], - "cvssScore": 7.5, - "disclosureTime": "2017-09-07T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.3.9" - ], - "functions": [], - "functions_new": [], - "id": "npm:marked:20170907", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MARKED-10782" - ], - "CVE": [ - "CVE-2017-16114" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 531 - ] - }, - "language": "js", - "modificationTime": "2019-12-23T12:50:47.952681Z", - "moduleName": "marked", - "packageManager": "npm", - "packageName": "marked", - "patches": [ - { - "comments": [], - "id": "patch:npm:marked:20170907:0", - "modificationTime": "2019-12-03T11:40:45.876422Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/marked/20170907/marked_20170907_0_0_4afb8ce135a1e020e48f7084340333dd0c18229f.patch" - ], - "version": "<=0.3.6 >0.3.3" - } - ], - "publicationTime": "2017-09-21T08:07:51Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/chjj/marked/issues/937" - }, - { - "title": "GitHub PR", - "url": "https://github.com/chjj/marked/pull/958" - } - ], - "semver": { - "vulnerable": [ - "<0.3.9" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-MARKED-10377" - ], - "creationTime": "2017-01-12T00:00:00.780000Z", - "credit": [ - "Snyk Security Research Team" - ], - "cvssScore": 7.5, - "disclosureTime": "2017-01-12T00:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.3.7" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "marked.js", - "functionName": "Renderer.prototype.link" - }, - "version": [ - "<0.3.7" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "marked.js", - "functionName": "Renderer.prototype.link" - }, - "version": [ - "<0.3.7" - ] - } - ], - "id": "npm:marked:20170112", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MARKED-10377" - ], - "CVE": [ - "CVE-2017-1000427" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:46.828450Z", - "moduleName": "marked", - "packageManager": "npm", - "packageName": "marked", - "patches": [ - { - "comments": [], - "id": "patch:npm:marked:20170112:0", - "modificationTime": "2019-12-03T11:40:45.853095Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/marked/20170112/marked_20170112_0_0_cd2f6f5b7091154c5526e79b5f3bfb4d15995a51.patch" - ], - "version": "<=0.3.6 >0.3.3" - } - ], - "publicationTime": "2017-01-30T18:00:00Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/chjj/marked/commit/cd2f6f5b7091154c5526e79b5f3bfb4d15995a51" - } - ], - "semver": { - "vulnerable": [ - "<0.3.7" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "alternativeIds": [ - "SNYK-JS-MARKED-10099" - ], - "creationTime": "2016-04-20T14:45:19.556000Z", - "credit": [ - "Matt Austin" - ], - "cvssScore": 8.8, - "disclosureTime": "2015-05-20T16:45:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.3.6" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "lib/marked.js", - "functionName": "unescape" - }, - "version": [ - ">=0.3.1 <0.3.6" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "lib/marked.js", - "functionName": "unescape" - }, - "version": [ - ">=0.3.1 <0.3.6" - ] - } - ], - "id": "npm:marked:20150520", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MARKED-10099" - ], - "CVE": [ - "CVE-2016-10531" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 101 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:53.987227Z", - "moduleName": "marked", - "packageManager": "npm", - "packageName": "marked", - "patches": [ - { - "comments": [], - "id": "patch:npm:marked:20150520:0", - "modificationTime": "2019-12-03T11:40:45.823269Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/marked/20150520/marked_20150520_0_0_2cff85979be8e7a026a9aca35542c470cf5da523.patch" - ], - "version": "<=0.3.5 >0.3.3" - }, - { - "comments": [ - "includes 20140131-1" - ], - "id": "patch:npm:marked:20150520:1", - "modificationTime": "2019-12-03T11:40:45.824324Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/marked/20150520/marked_20150520_0_1_2cff85979be8e7a026a9aca35542c470cf5da523_20140131-1.patch" - ], - "version": "=0.3.3" - }, - { - "comments": [ - "includes 20140131-1, 20140131-2" - ], - "id": "patch:npm:marked:20150520:2", - "modificationTime": "2019-12-03T11:40:45.825356Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/marked/20150520/marked_20150520_0_2_2cff85979be8e7a026a9aca35542c470cf5da523_20140131-1-2.patch" - ], - "version": "<=0.3.2 >0.3.0" - } - ], - "publicationTime": "2016-04-20T14:45:19Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/chjj/marked/pull/592/commits/2cff85979be8e7a026a9aca35542c470cf5da523" - }, - { - "title": "GitHub PR", - "url": "https://github.com/chjj/marked/pull/592" - } - ], - "semver": { - "vulnerable": [ - ">=0.3.1 <0.3.6" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-MARKED-10010" - ], - "creationTime": "2014-01-30T22:33:12Z", - "credit": [ - "Adam Baldwin" - ], - "cvssScore": 6.5, - "disclosureTime": "2014-01-30T22:33:12Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:marked:20140131", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MARKED-10010" - ], - "CVE": [ - "CVE-2014-1850", - "CVE-2014-3743" - ], - "CWE": [ - "CWE-74" - ], - "NSP": [ - 22 - ] - }, - "language": "js", - "modificationTime": "2018-11-20T10:10:11.005775Z", - "moduleName": "marked", - "packageManager": "npm", - "packageName": "marked", - "patches": [], - "publicationTime": "2014-01-30T22:33:12Z", - "references": [], - "semver": { - "vulnerable": [ - "<=0.3.0" - ] - }, - "severity": "medium", - "title": "Multiple Content Injection Vulnerabilities" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [ - "SNYK-JS-MARKED-10009" - ], - "creationTime": "2014-01-30T22:33:12Z", - "credit": [ - "Barış Soner Uşaklı" - ], - "cvssScore": 7.5, - "disclosureTime": "2014-01-30T22:33:12Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.3.4" - ], - "functions": [], - "functions_new": [], - "id": "npm:marked:20140131-1", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MARKED-10009" - ], - "CVE": [ - "CVE-2015-8854" - ], - "CWE": [ - "CWE-185", - "CWE-730" - ], - "NSP": [ - 23 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:29.145044Z", - "moduleName": "marked", - "packageManager": "npm", - "packageName": "marked", - "patches": [ - { - "comments": [ - "https://github.com/chjj/marked/commit/a37bd643f05bf95ff18cafa2b06e7d741d2e2157.patch" - ], - "id": "patch:npm:marked:20140131-1:0", - "modificationTime": "2019-12-03T11:40:45.735562Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/marked/20140131-1/marked_20140131-1_0_0_a37bd643f05bf95ff18cafa2b06e7d741d2e2157.patch" - ], - "version": "<=0.3.3 >=0.2.8" - } - ], - "publicationTime": "2014-01-30T22:33:12Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/chjj/marked/commit/a37bd643f05bf95ff18cafa2b06e7d741d2e2157" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/chjj/marked/issues/497" - } - ], - "semver": { - "vulnerable": [ - "<0.3.4" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-MARKED-10008" - ], - "creationTime": "2014-01-30T22:33:12Z", - "credit": [ - "Xiao Long" - ], - "cvssScore": 6.5, - "disclosureTime": "2014-01-30T22:33:12Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.3.3" - ], - "functions": [], - "functions_new": [], - "id": "npm:marked:20140131-2", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MARKED-10008" - ], - "CVE": [ - "CVE-2015-1370" - ], - "CWE": [ - "CWE-74" - ], - "GHSA": [ - "GHSA-cfjh-p3g4-3q2f" - ], - "NSP": [ - 24 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:44.331380Z", - "moduleName": "marked", - "packageManager": "npm", - "packageName": "marked", - "patches": [ - { - "comments": [ - "https://github.com/chjj/marked/commit/3c191144939107c45a7fa11ab6cb88be6694a1ba.patch" - ], - "id": "patch:npm:marked:20140131-2:0", - "modificationTime": "2019-12-03T11:40:45.734428Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/marked/20140131-2/marked_20140131-2_0_0_3c191144939107c45a7fa11ab6cb88be6694a1ba.patch" - ], - "version": "<=0.3.2 >=0.3.1" - } - ], - "publicationTime": "2014-01-30T22:33:12Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/markedjs/marked/commit/3c191144939107c45a7fa11ab6cb88be6694a1ba" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/chjj/marked/issues/492" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/markedjs/marked/issues/492" - } - ], - "semver": { - "vulnerable": [ - "<0.3.3" - ] - }, - "severity": "medium", - "title": "VBScript Content Injection" - } - ], - "mathjs": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [ - "SNYK-JS-MATHJS-10882" - ], - "creationTime": "2018-01-28T14:01:09.995000Z", - "credit": [ - "Konrad Borowski", - "Joe Vennix", - "comex" - ], - "cvssScore": 5.6, - "disclosureTime": "2017-04-02T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.11.5" - ], - "functions": [], - "functions_new": [], - "id": "npm:mathjs:20170402", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MATHJS-10882" - ], - "CVE": [], - "CWE": [ - "CWE-94" - ] - }, - "language": "js", - "modificationTime": "2019-06-02T07:09:57.458673Z", - "moduleName": "mathjs", - "packageManager": "npm", - "packageName": "mathjs", - "patches": [], - "publicationTime": "2018-01-28T14:01:09.995000Z", - "references": [ - { - "title": "GitHub Changelog", - "url": "https://github.com/josdejong/mathjs/blob/master/HISTORY.md%232017-04-08-version-3115" - }, - { - "title": "GitHub Comparison", - "url": "https://github.com/josdejong/mathjs/compare/v3.10.3...v3.11.5" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/josdejong/mathjs/issues/821" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/josdejong/mathjs/issues/822" - } - ], - "semver": { - "vulnerable": [ - "<3.11.5" - ] - }, - "severity": "medium", - "title": "Arbitrary Code Execution" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [ - "SNYK-JS-MATHJS-10881" - ], - "creationTime": "2018-01-28T13:00:18.453000Z", - "credit": [ - "CapacitorSet", - "denvit" - ], - "cvssScore": 7.3, - "disclosureTime": "2017-03-31T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.10.3" - ], - "functions": [], - "functions_new": [], - "id": "npm:mathjs:20170331", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MATHJS-10881" - ], - "CVE": [], - "CWE": [ - "CWE-94" - ] - }, - "language": "js", - "modificationTime": "2019-06-02T07:09:56.746684Z", - "moduleName": "mathjs", - "packageManager": "npm", - "packageName": "mathjs", - "patches": [], - "publicationTime": "2018-01-28T13:00:18.453000Z", - "references": [ - { - "title": "GitHub Changelog", - "url": "https://github.com/josdejong/mathjs/blob/v3.11.5/HISTORY.md%232017-03-31-version-3103" - }, - { - "title": "GitHub Comparison", - "url": "https://github.com/josdejong/mathjs/compare/v3.10.1...v3.10.3" - } - ], - "semver": { - "vulnerable": [ - "<3.10.3" - ] - }, - "severity": "high", - "title": "Arbitrary Code Execution" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [ - "SNYK-JS-MATHJS-10880" - ], - "creationTime": "2018-01-28T11:12:08.713000Z", - "credit": [ - "Jos De Jong" - ], - "cvssScore": 5.6, - "disclosureTime": "2017-05-27T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.13.3" - ], - "functions": [], - "functions_new": [], - "id": "npm:mathjs:20170527", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MATHJS-10880" - ], - "CVE": [], - "CWE": [ - "CWE-94" - ] - }, - "language": "js", - "modificationTime": "2019-06-02T07:09:56.028578Z", - "moduleName": "mathjs", - "packageManager": "npm", - "packageName": "mathjs", - "patches": [], - "publicationTime": "2018-01-28T11:12:08.713000Z", - "references": [ - { - "title": "GitHub Changelog", - "url": "https://github.com/josdejong/mathjs/blob/master/HISTORY.md%232017-05-27-version-3133" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/josdejong/mathjs/commit/ed5f2cebaf873ba1e57acbce2a3668686ac69331" - } - ], - "semver": { - "vulnerable": [ - "<3.13.3" - ] - }, - "severity": "medium", - "title": "Arbitrary Code Execution" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "alternativeIds": [ - "SNYK-JS-MATHJS-10844" - ], - "creationTime": "2017-11-28T12:38:08.861000Z", - "credit": [ - "Masato Kinugawa" - ], - "cvssScore": 9.8, - "disclosureTime": "2017-11-18T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.17.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:mathjs:20171118-1", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MATHJS-10844" - ], - "CVE": [ - "CVE-2017-1001003" - ], - "CWE": [ - "CWE-94" - ], - "NSP": [ - 551 - ] - }, - "language": "js", - "modificationTime": "2019-06-02T07:09:42.422875Z", - "moduleName": "mathjs", - "packageManager": "npm", - "packageName": "mathjs", - "patches": [], - "publicationTime": "2017-11-28T14:47:22.264000Z", - "references": [ - { - "title": "GitHub Changelog", - "url": "https://github.com/josdejong/mathjs/blob/master/HISTORY.md%232017-11-18-version-3170" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/josdejong/mathjs/commit/a60f3c8d9dd714244aed7a5569c3dccaa3a4e761" - } - ], - "semver": { - "vulnerable": [ - "<3.17.0" - ] - }, - "severity": "high", - "title": "Arbitrary Code Execution" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [ - "SNYK-JS-MATHJS-10843" - ], - "creationTime": "2017-11-28T12:38:08.861000Z", - "credit": [ - "Masato Kinugawa" - ], - "cvssScore": 7.3, - "disclosureTime": "2017-11-18T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.17.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:mathjs:20171118", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MATHJS-10843" - ], - "CVE": [ - "CVE-2017-1001002" - ], - "CWE": [ - "CWE-94" - ], - "NSP": [ - 552 - ] - }, - "language": "js", - "modificationTime": "2019-05-30T14:51:40.369099Z", - "moduleName": "mathjs", - "packageManager": "npm", - "packageName": "mathjs", - "patches": [], - "publicationTime": "2017-11-28T14:47:22.368000Z", - "references": [ - { - "title": "GitHub Changelog", - "url": "https://github.com/josdejong/mathjs/blob/master/HISTORY.md%232017-11-18-version-3170" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/josdejong/mathjs/commit/8d2d48d81b3c233fb64eb2ec1d7a9e1cf6a55a90" - } - ], - "semver": { - "vulnerable": [ - "<3.17.0" - ] - }, - "severity": "high", - "title": "Arbitrary Code Execution" - } - ], - "mediaelement": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-MEDIAELEMENT-10443" - ], - "creationTime": "2017-03-20T09:57:11.810000Z", - "credit": [ - "Rafael Miranda" - ], - "cvssScore": 6.5, - "disclosureTime": "2017-02-07T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.1.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:mediaelement:20170208", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MEDIAELEMENT-10443" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-23T12:52:42.192906Z", - "moduleName": "mediaelement", - "packageManager": "npm", - "packageName": "mediaelement", - "patches": [], - "publicationTime": "2017-05-08T12:34:45.969000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/johndyer/mediaelement/commit/fd88ce0e2fab8e02f8ab8e00a0b2bfc5769966cf" - } - ], - "semver": { - "vulnerable": [ - ">=3.0.0 <3.1.2" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-MEDIAELEMENT-10442" - ], - "creationTime": "2017-03-20T09:50:23.195000Z", - "credit": [ - "John Dyer" - ], - "cvssScore": 6.5, - "disclosureTime": "2016-05-03T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.21.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:mediaelement:20160504", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MEDIAELEMENT-10442" - ], - "CVE": [ - "CVE-2016-4567" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:53.858560Z", - "moduleName": "mediaelement", - "packageManager": "npm", - "packageName": "mediaelement", - "patches": [], - "publicationTime": "2017-05-08T12:34:45Z", - "references": [ - { - "title": "Contao Release Note", - "url": "https://contao.org/en/news/contao-3_5_15.html" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/contao/core/commit/4d42a56531c82598436d5102fac94721ea99ad49" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/johndyer/mediaelement/commit/24c6ad056d3f43a78a011ec145f1f099f2a1cdbf" - }, - { - "title": "Oss-Sec Mailing List", - "url": "http://seclists.org/oss-sec/2016/q2/275" - } - ], - "semver": { - "vulnerable": [ - ">=2.17.0 <2.21.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "merge": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L/E:F/RL:U/RC:C", - "alternativeIds": [], - "creationTime": "2018-11-01T15:15:55.524108Z", - "credit": [ - "asgerf" - ], - "cvssScore": 2.0, - "disclosureTime": "2018-09-28T08:40:08Z", - "exploit": "Functional", - "fixedIn": [ - "1.2.1" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "merge.js", - "functionName": "merge" - }, - "version": [ - ">1.0.0 <1.2.1" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "merge.js", - "functionName": "merge" - }, - "version": [ - ">1.0.0 <1.2.1" - ] - } - ], - "id": "SNYK-JS-MERGE-72553", - "identifiers": { - "CVE": [ - "CVE-2018-16469" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 722 - ] - }, - "language": "js", - "modificationTime": "2019-03-05T12:12:48.517944Z", - "moduleName": "merge", - "packageManager": "npm", - "packageName": "merge", - "patches": [], - "publicationTime": "2018-11-04T16:03:42Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/yeikos/js.merge/commit/6ad6035b901b3d680beac82de39ca83a93885246" - }, - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/381194" - }, - { - "title": "NPM Security Advisory", - "url": "https://www.npmjs.com/advisories/722" - } - ], - "semver": { - "vulnerable": [ - "<1.2.1" - ] - }, - "severity": "low", - "title": "Prototype Pollution" - } - ], - "merge-deep": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [ - "SNYK-JS-MERGEDEEP-12068" - ], - "creationTime": "2018-02-15T08:29:23.792000Z", - "credit": [ - "Olivier Arteau (HoLyVieR)" - ], - "cvssScore": 6.3, - "disclosureTime": "2018-02-15T08:29:23Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.0.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:merge-deep:20180215", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MERGEDEEP-12068" - ], - "CVE": [ - "CVE-2018-3722" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 580 - ] - }, - "language": "js", - "modificationTime": "2019-04-14T11:26:41.296039Z", - "moduleName": "merge-deep", - "packageManager": "npm", - "packageName": "merge-deep", - "patches": [], - "publicationTime": "2018-02-16T08:29:23Z", - "references": [ - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/310708" - } - ], - "semver": { - "vulnerable": [ - "<3.0.1" - ] - }, - "severity": "medium", - "title": "Prototype Pollution" - } - ], - "merge-objects": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [ - "SNYK-JS-MERGEOBJECTS-12121" - ], - "creationTime": "2018-04-15T20:11:17.564000Z", - "credit": [ - "Olivier Arteau (HoLyVieR)" - ], - "cvssScore": 7.3, - "disclosureTime": "2018-04-15T20:11:17Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:merge-objects:20180415", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MERGEOBJECTS-12121" - ], - "CVE": [ - "CVE-2018-3753" - ], - "CWE": [ - "CWE-400" - ], - "GHSA": [ - "GHSA-992f-wf4w-x36v" - ], - "NSP": [ - 716 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:41.577037Z", - "moduleName": "merge-objects", - "packageManager": "npm", - "packageName": "merge-objects", - "patches": [], - "publicationTime": "2018-04-17T07:45:49Z", - "references": [ - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/310706" - } - ], - "semver": { - "vulnerable": [ - "<=1.0.5" - ] - }, - "severity": "high", - "title": "Prototype Pollution" - } - ], - "merge-options": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [ - "SNYK-JS-MERGEOPTIONS-12124" - ], - "creationTime": "2018-04-15T20:11:17.575000Z", - "credit": [ - "Olivier Arteau" - ], - "cvssScore": 7.3, - "disclosureTime": "2018-04-15T20:11:17Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.0.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:merge-options:20180415", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MERGEOPTIONS-12124" - ], - "CVE": [ - "CVE-2018-3752" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 717 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:41.568964Z", - "moduleName": "merge-options", - "packageManager": "npm", - "packageName": "merge-options", - "patches": [], - "publicationTime": "2018-04-17T07:45:49Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/schnittstabil/merge-options/commit/d4a93bc2890455e0931ac0779667023e6cb101d4" - }, - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/311336" - } - ], - "semver": { - "vulnerable": [ - "<1.0.1" - ] - }, - "severity": "high", - "title": "Prototype Pollution" - } - ], - "merge-recursive": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [ - "SNYK-JS-MERGERECURSIVE-12123" - ], - "creationTime": "2018-04-15T20:11:17.573000Z", - "credit": [ - "Olivier Arteau" - ], - "cvssScore": 7.3, - "disclosureTime": "2018-04-15T20:11:17Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:merge-recursive:20180415", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MERGERECURSIVE-12123" - ], - "CVE": [ - "CVE-2018-3751" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 715 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:41.574473Z", - "moduleName": "merge-recursive", - "packageManager": "npm", - "packageName": "merge-recursive", - "patches": [], - "publicationTime": "2018-04-17T07:45:49Z", - "references": [ - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/311337" - } - ], - "semver": { - "vulnerable": [ - "<=0.0.3" - ] - }, - "severity": "high", - "title": "Prototype Pollution" - } - ], - "mergely": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-MERGELY-12214" - ], - "creationTime": "2018-02-05T17:51:11.425000Z", - "credit": [ - "Clement Notin" - ], - "cvssScore": 4.8, - "disclosureTime": "2018-06-23T17:51:11Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.0.5" - ], - "functions": [], - "functions_new": [], - "id": "npm:mergely:20180623", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MERGELY-12214" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-23T15:37:11.439364Z", - "moduleName": "mergely", - "packageManager": "npm", - "packageName": "mergely", - "patches": [], - "publicationTime": "2018-08-27T11:49:16Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/wickedest/Mergely/commit/217674cd078ea6d7d3cb6694e4f272d76daf3a75" - }, - { - "title": "GitHub Release", - "url": "https://github.com/wickedest/Mergely/releases/tag/4.0.5" - } - ], - "semver": { - "vulnerable": [ - "<4.0.5" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "millisecond": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "alternativeIds": [ - "SNYK-JS-MILLISECOND-10065" - ], - "creationTime": "2015-11-25T12:00:05.158000Z", - "credit": [ - "Luigi Pinca" - ], - "cvssScore": 5.3, - "disclosureTime": "2015-11-20T18:52:47.394000Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.1.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:millisecond:20151120", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MILLISECOND-10065" - ], - "CVE": [ - "CVE-2015-8315" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 59 - ] - }, - "language": "js", - "modificationTime": "2019-05-30T14:13:00.597572Z", - "moduleName": "millisecond", - "packageManager": "npm", - "packageName": "millisecond", - "patches": [ - { - "comments": [], - "id": "patch:npm:millisecond:20151120:0", - "modificationTime": "2019-12-03T11:40:45.778606Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/millisecond/20151120/millisecond_20151120_0_0_d3e03f8cd2089806b522e867505e14444fbac838.patch" - ], - "version": "=0.1.1" - } - ], - "publicationTime": "2015-11-25T12:00:05.158000Z", - "references": [ - { - "title": "GitHub PR", - "url": "https://github.com/unshiftio/millisecond/pull/4" - }, - { - "title": "WWW.OWASP.ORG", - "url": "https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS" - } - ], - "semver": { - "vulnerable": [ - "<0.1.2" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "mimer": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-MIMER-10894" - ], - "creationTime": "2018-02-15T14:36:50Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 5.3, - "disclosureTime": "2018-02-10T20:39:06Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "0.3.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:mimer:20180210", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MIMER-10894" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.690725Z", - "moduleName": "mimer", - "packageManager": "npm", - "packageName": "mimer", - "patches": [], - "publicationTime": "2018-02-15T19:52:28.603000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/data-uri/mimer/commit/50ba6424f68543ccda61652b1e12e64fb87e33c2" - }, - { - "title": "GitHub Release", - "url": "https://github.com/data-uri/mimer/releases/tag/v0.3.0" - } - ], - "semver": { - "vulnerable": [ - "<0.3.0" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "mixin-deep": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2019-06-20T09:34:56.241544Z", - "credit": [ - "Snyk Security Team" - ], - "cvssScore": 7.3, - "disclosureTime": "2019-06-19T09:34:10Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "2.0.1", - "1.3.2" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "index.js", - "functionName": "module.exports.copy" - }, - "version": [ - "<1.1.1" - ] - }, - { - "functionId": { - "className": null, - "filePath": "index.js", - "functionName": "copy" - }, - "version": [ - ">=1.1.1 <2.0.0" - ] - }, - { - "functionId": { - "className": null, - "filePath": "index.js", - "functionName": "mixinDeep" - }, - "version": [ - ">=2.0.0 <2.0.1" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "index.js", - "functionName": "module.exports.copy" - }, - "version": [ - "<1.1.1" - ] - }, - { - "functionId": { - "filePath": "index.js", - "functionName": "copy" - }, - "version": [ - ">=1.1.1 <2.0.0" - ] - }, - { - "functionId": { - "filePath": "index.js", - "functionName": "mixinDeep" - }, - "version": [ - ">=2.0.0 <2.0.1" - ] - } - ], - "id": "SNYK-JS-MIXINDEEP-450212", - "identifiers": { - "CVE": [ - "CVE-2019-10746" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 1013 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:00.759386Z", - "moduleName": "mixin-deep", - "packageManager": "npm", - "packageName": "mixin-deep", - "patches": [], - "publicationTime": "2019-06-20T09:34:08Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/jonschlinkert/mixin-deep/commit/8f464c8ce9761a8c9c2b3457eaeee9d404fa7af9" - } - ], - "semver": { - "vulnerable": [ - ">=2.0.0 <2.0.1", - "<1.3.2" - ] - }, - "severity": "high", - "title": "Prototype Pollution" - }, - { - "CVSSv3": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-MIXINDEEP-12067" - ], - "creationTime": "2018-02-15T08:29:23.775000Z", - "credit": [ - "Olivier Arteau (HoLyVieR)" - ], - "cvssScore": 1.8, - "disclosureTime": "2018-02-15T08:29:23Z", - "exploit": "Functional", - "fixedIn": [ - "1.3.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:mixin-deep:20180215", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MIXINDEEP-12067" - ], - "CVE": [ - "CVE-2018-3719" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 578 - ] - }, - "language": "js", - "modificationTime": "2019-04-14T11:27:50.379598Z", - "moduleName": "mixin-deep", - "packageManager": "npm", - "packageName": "mixin-deep", - "patches": [], - "publicationTime": "2018-02-16T08:29:23Z", - "references": [ - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/311236" - } - ], - "semver": { - "vulnerable": [ - "<1.3.1" - ] - }, - "severity": "low", - "title": "Prototype Pollution" - } - ], - "mobile-detect": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "alternativeIds": [ - "SNYK-JS-MOBILEDETECT-10846" - ], - "creationTime": "2017-12-10T10:02:45.497000Z", - "credit": [ - "Cristian-Alexandru Staicu" - ], - "cvssScore": 5.3, - "disclosureTime": "2017-09-07T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.4.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:mobile-detect:20170907", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MOBILEDETECT-10846" - ], - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2019-12-23T15:38:17.451341Z", - "moduleName": "mobile-detect", - "packageManager": "npm", - "packageName": "mobile-detect", - "patches": [], - "publicationTime": "2017-12-10T06:02:45Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/hgoebl/mobile-detect.js/commit/7222f6e75cf8cd90e1dc53e445716203eaf79d8a" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/hgoebl/mobile-detect.js/issues/67" - } - ], - "semver": { - "vulnerable": [ - "<1.4.0" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "moddle-xml": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-MODDLEXML-10912" - ], - "creationTime": "2018-02-20T14:36:50Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 3.7, - "disclosureTime": "2018-02-21T16:19:06Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "4.1.3" - ], - "functions": [], - "functions_new": [], - "id": "npm:moddle-xml:20180222", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MODDLEXML-10912" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.654958Z", - "moduleName": "moddle-xml", - "packageManager": "npm", - "packageName": "moddle-xml", - "patches": [], - "publicationTime": "2018-02-22T15:42:01.923000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/bpmn-io/moddle-xml/commit/e2b5ba0a79b16af48a4ec9fa8b605ea4e0111c17" - } - ], - "semver": { - "vulnerable": [ - "<4.1.3" - ] - }, - "severity": "low", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "mol-proto": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-MOLPROTO-11081" - ], - "creationTime": "2018-04-04T10:47:16.639000Z", - "credit": [ - "Cristian-Alexandru Staicu", - "Michael Pradel", - "Ben Livshits" - ], - "cvssScore": 6.5, - "disclosureTime": "2016-04-07T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.0.6" - ], - "functions": [], - "functions_new": [], - "id": "npm:mol-proto:20160407", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MOLPROTO-11081" - ], - "CVE": [], - "CWE": [ - "CWE-94" - ] - }, - "language": "js", - "modificationTime": "2019-06-02T07:10:30.133184Z", - "moduleName": "mol-proto", - "packageManager": "npm", - "packageName": "mol-proto", - "patches": [], - "publicationTime": "2018-04-08T12:56:16.556000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/milojs/proto/pull/2/commits/10adbec293e7dfdb2e9e565bfd77187cf0373cbe" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/milojs/proto/issues/1" - }, - { - "title": "GitHub PR", - "url": "https://github.com/milojs/proto/pull/2" - }, - { - "title": "Research Paper - Understanding and Automatically Preventing Injection Attacks on Node.js", - "url": "http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018_07A-2_Staicu_paper.pdf" - } - ], - "semver": { - "vulnerable": [ - "<1.0.6" - ] - }, - "severity": "medium", - "title": "Arbitrary Code Injection" - } - ], - "moment": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "alternativeIds": [ - "SNYK-JS-MOMENT-10841" - ], - "creationTime": "2017-09-13T07:55:05.106000Z", - "credit": [ - "Cristian-Alexandru Staicu" - ], - "cvssScore": 3.7, - "disclosureTime": "2017-09-05T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.19.3" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "moment.js", - "functionName": "monthsRegex" - }, - "version": [ - "<2.19.3" - ] - }, - { - "functionId": { - "className": null, - "filePath": "moment.js", - "functionName": "monthsShortRegex" - }, - "version": [ - "<2.19.3" - ] - }, - { - "functionId": { - "className": null, - "filePath": "moment.js", - "functionName": "weekdaysMinRegex" - }, - "version": [ - ">=2.13.0 <2.19.3" - ] - }, - { - "functionId": { - "className": null, - "filePath": "moment.js", - "functionName": "weekdaysRegex" - }, - "version": [ - ">=2.13.0 <2.19.3" - ] - }, - { - "functionId": { - "className": null, - "filePath": "moment.js", - "functionName": "weekdaysShortRegex" - }, - "version": [ - ">=2.13.0 <2.19.3" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "moment.js", - "functionName": "monthsRegex" - }, - "version": [ - "<2.19.3" - ] - }, - { - "functionId": { - "filePath": "moment.js", - "functionName": "monthsShortRegex" - }, - "version": [ - "<2.19.3" - ] - }, - { - "functionId": { - "filePath": "moment.js", - "functionName": "weekdaysMinRegex" - }, - "version": [ - ">=2.13.0 <2.19.3" - ] - }, - { - "functionId": { - "filePath": "moment.js", - "functionName": "weekdaysRegex" - }, - "version": [ - ">=2.13.0 <2.19.3" - ] - }, - { - "functionId": { - "filePath": "moment.js", - "functionName": "weekdaysShortRegex" - }, - "version": [ - ">=2.13.0 <2.19.3" - ] - } - ], - "id": "npm:moment:20170905", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MOMENT-10841" - ], - "CVE": [ - "CVE-2017-18214" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 532 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:45.510184Z", - "moduleName": "moment", - "packageManager": "npm", - "packageName": "moment", - "patches": [ - { - "comments": [], - "id": "patch:npm:moment:20170905:0", - "modificationTime": "2019-12-03T11:40:45.878422Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/moment/20170905/moment_0_0_69ed9d44957fa6ab12b73d2ae29d286a857b80eb.patch" - ], - "version": "<2.19.3 >=2.16.0" - } - ], - "publicationTime": "2017-11-28T14:47:22Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/moment/moment/issues/4163" - }, - { - "title": "GitHub PR", - "url": "https://github.com/moment/moment/pull/4326" - } - ], - "semver": { - "vulnerable": [ - "<2.19.3" - ] - }, - "severity": "low", - "title": "Regular Expression Denial of Service (ReDoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [ - "SNYK-JS-MOMENT-10164" - ], - "creationTime": "2016-10-23T06:57:59.675000Z", - "credit": [ - "Snyk Security Research Team" - ], - "cvssScore": 5.9, - "disclosureTime": "2016-10-18T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.15.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:moment:20161019", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MOMENT-10164" - ], - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.808353Z", - "moduleName": "moment", - "packageManager": "npm", - "packageName": "moment", - "patches": [ - { - "comments": [], - "id": "patch:npm:moment:20161019:0", - "modificationTime": "2019-12-03T11:40:45.848228Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/moment/20161019/moment_20161019_0_1.patch" - ], - "version": "<2.15.2 >=2.14.0" - }, - { - "comments": [], - "id": "patch:npm:moment:20161019:1", - "modificationTime": "2019-12-03T11:40:45.849308Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/moment/20161019/moment_20161019_0_0.patch" - ], - "version": "<2.14.0 >=2.12.0" - } - ], - "publicationTime": "2016-10-24T06:57:59Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/moment/moment/commit/663f33e333212b3800b63592cd8e237ac8fabdb9" - }, - { - "title": "Proof of concept", - "url": "https://gist.github.com/grnd/50192ce22681848a7de812d95241b7fc" - } - ], - "semver": { - "vulnerable": [ - "<2.15.2" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "alternativeIds": [ - "SNYK-JS-MOMENT-10084" - ], - "creationTime": "2016-02-01T19:00:03.862000Z", - "credit": [ - "Adam Baldwin" - ], - "cvssScore": 5.3, - "disclosureTime": "2016-01-26T20:04:21Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.11.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:moment:20160126", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MOMENT-10084" - ], - "CVE": [ - "CVE-2016-4055" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 55 - ] - }, - "language": "js", - "modificationTime": "2019-04-26T23:34:49.979996Z", - "moduleName": "moment", - "packageManager": "npm", - "packageName": "moment", - "patches": [ - { - "comments": [], - "id": "patch:npm:moment:20160126:0", - "modificationTime": "2019-12-03T11:40:45.800167Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/moment/20160126/moment_20160126_0_0_34af63b8b21208a949dfaf42d228502c73d20ec0.patch" - ], - "version": "<=2.11.1 >2.10.6" - }, - { - "comments": [], - "id": "patch:npm:moment:20160126:1", - "modificationTime": "2019-12-03T11:40:45.801226Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/moment/20160126/moment_20160126_0_1_34af63b8b21208a949dfaf42d228502c73d20ec0.patch" - ], - "version": "<=2.10.6 >2.9.0" - }, - { - "comments": [], - "id": "patch:npm:moment:20160126:2", - "modificationTime": "2019-12-03T11:40:45.802270Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/moment/20160126/moment_20160126_0_2_34af63b8b21208a949dfaf42d228502c73d20ec0.patch" - ], - "version": "<=2.9.0 >2.2.1" - }, - { - "comments": [], - "id": "patch:npm:moment:20160126:3", - "modificationTime": "2019-12-03T11:40:45.803327Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/moment/20160126/moment_20160126_0_3_34af63b8b21208a949dfaf42d228502c73d20ec0.patch" - ], - "version": "=2.2.1" - }, - { - "comments": [], - "id": "patch:npm:moment:20160126:4", - "modificationTime": "2019-12-03T11:40:45.804441Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/moment/20160126/moment_20160126_0_4_34af63b8b21208a949dfaf42d228502c73d20ec0.patch" - ], - "version": "<2.2.1 >2.0.0" - } - ], - "publicationTime": "2016-02-01T19:00:03Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/moment/moment/commit/52a807b961ead925be11ff5e632c8f7325a9ce36" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/moment/moment/issues/2936" - }, - { - "title": "OWASP ReDoS", - "url": "https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS" - } - ], - "semver": { - "vulnerable": [ - "<2.11.2" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "morris.js": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", - "alternativeIds": [ - "SNYK-JS-MORRISJS-10466" - ], - "creationTime": "2017-04-16T07:00:20.146000Z", - "credit": [ - "Jelte Fennema" - ], - "cvssScore": 6.5, - "disclosureTime": "2014-07-17T07:00:20.146000Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:morris.js:20140717", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MORRISJS-10466" - ], - "CVE": [ - "CVE-2017-16022" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 307 - ] - }, - "language": "js", - "modificationTime": "2018-11-18T11:50:40.980093Z", - "moduleName": "morris.js", - "packageManager": "npm", - "packageName": "morris.js", - "patches": [], - "publicationTime": "2017-04-16T07:00:20.146000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/morrisjs/morris.js/commit/1c66cfc4ac7b23d324f131bec7739265887e30fc" - }, - { - "title": "GitHub PR", - "url": "https://github.com/morrisjs/morris.js/pull/464" - } - ], - "semver": { - "vulnerable": [ - "<=0.5.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "mqtt": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "alternativeIds": [ - "SNYK-JS-MQTT-10851" - ], - "creationTime": "2018-01-01T11:22:02.425000Z", - "credit": [ - "Masataka Sakaguchi", - "Bintatsu Noda", - "Hisashi Kojima" - ], - "cvssScore": 4.3, - "disclosureTime": "2017-12-25T11:22:02.425000Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.15.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:mqtt:20171225", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MQTT-10851" - ], - "CVE": [ - "CVE-2017-10910" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 555 - ] - }, - "language": "js", - "modificationTime": "2019-04-28T08:18:19.756775Z", - "moduleName": "mqtt", - "packageManager": "npm", - "packageName": "mqtt", - "patches": [], - "publicationTime": "2018-01-03T11:22:02.425000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/mqttjs/MQTT.js/commit/403ba53b838f2d319a0c0505a045fe00239e9923" - }, - { - "title": "GitHub PR", - "url": "https://github.com/mqttjs/MQTT.js/pull/738" - }, - { - "title": "GitHub Release", - "url": "https://github.com/mqttjs/MQTT.js/releases/tag/v2.15.0" - }, - { - "title": "JVN", - "url": "https://jvn.jp/en/jp/JVN45494523/index.html" - } - ], - "semver": { - "vulnerable": [ - ">=2.0.0 <2.15.0" - ] - }, - "severity": "medium", - "title": "Denial of Service (DoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [ - "SNYK-JS-MQTT-10130" - ], - "creationTime": "2016-08-17T15:13:32.563000Z", - "credit": [ - "Matteo Collina" - ], - "cvssScore": 7.5, - "disclosureTime": "2016-08-17T15:13:32Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.0.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:mqtt:20160817", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MQTT-10130" - ], - "CVE": [ - "CVE-2016-1000242" - ], - "CWE": [ - "CWE-248" - ], - "GHSA": [ - "GHSA-hg78-c92r-hvwr" - ], - "NSP": [ - 140 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:28.376080Z", - "moduleName": "mqtt", - "packageManager": "npm", - "packageName": "mqtt", - "patches": [], - "publicationTime": "2016-08-17T15:13:32Z", - "references": [ - { - "title": "GITHUB.COM", - "url": "https://github.com/mqttjs/MQTT.js/blob/388a084d7803934b18b43c1146c817deaa1396b1/lib/parse.js%23L230" - } - ], - "semver": { - "vulnerable": [ - "<1.0.0" - ] - }, - "severity": "high", - "title": "Denial of Service (DoS)" - } - ], - "ms": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "alternativeIds": [ - "SNYK-JS-MS-10509" - ], - "creationTime": "2017-04-12T10:02:45.497000Z", - "credit": [ - "Snyk Security Research Team" - ], - "cvssScore": 3.7, - "disclosureTime": "2017-04-11T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.0.0" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "index.js", - "functionName": "parse" - }, - "version": [ - ">=0.7.3 <2.0.0" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "index.js", - "functionName": "parse" - }, - "version": [ - ">=0.7.3 <2.0.0" - ] - } - ], - "id": "npm:ms:20170412", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MS-10509" - ], - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.833759Z", - "moduleName": "ms", - "packageManager": "npm", - "packageName": "ms", - "patches": [ - { - "comments": [], - "id": "patch:npm:ms:20170412:0", - "modificationTime": "2019-12-03T11:40:45.863964Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/ms/20170412/ms_100.patch" - ], - "version": "=1.0.0" - }, - { - "comments": [], - "id": "patch:npm:ms:20170412:1", - "modificationTime": "2019-12-03T11:40:45.865081Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/ms/20170412/ms_072-073.patch" - ], - "version": "=0.7.2 || =0.7.3" - }, - { - "comments": [], - "id": "patch:npm:ms:20170412:2", - "modificationTime": "2019-12-03T11:40:45.866206Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/ms/20170412/ms_071.patch" - ], - "version": "=0.7.1" - } - ], - "publicationTime": "2017-05-15T06:02:45Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/zeit/ms/pull/89/commits/305f2ddcd4eff7cc7c518aca6bb2b2d2daad8fef" - }, - { - "title": "GitHub PR", - "url": "https://github.com/zeit/ms/pull/89" - } - ], - "semver": { - "vulnerable": [ - ">=0.7.1 <2.0.0" - ] - }, - "severity": "low", - "title": "Regular Expression Denial of Service (ReDoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "alternativeIds": [ - "SNYK-JS-MS-10064" - ], - "creationTime": "2015-11-06T02:09:36.187000Z", - "credit": [ - "Adam Baldwin" - ], - "cvssScore": 5.3, - "disclosureTime": "2015-10-24T20:39:59Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.7.1" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "ms.js", - "functionName": "parse" - }, - "version": [ - ">0.1.0 <=0.3.0" - ] - }, - { - "functionId": { - "className": null, - "filePath": "index.js", - "functionName": "parse" - }, - "version": [ - ">0.3.0 <0.7.1" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "ms.js", - "functionName": "parse" - }, - "version": [ - ">0.1.0 <=0.3.0" - ] - }, - { - "functionId": { - "filePath": "index.js", - "functionName": "parse" - }, - "version": [ - ">0.3.0 <0.7.1" - ] - } - ], - "id": "npm:ms:20151024", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MS-10064" - ], - "CVE": [ - "CVE-2015-8315" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 46 - ] - }, - "language": "js", - "modificationTime": "2019-05-23T07:46:17.408630Z", - "moduleName": "ms", - "packageManager": "npm", - "packageName": "ms", - "patches": [ - { - "comments": [], - "id": "patch:npm:ms:20151024:0", - "modificationTime": "2019-12-03T11:40:45.772009Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/ms/20151024/ms_20151024_0_0_48701f029417faf65e6f5e0b61a3cebe5436b07b.patch" - ], - "version": "=0.7.0" - }, - { - "comments": [], - "id": "patch:npm:ms:20151024:1", - "modificationTime": "2019-12-03T11:40:45.773094Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/ms/20151024/ms_20151024_1_0_48701f029417faf65e6f5e0b61a3cebe5436b07b_snyk.patch" - ], - "version": "<0.7.0 >=0.6.0" - }, - { - "comments": [], - "id": "patch:npm:ms:20151024:2", - "modificationTime": "2019-12-03T11:40:45.774221Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/ms/20151024/ms_20151024_2_0_48701f029417faf65e6f5e0b61a3cebe5436b07b_snyk2.patch" - ], - "version": "<0.6.0 >0.3.0" - }, - { - "comments": [], - "id": "patch:npm:ms:20151024:3", - "modificationTime": "2019-12-03T11:40:45.775292Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/ms/20151024/ms_20151024_3_0_48701f029417faf65e6f5e0b61a3cebe5436b07b_snyk3.patch" - ], - "version": "=0.3.0" - }, - { - "comments": [], - "id": "patch:npm:ms:20151024:4", - "modificationTime": "2019-12-03T11:40:45.776329Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/ms/20151024/ms_20151024_4_0_48701f029417faf65e6f5e0b61a3cebe5436b07b_snyk4.patch" - ], - "version": "=0.2.0" - }, - { - "comments": [], - "id": "patch:npm:ms:20151024:5", - "modificationTime": "2019-12-03T11:40:45.777474Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/ms/20151024/ms_20151024_5_0_48701f029417faf65e6f5e0b61a3cebe5436b07b_snyk5.patch" - ], - "version": "=0.1.0" - } - ], - "publicationTime": "2015-11-06T02:09:36Z", - "references": [ - { - "title": "OSS security Advisory", - "url": "https://www.openwall.com/lists/oss-security/2016/04/20/11" - }, - { - "title": "OWASP - ReDoS", - "url": "https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS" - }, - { - "title": "Security Focus", - "url": "https://www.securityfocus.com/bid/96389" - } - ], - "semver": { - "vulnerable": [ - "<0.7.1" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "mustache": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-MUSTACHE-10067" - ], - "creationTime": "2015-12-14T23:52:16.806000Z", - "credit": [ - "Matias P. Brutti" - ], - "cvssScore": 5.3, - "disclosureTime": "2015-12-07T17:13:57Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.2.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:mustache:20151207", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MUSTACHE-10067" - ], - "CVE": [ - "CVE-2015-8862" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 62 - ] - }, - "language": "js", - "modificationTime": "2019-07-31T11:58:14.879604Z", - "moduleName": "mustache", - "packageManager": "npm", - "packageName": "mustache", - "patches": [ - { - "comments": [ - "https://github.com/janl/mustache.js/commit/378bcca8a5cfe4058f294a3dbb78e8755e8e0da5" - ], - "id": "patch:npm:mustache:20151207:0", - "modificationTime": "2019-12-03T11:40:45.779904Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/mustache/20151207/mustache_0.patch" - ], - "version": "<2.2.1 >=2.1.0" - } - ], - "publicationTime": "2015-12-14T23:52:16Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/janl/mustache.js/commit/378bcca8a5cfe4058f294a3dbb78e8755e8e0da5" - } - ], - "semver": { - "vulnerable": [ - "<2.2.1" - ] - }, - "severity": "medium", - "title": "Content Injection due to quoteless attributes" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-MUSTACHE-10046" - ], - "creationTime": "2015-11-06T02:09:36.180000Z", - "credit": [], - "cvssScore": 5.4, - "disclosureTime": "2015-11-06T02:09:36.180000Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.3.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:mustache:20110814", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MUSTACHE-10046" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:36.290007Z", - "moduleName": "mustache", - "packageManager": "npm", - "packageName": "mustache", - "patches": [], - "publicationTime": "2015-11-06T02:09:36.180000Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/janl/mustache.js/issues/112" - } - ], - "semver": { - "vulnerable": [ - "< 0.3.1" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "mxgraph": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "alternativeIds": [], - "creationTime": "2019-07-01T15:50:11.065586Z", - "credit": [ - "Unknown" - ], - "cvssScore": 7.5, - "disclosureTime": "2019-07-01T15:25:46Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.0.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-MXGRAPH-451302", - "identifiers": { - "CVE": [ - "CVE-2019-13127" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-07-17T10:39:39.781483Z", - "moduleName": "mxgraph", - "packageManager": "npm", - "packageName": "mxgraph", - "patches": [], - "publicationTime": "2019-07-01T15:25:46Z", - "references": [ - { - "title": "Draw io Version History", - "url": "https://marketplace.atlassian.com/apps/1210933/draw-io-diagrams-for-confluence/version-history" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/jgraph/mxgraph/commit/76e8e2809b622659a9c5ffdc4f19922b7a68cfa3" - }, - { - "title": "SYSS Advisory", - "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-032.txt" - } - ], - "semver": { - "vulnerable": [ - "<4.0.0" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [ - "SNYK-JS-MXGRAPH-12098" - ], - "creationTime": "2018-02-24T02:10:45.136000Z", - "credit": [ - "unknown" - ], - "cvssScore": 7.3, - "disclosureTime": "2017-11-22T02:10:45Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.7.6" - ], - "functions": [], - "functions_new": [], - "id": "npm:mxgraph:20171122", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-MXGRAPH-12098" - ], - "CVE": [ - "CVE-2017-18197" - ], - "CWE": [ - "CWE-611" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:46.135065Z", - "moduleName": "mxgraph", - "packageManager": "npm", - "packageName": "mxgraph", - "patches": [], - "publicationTime": "2018-03-21T09:26:19Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/jgraph/mxgraph/issues/124" - }, - { - "title": "NVD", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18197" - } - ], - "semver": { - "vulnerable": [ - "<3.7.6" - ] - }, - "severity": "high", - "title": "XML External Entity (XXE) Injection" - } - ], - "next": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "alternativeIds": [], - "creationTime": "2020-06-10T09:44:30.678249Z", - "credit": [ - "Ron Masas" - ], - "cvssScore": 7.5, - "disclosureTime": "2020-06-09T17:27:02Z", - "exploit": "Not Defined", - "fixedIn": [ - "5.1.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-NEXT-571938", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-22" - ] - }, - "language": "js", - "modificationTime": "2020-06-10T13:42:49.186936Z", - "moduleName": "next", - "packageManager": "npm", - "packageName": "next", - "patches": [], - "publicationTime": "2020-06-10T13:42:49.418013Z", - "references": [ - { - "title": "GitHub Additional Information", - "url": "https://github.com/masasron/vulnerability-research/tree/master/CVE-2018-6184/LFI" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/vercel/next.js/commit/c8da345765e1e96b98a1625acfd70470956505de%23diff-b98f02bc5ed76ee139b182c00ce7b559" - } - ], - "semver": { - "vulnerable": [ - "<5.1.0" - ] - }, - "severity": "high", - "title": "Arbitrary File Read" - }, - { - "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", - "alternativeIds": [], - "creationTime": "2020-03-31T08:26:06.422662Z", - "credit": [ - "Unknown" - ], - "cvssScore": 4.4, - "disclosureTime": "2020-03-30T23:10:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "9.3.2" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-NEXT-561584", - "identifiers": { - "CVE": [ - "CVE-2020-5284" - ], - "CWE": [ - "CWE-23" - ], - "GHSA": [ - "GHSA-fq77-7p7r-83rj" - ] - }, - "language": "js", - "modificationTime": "2020-03-31T15:17:46.906798Z", - "moduleName": "next", - "packageManager": "npm", - "packageName": "next", - "patches": [], - "publicationTime": "2020-03-30T23:10:00Z", - "references": [ - { - "title": "GItHub Commit", - "url": "https://github.com/zeit/next.js/commit/7774101ad155dea1d45ff42225ba564e921bc359" - }, - { - "title": "GitHub Security Advisory", - "url": "https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj" - }, - { - "title": "Release Note", - "url": "https://github.com/zeit/next.js/releases/tag/v9.3.2" - } - ], - "semver": { - "vulnerable": [ - "<9.3.2" - ] - }, - "severity": "medium", - "title": "Path Traversal" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "alternativeIds": [], - "creationTime": "2019-05-07T08:04:58.425933Z", - "credit": [ - "Unknown" - ], - "cvssScore": 7.5, - "disclosureTime": "2017-06-01T17:51:07Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.4.1" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-NEXT-174590", - "identifiers": { - "CVE": [ - "CVE-2017-16877" - ], - "CWE": [ - "CWE-22" - ] - }, - "language": "js", - "modificationTime": "2019-05-07T15:26:12.939271Z", - "moduleName": "next", - "packageManager": "npm", - "packageName": "next", - "patches": [], - "publicationTime": "2017-11-17T17:51:07Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/zeit/next.js/commit/02fe7cf63f6265d73bdaf8bc50a4f2fb539dcd00" - }, - { - "title": "GitHub Release", - "url": "https://github.com/zeit/next.js/releases/tag/2.4.1" - } - ], - "semver": { - "vulnerable": [ - "<2.4.1" - ] - }, - "severity": "high", - "title": "Directory Traversal" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [], - "creationTime": "2018-10-15T07:10:55.211634Z", - "credit": [ - "Jessica Stokes", - "Ive", - "Jeremy Rauch" - ], - "cvssScore": 6.5, - "disclosureTime": "2018-10-11T23:10:17Z", - "exploit": "Not Defined", - "fixedIn": [ - "7.0.2" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-NEXT-72454", - "identifiers": { - "CVE": [ - "CVE-2018-18282" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2018-11-18T11:50:39.872597Z", - "moduleName": "next", - "packageManager": "npm", - "packageName": "next", - "patches": [], - "publicationTime": "2018-10-15T23:10:17Z", - "references": [ - { - "title": "GitHub Release", - "url": "https://github.com/zeit/next.js/releases/tag/7.0.2" - } - ], - "semver": { - "vulnerable": [ - ">=7.0.0 <7.0.2" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [ - "SNYK-JS-NEXT-12055" - ], - "creationTime": "2018-01-31T11:47:24.804000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 7.3, - "disclosureTime": "2018-01-24T11:47:24.804000Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.2.3" - ], - "functions": [], - "functions_new": [], - "id": "npm:next:20180124", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-NEXT-12055" - ], - "CVE": [ - "CVE-2018-6184" - ], - "CWE": [ - "CWE-22" - ] - }, - "language": "js", - "modificationTime": "2019-05-07T08:08:19.726160Z", - "moduleName": "next", - "packageManager": "npm", - "packageName": "next", - "patches": [], - "publicationTime": "2018-01-31T15:47:55.758000Z", - "references": [ - { - "title": "GitHub Release", - "url": "https://github.com/zeit/next.js/releases/tag/4.2.3" - }, - { - "title": "NVD", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6184" - } - ], - "semver": { - "vulnerable": [ - "<4.2.3" - ] - }, - "severity": "high", - "title": "Directory Traversal" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-NEXT-10646" - ], - "creationTime": "2017-06-13T14:18:28.250000Z", - "credit": [ - "ru_raz0r" - ], - "cvssScore": 5.4, - "disclosureTime": "2017-06-06T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.4.3" - ], - "functions": [], - "functions_new": [], - "id": "npm:next:20170607", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-NEXT-10646" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-05-07T08:08:19.719029Z", - "moduleName": "next", - "packageManager": "npm", - "packageName": "next", - "patches": [], - "publicationTime": "2017-06-13T14:18:28.250000Z", - "references": [ - { - "title": "GitHub Release", - "url": "https://github.com/zeit/next.js/releases/tag/2.4.3" - }, - { - "title": "Ru_Raz0r Tweet", - "url": "https://twitter.com/ru_raz0r/status/872800558045954048" - } - ], - "semver": { - "vulnerable": [ - "<2.4.3" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", - "alternativeIds": [ - "SNYK-JS-NEXT-10641" - ], - "creationTime": "2017-06-12T08:10:59.707000Z", - "credit": [ - "ru_raz0r" - ], - "cvssScore": 7.1, - "disclosureTime": "2017-05-31T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.4.1", - "3.0.0-beta7" - ], - "functions": [], - "functions_new": [], - "id": "npm:next:20170601", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-NEXT-10641" - ], - "CVE": [], - "CWE": [ - "CWE-22" - ] - }, - "language": "js", - "modificationTime": "2019-05-07T08:08:19.711590Z", - "moduleName": "next", - "packageManager": "npm", - "packageName": "next", - "patches": [], - "publicationTime": "2017-06-12T13:50:46.023000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/zeit/next.js/commit/02fe7cf63f6265d73bdaf8bc50a4f2fb539dcd00" - }, - { - "title": "GitHub Release", - "url": "https://github.com/zeit/next.js/releases/tag/2.4.1" - }, - { - "title": "Zeit Vulnerability Advisory", - "url": "https://send-patch.now.sh/" - } - ], - "semver": { - "vulnerable": [ - "<2.4.1", - ">=3.0.0-beta1 <3.0.0-beta7" - ] - }, - "severity": "high", - "title": "Directory Traversal" - } - ], - "ng-dialog": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "alternativeIds": [ - "SNYK-JS-NGDIALOG-10416" - ], - "creationTime": "2017-03-01T11:50:54.825000Z", - "credit": [ - "Tom Marien" - ], - "cvssScore": 5.3, - "disclosureTime": "2016-09-15T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:ng-dialog:20160916", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-NGDIALOG-10416" - ], - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:21.649971Z", - "moduleName": "ng-dialog", - "packageManager": "npm", - "packageName": "ng-dialog", - "patches": [], - "publicationTime": "2017-03-13T08:00:22Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/likeastore/ngDialog/issues/507" - } - ], - "semver": { - "vulnerable": [ - "<0.0.0" - ] - }, - "severity": "medium", - "title": "Denial of Service (DoS)" - } - ], - "no-case": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "alternativeIds": [ - "SNYK-JS-NOCASE-10758" - ], - "creationTime": "2017-09-10T12:57:44.712000Z", - "credit": [ - "Cristian-Alexandru Staicu" - ], - "cvssScore": 5.3, - "disclosureTime": "2017-09-08T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.3.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:no-case:20170908", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-NOCASE-10758" - ], - "CVE": [ - "CVE-2017-16099" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 524 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:18.601543Z", - "moduleName": "no-case", - "packageManager": "npm", - "packageName": "no-case", - "patches": [], - "publicationTime": "2017-09-10T12:57:44.712000Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/blakeembrey/no-case/issues/17" - } - ], - "semver": { - "vulnerable": [ - "<2.3.2" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "node-htmlparser-classic": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [ - "SNYK-JS-NODEHTMLPARSERCLASSIC-12171" - ], - "creationTime": "2018-06-21T17:51:11.406000Z", - "credit": [ - "Cristian-Alexandru Staicu" - ], - "cvssScore": 7.5, - "disclosureTime": "2017-09-06T17:51:11.406000Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:node-htmlparser-classic:20170906", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-NODEHTMLPARSERCLASSIC-12171" - ], - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2018-11-18T11:50:42.244507Z", - "moduleName": "node-htmlparser-classic", - "packageManager": "npm", - "packageName": "node-htmlparser-classic", - "patches": [], - "publicationTime": "2018-06-25T13:19:28.034000Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/tautologistics/node-htmlparser/issues/79" - } - ], - "semver": { - "vulnerable": [ - "<=2.0.0" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "node-jose": [ - { - "CVSSv3": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N/E:H/RL:O/RC:R", - "alternativeIds": [ - "SNYK-JS-NODEJOSE-12040" - ], - "creationTime": "2018-01-10T20:47:00.775000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 7.1, - "disclosureTime": "2017-12-22T20:47:00Z", - "exploit": "High", - "fixedIn": [ - "0.11.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:node-jose:20171222", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-NODEJOSE-12040" - ], - "CVE": [ - "CVE-2018-0114" - ], - "CWE": [ - "CWE-347" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:25.804248Z", - "moduleName": "node-jose", - "packageManager": "npm", - "packageName": "node-jose", - "patches": [], - "publicationTime": "2018-01-10T20:47:00Z", - "references": [ - { - "title": "Cisco Vulnerability Alert", - "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=56326" - }, - { - "title": "Exploit DB", - "url": "https://www.exploit-db.com/exploits/44324" - }, - { - "title": "GitHub ChangeLog", - "url": "https://github.com/cisco/node-jose/blob/master/CHANGELOG.md" - } - ], - "semver": { - "vulnerable": [ - "<0.11.0" - ] - }, - "severity": "high", - "title": "Insecure Token Validation" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-NODEJOSE-10429" - ], - "creationTime": "2017-03-14T13:34:10.463000Z", - "credit": [ - "Antonio Sanso", - "Quan Nguyan" - ], - "cvssScore": 8.7, - "disclosureTime": "2017-03-13T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.9.3" - ], - "functions": [], - "functions_new": [], - "id": "npm:node-jose:20170313", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-NODEJOSE-10429" - ], - "CVE": [ - "CVE-2017-16007" - ], - "CWE": [ - "CWE-200" - ], - "NSP": [ - 324 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:59.084236Z", - "moduleName": "node-jose", - "packageManager": "npm", - "packageName": "node-jose", - "patches": [], - "publicationTime": "2017-03-14T13:34:10.463000Z", - "references": [ - { - "title": "Antonio Sanso Blog", - "url": "http://blog.intothesymmetry.com/2017/03/critical-vulnerability-in-json-web.html" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/cisco/node-jose/pull/88/commits/a994629b4b389dd38dba013cdd4753dad854524f" - }, - { - "title": "GitHub PR", - "url": "https://github.com/cisco/node-jose/pull/88" - }, - { - "title": "PoC", - "url": "https://gist.github.com/asanso/fa25685348051ef6a28d49aa0f27a4ae" - }, - { - "title": "Quan Nguyan Lecture", - "url": "https://www.cs.bris.ac.uk/Research/CryptographySecurity/RWC/2017/nguyen.quan.pdf" - } - ], - "semver": { - "vulnerable": [ - "<0.9.3" - ] - }, - "severity": "high", - "title": "Elliptic Curve Key Disclosure" - } - ], - "node-red": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [], - "creationTime": "2020-01-12T12:29:48.874608Z", - "credit": [ - "vineetpandey" - ], - "cvssScore": 4.6, - "disclosureTime": "2020-01-11T16:11:38Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.20.7" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-NODERED-541514", - "identifiers": { - "CVE": [ - "CVE-2019-15607" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 1456 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:03.858785Z", - "moduleName": "node-red", - "packageManager": "npm", - "packageName": "node-red", - "patches": [], - "publicationTime": "2020-01-12T12:30:20Z", - "references": [ - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/681986" - }, - { - "title": "Node Red Release", - "url": "https://discourse.nodered.org/t/node-red-0-20-8-released/15192" - } - ], - "semver": { - "vulnerable": [ - "<0.20.7" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", - "alternativeIds": [ - "SNYK-JS-NODERED-12210" - ], - "creationTime": "2018-08-20T18:09:21.866000Z", - "credit": [ - "misterch0c" - ], - "cvssScore": 8.6, - "disclosureTime": "2018-05-11T18:09:21Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.18.6" - ], - "functions": [], - "functions_new": [], - "id": "npm:node-red:20180511", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-NODERED-12210" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 993 - ] - }, - "language": "js", - "modificationTime": "2019-06-02T07:14:17.215602Z", - "moduleName": "node-red", - "packageManager": "npm", - "packageName": "node-red", - "patches": [], - "publicationTime": "2018-08-21T14:16:13Z", - "references": [ - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/349146" - }, - { - "title": "NPM Advisory", - "url": "https://www.npmjs.com/advisories/993" - } - ], - "semver": { - "vulnerable": [ - "<0.18.6" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - } - ], - "node-serialize": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C", - "alternativeIds": [ - "SNYK-JS-NODESERIALIZE-10400" - ], - "creationTime": "2017-02-12T16:38:36Z", - "credit": [ - "Ajin Abraham" - ], - "cvssScore": 9.8, - "disclosureTime": "2017-02-08T16:38:36Z", - "exploit": "High", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:node-serialize:20170208", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-NODESERIALIZE-10400" - ], - "CVE": [ - "CVE-2017-5941" - ], - "CWE": [ - "CWE-502" - ], - "NSP": [ - 311 - ] - }, - "language": "js", - "modificationTime": "2018-11-18T11:50:40.856566Z", - "moduleName": "node-serialize", - "packageManager": "npm", - "packageName": "node-serialize", - "patches": [], - "publicationTime": "2017-02-13T16:38:36Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/luin/serialize/issues/4" - }, - { - "title": "Opsecx Blog", - "url": "https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/" - } - ], - "semver": { - "vulnerable": [ - "<=0.0.4" - ] - }, - "severity": "high", - "title": "Arbitrary Code Execution" - } - ], - "node-uuid": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", - "alternativeIds": [ - "SNYK-JS-NODEUUID-10209" - ], - "creationTime": "2016-09-27T07:29:58.965000Z", - "credit": [ - "Robert Kieffer" - ], - "cvssScore": 5.3, - "disclosureTime": "2011-11-29T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.3.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:node-uuid:20111130", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-NODEUUID-10209" - ], - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:23.135201Z", - "moduleName": "node-uuid", - "packageManager": "npm", - "packageName": "node-uuid", - "patches": [], - "publicationTime": "2016-11-23T07:29:58.965000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/broofa/node-uuid/commit/499574c84bc660b52c4322a011abfdd3edfd28bf" - } - ], - "semver": { - "vulnerable": [ - "<1.3.1" - ] - }, - "severity": "medium", - "title": "Denial of Service (DoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-NODEUUID-10089" - ], - "creationTime": "2016-03-28T22:00:02.566000Z", - "credit": [ - "Fedot Praslov" - ], - "cvssScore": 4.2, - "disclosureTime": "2016-03-28T21:29:30Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.4.4" - ], - "functions": [], - "functions_new": [], - "id": "npm:node-uuid:20160328", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-NODEUUID-10089" - ], - "CVE": [ - "CVE-2015-8851" - ], - "CWE": [ - "CWE-330" - ], - "GHSA": [ - "GHSA-265q-28rp-chq5" - ], - "NSP": [ - 93 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:43.034395Z", - "moduleName": "node-uuid", - "packageManager": "npm", - "packageName": "node-uuid", - "patches": [ - { - "comments": [], - "id": "patch:npm:node-uuid:20160328:0", - "modificationTime": "2019-12-03T11:40:45.815314Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/node-uuid/20160328/node-uuid_20160328_0_0_616ad3800f35cf58089215f420db9654801a5a02.patch" - ], - "version": "<=1.4.3 >=1.4.2" - } - ], - "publicationTime": "2016-03-28T22:00:02Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/broofa/node-uuid/issues/108" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/broofa/node-uuid/issues/122" - } - ], - "semver": { - "vulnerable": [ - "<1.4.4" - ] - }, - "severity": "medium", - "title": "Insecure Randomness" - } - ], - "nunjucks": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-NUNJUCKS-10135" - ], - "creationTime": "2016-09-06T22:59:30Z", - "credit": [ - "Matt Austin" - ], - "cvssScore": 7.1, - "disclosureTime": "2016-09-06T22:59:30Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.4.3" - ], - "functions": [], - "functions_new": [], - "id": "npm:nunjucks:20160906", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-NUNJUCKS-10135" - ], - "CVE": [ - "CVE-2016-10547" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 147 - ] - }, - "language": "js", - "modificationTime": "2019-05-30T14:13:17.963761Z", - "moduleName": "nunjucks", - "packageManager": "npm", - "packageName": "nunjucks", - "patches": [], - "publicationTime": "2016-09-09T22:59:30Z", - "references": [ - { - "title": "GITHUB.COM", - "url": "https://github.com/matt-/nunjucks_test" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/mozilla/nunjucks/issues/835" - }, - { - "title": "GitHub PR", - "url": "https://github.com/mozilla/nunjucks/pull/836" - } - ], - "semver": { - "vulnerable": [ - "<2.4.3" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - } - ], - "nwmatcher": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-NWMATCHER-11022" - ], - "creationTime": "2018-03-05T16:44:48.604000Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 3.7, - "disclosureTime": "2018-03-05T16:44:48Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "1.4.4" - ], - "functions": [], - "functions_new": [], - "id": "npm:nwmatcher:20180305", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-NWMATCHER-11022" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ], - "GHSA": [ - "GHSA-6394-6h9h-cfjg" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:46.791268Z", - "moduleName": "nwmatcher", - "packageManager": "npm", - "packageName": "nwmatcher", - "patches": [], - "publicationTime": "2018-03-05T17:32:59Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/dperini/nwmatcher/commit/9dcc2b039beeabd18327a5ebaa537625872e16f0" - } - ], - "semver": { - "vulnerable": [ - "<1.4.4" - ] - }, - "severity": "low", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "openwhisk": [ - { - "CVSSv3": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-OPENWHISK-10694" - ], - "creationTime": "2017-07-18T13:01:47.033000Z", - "credit": [ - "ChALkeR" - ], - "cvssScore": 5.1, - "disclosureTime": "2017-07-18T13:01:47Z", - "exploit": "Functional", - "fixedIn": [ - "3.3.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:openwhisk:20170302", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-OPENWHISK-10694" - ], - "CVE": [], - "CWE": [ - "CWE-201" - ], - "GHSA": [ - "GHSA-53mj-mc38-q894" - ], - "NSP": [ - 600 - ] - }, - "language": "js", - "modificationTime": "2019-05-30T14:51:17.051982Z", - "moduleName": "openwhisk", - "packageManager": "npm", - "packageName": "openwhisk", - "patches": [], - "publicationTime": "2017-07-18T13:01:47Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/apache/incubator-openwhisk-client-js/commit/0e40671e75d2ec7e88fa39ef787526d4304f2aaa" - }, - { - "title": "GitHub PR", - "url": "https://github.com/openwhisk/openwhisk-client-js/pull/34" - } - ], - "semver": { - "vulnerable": [ - "<3.3.1" - ] - }, - "severity": "medium", - "title": "Uninitialized Memory Exposure" - } - ], - "parsejson": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [ - "SNYK-JS-PARSEJSON-10780" - ], - "creationTime": "2017-09-21T08:04:21.338000Z", - "credit": [ - "Cristian-Alexandru Staicu" - ], - "cvssScore": 7.5, - "disclosureTime": "2017-09-07T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:parsejson:20170908", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-PARSEJSON-10780" - ], - "CVE": [ - "CVE-2017-16113" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 528 - ] - }, - "language": "js", - "modificationTime": "2019-06-05T11:04:05.758397Z", - "moduleName": "parsejson", - "packageManager": "npm", - "packageName": "parsejson", - "patches": [], - "publicationTime": "2017-09-21T08:04:21Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/get/parsejson/issues/4" - } - ], - "semver": { - "vulnerable": [ - "<=0.0.3" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "pivottable": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-PIVOTTABLE-10132" - ], - "creationTime": "2016-08-17T15:13:32.564000Z", - "credit": [ - "Todd Wolfson" - ], - "cvssScore": 7.2, - "disclosureTime": "2016-08-17T15:13:32Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.0.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:pivottable:20160817", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-PIVOTTABLE-10132" - ], - "CVE": [ - "CVE-2016-1000241" - ], - "CWE": [ - "CWE-80" - ], - "GHSA": [ - "GHSA-cjj8-wfrx-jqcf" - ], - "NSP": [ - 139 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:45.274396Z", - "moduleName": "pivottable", - "packageManager": "npm", - "packageName": "pivottable", - "patches": [], - "publicationTime": "2016-08-17T15:13:32Z", - "references": [ - { - "title": "GitHub PR", - "url": "https://github.com/nicolaskruchten/pivottable/pull/401" - } - ], - "semver": { - "vulnerable": [ - ">=1.4.0 <2.0.0" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - } - ], - "plist": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-PLIST-11087" - ], - "creationTime": "2018-04-15T15:16:33.857000Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 7.1, - "disclosureTime": "2018-04-15T15:16:33.857000Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "3.0.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:plist:20180219", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-PLIST-11087" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.227236Z", - "moduleName": "plist", - "packageManager": "npm", - "packageName": "plist", - "patches": [], - "publicationTime": "2018-04-15T15:16:33.857000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/TooTallNate/plist.js/commit/a85b9d3559859d58e44d099a6a40bf8c13ab7e66" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/TooTallNate/plist.js/issues/89" - } - ], - "semver": { - "vulnerable": [ - ">=1.2.0 <3.0.1" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "plotly.js": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "alternativeIds": [], - "creationTime": "2019-07-28T14:15:54.687684Z", - "credit": [ - "Dennis Deterin", - "Jared Folkins" - ], - "cvssScore": 6.1, - "disclosureTime": "2017-07-17T13:18:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.10.4", - "1.16.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-PLOTLYJS-455599", - "identifiers": { - "CVE": [ - "CVE-2017-1000006" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-07-28T14:23:53.674669Z", - "moduleName": "plotly.js", - "packageManager": "npm", - "packageName": "plotly.js", - "patches": [], - "publicationTime": "2019-07-28T14:23:02Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/plotly/plotly.js/commit/0a1526de6ee872993cabac966ed6fdc67cd052f0" - }, - { - "title": "Ploty Security Advisory", - "url": "http://help.plot.ly/security-advisories/2016-08-08-plotlyjs-xss-advisory/" - } - ], - "semver": { - "vulnerable": [ - "<1.10.4", - ">=1.11.0 <1.16.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-PLOTLYJS-10406" - ], - "creationTime": "2017-02-13T17:05:37.536000Z", - "credit": [ - "Étienne Tétreault-Pinard" - ], - "cvssScore": 5.4, - "disclosureTime": "2015-12-09T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.2.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:plotly.js:20151210", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-PLOTLYJS-10406" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:52.349547Z", - "moduleName": "plotly.js", - "packageManager": "npm", - "packageName": "plotly.js", - "patches": [], - "publicationTime": "2017-02-28T08:40:31.760000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/plotly/plotly.js/commit/d5885957f72e21a25782dc28e2028ffe8debf5ef" - }, - { - "title": "GitHub PR", - "url": "https://github.com/plotly/plotly.js/pull/100" - } - ], - "semver": { - "vulnerable": [ - ">=1.0.0 <1.2.1" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:H", - "alternativeIds": [ - "SNYK-JS-PLOTLYJS-10155" - ], - "creationTime": "2016-09-14T00:00:00Z", - "credit": [ - "Jared Folkins" - ], - "cvssScore": 3.1, - "disclosureTime": "2016-08-09T00:00:00Z", - "exploit": "High", - "fixedIn": [ - "1.16.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:plotly.js:20160808-1", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-PLOTLYJS-10155" - ], - "CVE": [], - "CWE": [ - "CWE-74" - ] - }, - "language": "js", - "modificationTime": "2019-07-28T14:17:48.250427Z", - "moduleName": "plotly.js", - "packageManager": "npm", - "packageName": "plotly.js", - "patches": [], - "publicationTime": "2016-10-17T00:00:00Z", - "references": [ - { - "title": "ACLOUDTREE.COM", - "url": "https://acloudtree.com/2016-08-09-how-i-hacked-plotly-by-exploiting-a-svg-vulnerability-in-plotlyjs/" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/plotly/plotly.js/commit/d5885957f72e21a25782dc28e2028ffe8debf5ef" - }, - { - "title": "GitHub PR", - "url": "https://github.com/plotly/plotly.js/pull/736" - }, - { - "title": "HELP.PLOT.LY", - "url": "http://help.plot.ly/security-advisories/2016-08-08-plotlyjs-xss-advisory/" - }, - { - "title": "SNYK.IO", - "url": "https://snyk.io/vuln/npm:plotly.js:20160808" - } - ], - "semver": { - "vulnerable": [ - "<1.16.0" - ] - }, - "severity": "low", - "title": "CSS Injection" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:H", - "alternativeIds": [ - "SNYK-JS-PLOTLYJS-10154" - ], - "creationTime": "2016-09-14T00:00:00Z", - "credit": [ - "Jared Folkins" - ], - "cvssScore": 6.5, - "disclosureTime": "2016-08-09T00:00:00Z", - "exploit": "High", - "fixedIn": [ - "1.16.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:plotly.js:20160808", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-PLOTLYJS-10154" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 145 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:01.202363Z", - "moduleName": "plotly.js", - "packageManager": "npm", - "packageName": "plotly.js", - "patches": [], - "publicationTime": "2016-10-17T00:00:00Z", - "references": [ - { - "title": "ACLOUDTREE.COM", - "url": "https://acloudtree.com/2016-08-09-how-i-hacked-plotly-by-exploiting-a-svg-vulnerability-in-plotlyjs/" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/plotly/plotly.js/commit/d5885957f72e21a25782dc28e2028ffe8debf5ef" - }, - { - "title": "GitHub PR", - "url": "https://github.com/plotly/plotly.js/pull/736" - }, - { - "title": "HELP.PLOT.LY", - "url": "http://help.plot.ly/security-advisories/2016-08-08-plotlyjs-xss-advisory/" - } - ], - "semver": { - "vulnerable": [ - ">=1.10.4 <1.16.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "preact-render-to-string": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-PREACTRENDERTOSTRING-11128" - ], - "creationTime": "2018-08-02T20:00:00Z", - "credit": [ - "Dan Abramov" - ], - "cvssScore": 6.5, - "disclosureTime": "2018-08-01T11:44:35Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "3.7.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:preact-render-to-string:20180802", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-PREACTRENDERTOSTRING-11128" - ], - "CVE": [ - "CVE-2018-6341" - ], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-cg48-9hh2-x6mx" - ], - "NSP": [ - 1421 - ] - }, - "language": "js", - "modificationTime": "2019-06-02T07:10:38.763957Z", - "moduleName": "preact-render-to-string", - "packageManager": "npm", - "packageName": "preact-render-to-string", - "patches": [], - "publicationTime": "2020-04-06T11:39:36Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/facebook/react/pull/13302/commits/cac762a32b322f5d99a5a8c807cf70f16a948fd8" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/vuejs/vue/commit/c28f79290d57240c607d8cec3b3413b49702e1fb" - }, - { - "title": "GitHub PR", - "url": "https://github.com/facebook/react/pull/13302" - }, - { - "title": "GitHub PR", - "url": "https://github.com/sveltejs/svelte/pull/1623" - }, - { - "title": "GitHub Release", - "url": "https://github.com/developit/preact-render-to-string/releases/tag/3.7.2" - }, - { - "title": "GitHub Release", - "url": "https://github.com/vuejs/vue/releases/tag/v2.5.17" - }, - { - "title": "@reactjs tweet", - "url": "https://twitter.com/reactjs/status/1024745321987887104" - }, - { - "title": "React Security Blog", - "url": "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html" - }, - { - "title": "@vuejs tweet", - "url": "https://twitter.com/vuejs/status/1024754536877973504" - } - ], - "semver": { - "vulnerable": [ - "<3.7.2" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "protobufjs": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:F/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-PROTOBUFJS-11024" - ], - "creationTime": "2018-03-05T16:44:47.246000Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 7.1, - "disclosureTime": "2018-03-05T16:44:47Z", - "exploit": "Functional", - "fixedIn": [ - "5.0.3", - "6.8.6" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "src/parse.js", - "functionName": "parse.parseExtension" - }, - "version": [ - "<5.0.3", - ">=6.0.0 <6.8.6" - ] - }, - { - "functionId": { - "className": null, - "filePath": "src/parse.js", - "functionName": "parse.parseExtension.parseExtension_block" - }, - "version": [ - "<5.0.3", - ">=6.0.0 <6.8.6" - ] - }, - { - "functionId": { - "className": null, - "filePath": "src/parse.js", - "functionName": "parse.parseField" - }, - "version": [ - "<5.0.3", - ">=6.0.0 <6.8.6" - ] - }, - { - "functionId": { - "className": null, - "filePath": "src/parse.js", - "functionName": "parse.parseMapField" - }, - "version": [ - "<5.0.3", - ">=6.0.0 <6.8.6" - ] - }, - { - "functionId": { - "className": null, - "filePath": "src/parse.js", - "functionName": "parse.parseMethod" - }, - "version": [ - "<5.0.3", - ">=6.0.0 <6.8.6" - ] - }, - { - "functionId": { - "className": null, - "filePath": "src/parse.js", - "functionName": "parse.parseOption" - }, - "version": [ - "<5.0.3", - ">=6.0.0 <6.8.6" - ] - }, - { - "functionId": { - "className": null, - "filePath": "src/parse.js", - "functionName": "parse.parsePackage" - }, - "version": [ - "<5.0.3", - ">=6.0.0 <6.8.6" - ] - }, - { - "functionId": { - "className": null, - "filePath": "src/parse.js", - "functionName": "parse.parseType.parseType_block" - }, - "version": [ - "<5.0.3", - ">=6.0.0 <6.8.6" - ] - }, - { - "functionId": { - "className": null, - "filePath": "src/parse.js", - "functionName": "parse.readValue" - }, - "version": [ - "<5.0.3", - ">=6.0.0 <6.8.6" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "src/parse.js", - "functionName": "parse.parseExtension" - }, - "version": [ - "<5.0.3", - ">=6.0.0 <6.8.6" - ] - }, - { - "functionId": { - "filePath": "src/parse.js", - "functionName": "parse.parseExtension.parseExtension_block" - }, - "version": [ - "<5.0.3", - ">=6.0.0 <6.8.6" - ] - }, - { - "functionId": { - "filePath": "src/parse.js", - "functionName": "parse.parseField" - }, - "version": [ - "<5.0.3", - ">=6.0.0 <6.8.6" - ] - }, - { - "functionId": { - "filePath": "src/parse.js", - "functionName": "parse.parseMapField" - }, - "version": [ - "<5.0.3", - ">=6.0.0 <6.8.6" - ] - }, - { - "functionId": { - "filePath": "src/parse.js", - "functionName": "parse.parseMethod" - }, - "version": [ - "<5.0.3", - ">=6.0.0 <6.8.6" - ] - }, - { - "functionId": { - "filePath": "src/parse.js", - "functionName": "parse.parseOption" - }, - "version": [ - "<5.0.3", - ">=6.0.0 <6.8.6" - ] - }, - { - "functionId": { - "filePath": "src/parse.js", - "functionName": "parse.parsePackage" - }, - "version": [ - "<5.0.3", - ">=6.0.0 <6.8.6" - ] - }, - { - "functionId": { - "filePath": "src/parse.js", - "functionName": "parse.parseType.parseType_block" - }, - "version": [ - "<5.0.3", - ">=6.0.0 <6.8.6" - ] - }, - { - "functionId": { - "filePath": "src/parse.js", - "functionName": "parse.readValue" - }, - "version": [ - "<5.0.3", - ">=6.0.0 <6.8.6" - ] - } - ], - "id": "npm:protobufjs:20180305", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-PROTOBUFJS-11024" - ], - "CVE": [ - "CVE-2018-3738" - ], - "CWE": [ - "CWE-185", - "CWE-400" - ], - "GHSA": [ - "GHSA-4gpv-cvmq-6526" - ], - "NSP": [ - 605 - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.779327Z", - "moduleName": "protobufjs", - "packageManager": "npm", - "packageName": "protobufjs", - "patches": [], - "publicationTime": "2018-03-05T17:02:59Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/dcodeIO/protobuf.js/commit/2ee1028d631a328e152d7e09f2a0e0c5c83dc2aa" - }, - { - "title": "GitHub Release", - "url": "https://github.com/dcodeIO/protobuf.js/releases/tag/6.8.6" - }, - { - "title": "Hackerone Report", - "url": "https://hackerone.com/reports/319576" - } - ], - "semver": { - "vulnerable": [ - "<5.0.3", - ">=6.0.0 <6.8.6" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "pym.js": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-PYMJS-10907" - ], - "creationTime": "2018-02-20T14:24:29.945000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 8.2, - "disclosureTime": "2018-02-14T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.3.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:pym.js:20180215", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-PYMJS-10907" - ], - "CVE": [ - "CVE-2018-1000086" - ], - "CWE": [ - "CWE-352" - ] - }, - "language": "js", - "modificationTime": "2019-06-02T07:10:08.823772Z", - "moduleName": "pym.js", - "packageManager": "npm", - "packageName": "pym.js", - "patches": [], - "publicationTime": "2018-02-21T16:09:56.560000Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/nprapps/pym.js/issues/170" - }, - { - "title": "NVD", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000086" - }, - { - "title": "Pym Security Blog", - "url": "http://blog.apps.npr.org/2018/02/15/pym-security-vulnerability.html" - } - ], - "semver": { - "vulnerable": [ - "<1.3.2" - ] - }, - "severity": "high", - "title": "Cross-site Request Forgery (CSRF)" - } - ], - "qs": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [ - "SNYK-JS-QS-10407" - ], - "creationTime": "2017-02-14T11:44:54.163000Z", - "credit": [ - "Snyk Security Research Team" - ], - "cvssScore": 7.5, - "disclosureTime": "2017-02-13T00:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "6.0.4", - "6.1.2", - "6.2.3", - "6.3.2" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "lib/parse.js", - "functionName": "internals.parseObject" - }, - "version": [ - "<6.0.4" - ] - }, - { - "functionId": { - "className": null, - "filePath": "lib/parse.js", - "functionName": "parseObject" - }, - "version": [ - ">=6.2.0 <6.2.3", - "6.3.0" - ] - }, - { - "functionId": { - "className": null, - "filePath": "lib/parse.js", - "functionName": "parseObjectRecursive" - }, - "version": [ - ">=6.3.1 <6.3.2" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "lib/parse.js", - "functionName": "internals.parseObject" - }, - "version": [ - "<6.0.4" - ] - }, - { - "functionId": { - "filePath": "lib/parse.js", - "functionName": "parseObject" - }, - "version": [ - ">=6.2.0 <6.2.3", - "6.3.0" - ] - }, - { - "functionId": { - "filePath": "lib/parse.js", - "functionName": "parseObjectRecursive" - }, - "version": [ - ">=6.3.1 <6.3.2" - ] - } - ], - "id": "npm:qs:20170213", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-QS-10407" - ], - "CVE": [ - "CVE-2017-1000048" - ], - "CWE": [ - "CWE-20" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:53.880024Z", - "moduleName": "qs", - "packageManager": "npm", - "packageName": "qs", - "patches": [ - { - "comments": [], - "id": "patch:npm:qs:20170213:0", - "modificationTime": "2019-12-03T11:40:45.855245Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/630_632.patch" - ], - "version": "=6.3.0" - }, - { - "comments": [], - "id": "patch:npm:qs:20170213:1", - "modificationTime": "2019-12-03T11:40:45.856271Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/631_632.patch" - ], - "version": "=6.3.1" - }, - { - "comments": [], - "id": "patch:npm:qs:20170213:2", - "modificationTime": "2019-12-03T11:40:45.857318Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/621_623.patch" - ], - "version": "=6.2.1" - }, - { - "comments": [], - "id": "patch:npm:qs:20170213:3", - "modificationTime": "2019-12-03T11:40:45.858334Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/622_623.patch" - ], - "version": "=6.2.2" - }, - { - "comments": [], - "id": "patch:npm:qs:20170213:4", - "modificationTime": "2019-12-03T11:40:45.859411Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/610_612.patch" - ], - "version": "=6.1.0" - }, - { - "comments": [], - "id": "patch:npm:qs:20170213:5", - "modificationTime": "2019-12-03T11:40:45.860523Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/611_612.patch" - ], - "version": "=6.1.1" - }, - { - "comments": [], - "id": "patch:npm:qs:20170213:6", - "modificationTime": "2019-12-03T11:40:45.861504Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/602_604.patch" - ], - "version": "=6.0.2" - }, - { - "comments": [], - "id": "patch:npm:qs:20170213:7", - "modificationTime": "2019-12-03T11:40:45.862615Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/603_604.patch" - ], - "version": "=6.0.3" - } - ], - "publicationTime": "2017-03-01T10:00:54Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/ljharb/qs/commit/beade029171b8cef9cee0d03ebe577e2dd84976d" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/ljharb/qs/issues/200" - } - ], - "semver": { - "vulnerable": [ - "<6.0.4", - ">=6.1.0 <6.1.2", - ">=6.2.0 <6.2.3", - ">=6.3.0 <6.3.2" - ] - }, - "severity": "high", - "title": "Prototype Override Protection Bypass" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "alternativeIds": [ - "SNYK-JS-QS-10020" - ], - "creationTime": "2014-08-06T06:10:23Z", - "credit": [ - "Tom Steele" - ], - "cvssScore": 6.5, - "disclosureTime": "2014-08-06T06:10:23Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.0.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:qs:20140806-1", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-QS-10020" - ], - "CVE": [ - "CVE-2014-10064" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 28 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:44.334026Z", - "moduleName": "qs", - "packageManager": "npm", - "packageName": "qs", - "patches": [ - { - "comments": [], - "id": "patch:npm:qs:20140806-1:0", - "modificationTime": "2019-12-03T11:40:45.742148Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/qs/20140806-1/qs_20140806-1_0_0_snyk.patch" - ], - "version": "<1.0.0 >=0.6.5" - }, - { - "comments": [], - "id": "patch:npm:qs:20140806-1:1", - "modificationTime": "2019-12-03T11:40:45.744535Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/qs/20140806-1/qs_20140806-1_0_1_snyk.patch" - ], - "version": "=0.5.6" - } - ], - "publicationTime": "2014-08-06T06:10:23Z", - "references": [ - { - "title": "Node Security Advisory", - "url": "https://nodesecurity.io/advisories/28" - } - ], - "semver": { - "vulnerable": [ - "<1.0.0" - ] - }, - "severity": "medium", - "title": "Denial of Service (DoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [ - "SNYK-JS-QS-10019" - ], - "creationTime": "2014-08-06T06:10:22Z", - "credit": [ - "Dustin Shiver" - ], - "cvssScore": 7.5, - "disclosureTime": "2014-08-06T06:10:22Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.0.0" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "index.js", - "functionName": "compact" - }, - "version": [ - "<1.0.0" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "index.js", - "functionName": "compact" - }, - "version": [ - "<1.0.0" - ] - } - ], - "id": "npm:qs:20140806", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-QS-10019" - ], - "CVE": [ - "CVE-2014-7191" - ], - "CWE": [ - "CWE-400" - ], - "GHSA": [ - "GHSA-gqgv-6jq5-jjj9" - ], - "NSP": [ - 29 - ] - }, - "language": "js", - "modificationTime": "2019-02-18T08:28:59.375824Z", - "moduleName": "qs", - "packageManager": "npm", - "packageName": "qs", - "patches": [ - { - "comments": [], - "id": "patch:npm:qs:20140806:1", - "modificationTime": "2019-12-03T11:40:45.728930Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/qs/20140806/qs_20140806_0_1_snyk_npm.patch" - ], - "version": "=0.5.6" - }, - { - "comments": [], - "id": "patch:npm:qs:20140806:0", - "modificationTime": "2019-12-03T11:40:45.741062Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/qs/20140806/qs_20140806_0_0_43a604b7847e56bba49d0ce3e222fe89569354d8_snyk.patch" - ], - "version": "<1.0.0 >=0.6.5" - } - ], - "publicationTime": "2014-08-06T06:10:22Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/tj/node-querystring/pull/114/commits/43a604b7847e56bba49d0ce3e222fe89569354d8" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/visionmedia/node-querystring/issues/104" - }, - { - "title": "NVD", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7191" - } - ], - "semver": { - "vulnerable": [ - "<1.0.0" - ] - }, - "severity": "high", - "title": "Denial of Service (DoS)" - } - ], - "querystringify": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-QUERYSTRINGIFY-11091" - ], - "creationTime": "2018-04-25T12:36:24.040000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 7.4, - "disclosureTime": "2018-04-18T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.0.0" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "index.js", - "functionName": "querystring" - }, - "version": [ - "<2.0.0" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "index.js", - "functionName": "querystring" - }, - "version": [ - "<2.0.0" - ] - } - ], - "id": "npm:querystringify:20180419", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-QUERYSTRINGIFY-11091" - ], - "CVE": [], - "CWE": [ - "CWE-20" - ], - "GHSA": [ - "GHSA-hxcm-v35h-mg2x" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:45.507446Z", - "moduleName": "querystringify", - "packageManager": "npm", - "packageName": "querystringify", - "patches": [], - "publicationTime": "2018-04-26T13:17:39Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/unshiftio/querystringify/commit/422eb4f6c7c28ee5f100dcc64177d3b68bb2b080" - }, - { - "title": "GitHub PR", - "url": "https://github.com/unshiftio/querystringify/pull/19" - } - ], - "semver": { - "vulnerable": [ - "<2.0.0" - ] - }, - "severity": "high", - "title": "Prototype Override" - } - ], - "quill": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [], - "creationTime": "2019-08-27T07:43:44.195017Z", - "credit": [ - "Jonathan Lloyd" - ], - "cvssScore": 6.5, - "disclosureTime": "2019-07-05T19:03:27Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.3.7" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-QUILL-460312", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-1022" - ], - "NSP": [ - 1039 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:59.852156Z", - "moduleName": "quill", - "packageManager": "npm", - "packageName": "quill", - "patches": [], - "publicationTime": "2019-08-27T07:44:19Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/quilljs/quill/issues/2438" - }, - { - "title": "GitHub PR", - "url": "https://github.com/quilljs/quill/pull/2439" - }, - { - "title": "Node Security Advisory", - "url": "https://www.npmjs.com/advisories/1039" - } - ], - "semver": { - "vulnerable": [ - "<1.3.7" - ] - }, - "severity": "medium", - "title": "Reverse Tabnabbing" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "alternativeIds": [], - "creationTime": "2019-07-08T13:18:42.280904Z", - "credit": [ - "danielw93" - ], - "cvssScore": 4.3, - "disclosureTime": "2019-07-06T19:26:01Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.3.7" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-QUILL-451551", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-1022" - ] - }, - "language": "js", - "modificationTime": "2019-09-10T09:24:31.585981Z", - "moduleName": "quill", - "packageManager": "npm", - "packageName": "quill", - "patches": [], - "publicationTime": "2019-07-08T13:22:06Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/quilljs/quill/issues/2438" - }, - { - "title": "GitHub PR", - "url": "https://github.com/quilljs/quill/pull/2674" - }, - { - "title": "GitHub PR", - "url": "https://github.com/quilljs/quill/pull/2674/files/b2f7b586e1564e43062483eff9fa8111bbc80e32" - } - ], - "semver": { - "vulnerable": [ - "<1.3.7" - ] - }, - "severity": "medium", - "title": "Reverse Tabnabbing" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-QUILL-10405" - ], - "creationTime": "2017-02-13T14:09:12.524000Z", - "credit": [ - "Sajjad Hashemian" - ], - "cvssScore": 5.4, - "disclosureTime": "2016-09-15T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.0.4" - ], - "functions": [], - "functions_new": [], - "id": "npm:quill:20160916", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-QUILL-10405" - ], - "CVE": [], - "CWE": [ - "CWE-94" - ] - }, - "language": "js", - "modificationTime": "2019-07-08T13:21:10.205308Z", - "moduleName": "quill", - "packageManager": "npm", - "packageName": "quill", - "patches": [], - "publicationTime": "2017-02-28T08:40:31.832000Z", - "references": [ - { - "title": "Codepen", - "url": "http://codepen.io/sijad/pen/NRAAdj" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/quilljs/quill/commit/d1149adff6b562fcfc62b25d2bfacd30a331fcff" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/quilljs/quill/issues/981" - }, - { - "title": "GitHub PR", - "url": "https://github.com/quilljs/quill/pull/990" - } - ], - "semver": { - "vulnerable": [ - ">=1.0.0-beta.0 <1.0.4" - ] - }, - "severity": "medium", - "title": "Arbitrary Code Execution" - } - ], - "ractive": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-RACTIVE-12033" - ], - "creationTime": "2017-12-19T09:49:36.866000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 5.3, - "disclosureTime": "2016-03-17T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.8.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:ractive:20160318", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-RACTIVE-12033" - ], - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:24.296649Z", - "moduleName": "ractive", - "packageManager": "npm", - "packageName": "ractive", - "patches": [], - "publicationTime": "2017-12-25T14:45:02.249000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/ractivejs/ractive/commit/6ba53548d8014f0c52b9bc1bc7a1aed76b7b4a52" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/ractivejs/ractive/issues/2452" - } - ], - "semver": { - "vulnerable": [ - "<0.8.0" - ] - }, - "severity": "medium", - "title": "Denial of Service (DoS)" - } - ], - "react": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-REACT-10193" - ], - "creationTime": "2016-11-08T09:59:38.403000Z", - "credit": [ - "Daniel LeCheminant" - ], - "cvssScore": 7.1, - "disclosureTime": "2015-03-17T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.14.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:react:20150318", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-REACT-10193" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 1347 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:14.012669Z", - "moduleName": "react", - "packageManager": "npm", - "packageName": "react", - "patches": [], - "publicationTime": "2017-01-18T14:00:38Z", - "references": [ - { - "title": "GitHub ChangeLog", - "url": "https://github.com/facebook/react/blob/master/CHANGELOG.md%23notable-enhancements" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/facebook/react/issues/3473" - }, - { - "title": "More information a blog post by Daniel LeCheminant", - "url": "http://danlec.com/blog/xss-via-a-spoofed-react-element" - } - ], - "semver": { - "vulnerable": [ - ">=0.0.1 <0.14.0" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-REACT-10192" - ], - "creationTime": "2016-11-08T08:23:21.094000Z", - "credit": [ - "Paul O’Shannessy", - "Thomas Aylott" - ], - "cvssScore": 6.5, - "disclosureTime": "2013-12-16T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.5.2", - "0.4.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:react:20131217", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-REACT-10192" - ], - "CVE": [ - "CVE-2013-7035" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 1420 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:13.270652Z", - "moduleName": "react", - "packageManager": "npm", - "packageName": "react", - "patches": [], - "publicationTime": "2017-01-18T14:00:21Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/facebook/react/commit/393a889aaceb761f058b09a701f889fa8f8b4e64" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/facebook/react/commit/94a9a3e752fe089ab23f3a90c26d20d46d62ab10" - }, - { - "title": "React Blog", - "url": "https://facebook.github.io/react/blog/2013/12/18/react-v0.5.2-v0.4.2.html" - }, - { - "title": "React Forum", - "url": "https://groups.google.com/forum/%23%21topic/reactjs/OIqxlB2aGfU" - } - ], - "semver": { - "vulnerable": [ - ">=0.5.0 <0.5.2", - ">=0.4.0 <0.4.2" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "react-dom": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-REACTDOM-11124" - ], - "creationTime": "2018-08-02T20:00:00Z", - "credit": [ - "Dan Abramov" - ], - "cvssScore": 6.5, - "disclosureTime": "2018-08-01T11:44:35Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "16.0.1", - "16.1.2", - "16.2.1", - "16.3.3", - "16.4.2" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "cjs/react-dom-server.browser.development.js", - "functionName": "DOMMarkupOperations.createMarkupForProperty" - }, - "version": [ - "16.0.0" - ] - }, - { - "functionId": { - "className": null, - "filePath": "cjs/react-dom-server.node.development.js", - "functionName": "DOMMarkupOperations.createMarkupForProperty" - }, - "version": [ - "16.0.0" - ] - }, - { - "functionId": { - "className": null, - "filePath": "cjs/react-dom-server.browser.development.js", - "functionName": "createMarkupForProperty" - }, - "version": [ - ">=16.0.0 <16.0.1", - ">=16.1.0 <16.1.2", - ">=16.2.0 <16.2.1", - ">=16.3.0 <16.3.3", - ">=16.4.0 <16.4.2" - ] - }, - { - "functionId": { - "className": null, - "filePath": "cjs/react-dom-server.node.development.js", - "functionName": "createMarkupForProperty" - }, - "version": [ - ">=16.0.0 <16.0.1", - ">=16.1.0 <16.1.2", - ">=16.2.0 <16.2.1", - ">=16.3.0 <16.3.3", - ">=16.4.0 <16.4.2" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "cjs/react-dom-server.browser.development.js", - "functionName": "DOMMarkupOperations.createMarkupForProperty" - }, - "version": [ - "16.0.0" - ] - }, - { - "functionId": { - "filePath": "cjs/react-dom-server.node.development.js", - "functionName": "DOMMarkupOperations.createMarkupForProperty" - }, - "version": [ - "16.0.0" - ] - }, - { - "functionId": { - "filePath": "cjs/react-dom-server.browser.development.js", - "functionName": "createMarkupForProperty" - }, - "version": [ - ">=16.0.0 <16.0.1", - ">=16.1.0 <16.1.2", - ">=16.2.0 <16.2.1", - ">=16.3.0 <16.3.3", - ">=16.4.0 <16.4.2" - ] - }, - { - "functionId": { - "filePath": "cjs/react-dom-server.node.development.js", - "functionName": "createMarkupForProperty" - }, - "version": [ - ">=16.0.0 <16.0.1", - ">=16.1.0 <16.1.2", - ">=16.2.0 <16.2.1", - ">=16.3.0 <16.3.3", - ">=16.4.0 <16.4.2" - ] - } - ], - "id": "npm:react-dom:20180802", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-REACTDOM-11124" - ], - "CVE": [ - "CVE-2018-6341" - ], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-cg48-9hh2-x6mx" - ], - "NSP": [ - 1421 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:04.266322Z", - "moduleName": "react-dom", - "packageManager": "npm", - "packageName": "react-dom", - "patches": [], - "publicationTime": "2020-04-06T11:39:36Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/facebook/react/pull/13302/commits/cac762a32b322f5d99a5a8c807cf70f16a948fd8" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/vuejs/vue/commit/c28f79290d57240c607d8cec3b3413b49702e1fb" - }, - { - "title": "GitHub PR", - "url": "https://github.com/facebook/react/pull/13302" - }, - { - "title": "GitHub PR", - "url": "https://github.com/sveltejs/svelte/pull/1623" - }, - { - "title": "GitHub Release", - "url": "https://github.com/developit/preact-render-to-string/releases/tag/3.7.2" - }, - { - "title": "GitHub Release", - "url": "https://github.com/vuejs/vue/releases/tag/v2.5.17" - }, - { - "title": "@reactjs tweet", - "url": "https://twitter.com/reactjs/status/1024745321987887104" - }, - { - "title": "React Security Blog", - "url": "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html" - }, - { - "title": "@vuejs tweet", - "url": "https://twitter.com/vuejs/status/1024754536877973504" - } - ], - "semver": { - "vulnerable": [ - ">=16.0.0 <16.0.1", - ">=16.1.0 <16.1.2", - ">=16.2.0 <16.2.1", - ">=16.3.0 <16.3.3", - ">=16.4.0 <16.4.2" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "react-marked-markdown": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-REACTMARKEDMARKDOWN-12155" - ], - "creationTime": "2018-05-17T20:45:00.778000Z", - "credit": [ - "Ron Perris" - ], - "cvssScore": 9.3, - "disclosureTime": "2018-05-17T20:45:00Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:react-marked-markdown:20180517", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-REACTMARKEDMARKDOWN-12155" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-m7qm-r2r5-f77q" - ], - "NSP": [ - 668 - ] - }, - "language": "js", - "modificationTime": "2018-11-18T11:50:42.257553Z", - "moduleName": "react-marked-markdown", - "packageManager": "npm", - "packageName": "react-marked-markdown", - "patches": [], - "publicationTime": "2018-05-22T13:32:25Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/Vincent-P/react-marked-markdown/issues/61" - }, - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/344069" - } - ], - "semver": { - "vulnerable": [ - "<=1.4.6" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - } - ], - "react-svg": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-REACTSVG-12133" - ], - "creationTime": "2018-04-27T19:17:58.006000Z", - "credit": [ - "Ron Perris" - ], - "cvssScore": 9.1, - "disclosureTime": "2018-04-27T19:17:58Z", - "exploit": "Functional", - "fixedIn": [ - "2.2.18" - ], - "functions": [], - "functions_new": [], - "id": "npm:react-svg:20180427", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-REACTSVG-12133" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-8xqr-4cpm-wx7g" - ], - "NSP": [ - 648 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:53.955118Z", - "moduleName": "react-svg", - "packageManager": "npm", - "packageName": "react-svg", - "patches": [], - "publicationTime": "2018-05-02T13:38:04Z", - "references": [ - { - "title": "GitHub PR", - "url": "https://github.com/tanem/react-svg/pull/57" - } - ], - "semver": { - "vulnerable": [ - "<2.2.18" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - } - ], - "react-tooltip": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [], - "creationTime": "2018-09-13T11:54:12.544388Z", - "credit": [ - "wichniowski" - ], - "cvssScore": 6.5, - "disclosureTime": "2018-09-06T13:18:23Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.8.1" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-REACTTOOLTIP-72363", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-23T16:00:59.491541Z", - "moduleName": "react-tooltip", - "packageManager": "npm", - "packageName": "react-tooltip", - "patches": [], - "publicationTime": "2018-09-13T13:18:23Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/wwayne/react-tooltip/commit/cb16d97d107454a304f1bf09102907374a5baffb" - }, - { - "title": "GitHub PR", - "url": "https://github.com/wwayne/react-tooltip/pull/422" - } - ], - "semver": { - "vulnerable": [ - "<3.8.1" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "reduce-css-calc": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-REDUCECSSCALC-10152" - ], - "creationTime": "2016-09-13T00:00:00Z", - "credit": [ - "Сковорода Никита Андреевич (ChALkeR)" - ], - "cvssScore": 6.1, - "disclosureTime": "2016-08-20T00:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.2.5" - ], - "functions": [], - "functions_new": [], - "id": "npm:reduce-css-calc:20160913", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-REDUCECSSCALC-10152" - ], - "CVE": [ - "CVE-2016-10548" - ], - "CWE": [ - "CWE-94" - ], - "NSP": [ - 144 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:56.627767Z", - "moduleName": "reduce-css-calc", - "packageManager": "npm", - "packageName": "reduce-css-calc", - "patches": [], - "publicationTime": "2016-10-17T00:00:00Z", - "references": [ - { - "title": "GIST.GITHUB.COM", - "url": "https://gist.github.com/ChALkeR/415a41b561ebea9b341efbb40b802fc9" - }, - { - "title": "GitHub ChangeLog", - "url": "https://github.com/MoOx/reduce-css-calc/blob/master/CHANGELOG.md%23125---2016-08-22" - } - ], - "semver": { - "vulnerable": [ - "<1.2.5" - ] - }, - "severity": "medium", - "title": "Arbitrary Code Injection" - } - ], - "remarkable": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", - "alternativeIds": [], - "creationTime": "2019-05-13T16:17:14.151738Z", - "credit": [ - "trichimtrich" - ], - "cvssScore": 8.2, - "disclosureTime": "2019-05-13T14:27:35Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.7.2" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "lib/parser_inline.js", - "functionName": "validateLink" - }, - "version": [ - ">0.1.0" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "lib/parser_inline.js", - "functionName": "validateLink" - }, - "version": [ - ">0.1.0" - ] - } - ], - "id": "SNYK-JS-REMARKABLE-174641", - "identifiers": { - "CVE": [ - "CVE-2019-12043" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:02.689100Z", - "moduleName": "remarkable", - "packageManager": "npm", - "packageName": "remarkable", - "patches": [], - "publicationTime": "2019-05-13T14:27:35Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/jonschlinkert/remarkable/issues/332" - } - ], - "semver": { - "vulnerable": [ - ">=1.6.0 <1.7.2" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [], - "creationTime": "2019-05-13T16:05:19.451831Z", - "credit": [ - "trichimtrich" - ], - "cvssScore": 7.5, - "disclosureTime": "2019-05-13T14:27:35Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.7.3" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-REMARKABLE-174639", - "identifiers": { - "CVE": [ - "CVE-2019-12041" - ], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:55.864750Z", - "moduleName": "remarkable", - "packageManager": "npm", - "packageName": "remarkable", - "patches": [], - "publicationTime": "2019-05-13T14:27:35Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/jonschlinkert/remarkable/pull/335/commits/b8bb2c0987f06d2b34e882159249f1538c6dc380" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/jonschlinkert/remarkable/issues/331" - }, - { - "title": "GitHub PR", - "url": "https://github.com/jonschlinkert/remarkable/pull/335" - } - ], - "semver": { - "vulnerable": [ - ">=1.0.0 <1.7.3" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-REMARKABLE-10404" - ], - "creationTime": "2017-01-31T14:30:59.853000Z", - "credit": [ - "Ben Alpert" - ], - "cvssScore": 5.4, - "disclosureTime": "2016-08-19T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.7.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:remarkable:20160820", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-REMARKABLE-10404" - ], - "CVE": [ - "CVE-2017-16006" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 319 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:53.877354Z", - "moduleName": "remarkable", - "packageManager": "npm", - "packageName": "remarkable", - "patches": [], - "publicationTime": "2017-02-13T14:30:59Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/jonschlinkert/remarkable/commit/49e24e8f2a431c095ddbb74ecb67cf1cf8f88c47" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/jonschlinkert/remarkable/issues/227" - }, - { - "title": "GitHub PR", - "url": "https://github.com/jonschlinkert/remarkable/pull/228" - } - ], - "semver": { - "vulnerable": [ - "<1.7.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:H/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-REMARKABLE-10027" - ], - "creationTime": "2014-11-13T10:33:48Z", - "credit": [ - "Adam Baldwin" - ], - "cvssScore": 6.5, - "disclosureTime": "2014-11-13T10:33:48Z", - "exploit": "High", - "fixedIn": [ - "1.4.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:remarkable:20141113", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-REMARKABLE-10027" - ], - "CVE": [ - "CVE-2014-10065" - ], - "CWE": [ - "CWE-74" - ], - "NSP": [ - 30 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:53.874444Z", - "moduleName": "remarkable", - "packageManager": "npm", - "packageName": "remarkable", - "patches": [], - "publicationTime": "2014-11-13T10:33:48Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/jonschlinkert/remarkable/issues/97" - } - ], - "semver": { - "vulnerable": [ - "<1.4.1" - ] - }, - "severity": "medium", - "title": "Content Injection" - } - ], - "rendr": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-RENDR-10446" - ], - "creationTime": "2017-03-20T14:14:49.046000Z", - "credit": [ - "Jon Merrifield" - ], - "cvssScore": 6.5, - "disclosureTime": "2016-03-10T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.1.4" - ], - "functions": [], - "functions_new": [], - "id": "npm:rendr:20160311", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-RENDR-10446" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-05-30T14:50:30.867293Z", - "moduleName": "rendr", - "packageManager": "npm", - "packageName": "rendr", - "patches": [], - "publicationTime": "2017-05-08T12:34:46.314000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/rendrjs/rendr/commit/d712bd5c3a5a9f5150153dec8555b06ee30680f7" - }, - { - "title": "GitHub PR", - "url": "https://github.com/rendrjs/rendr/pull/513" - } - ], - "semver": { - "vulnerable": [ - "<1.1.4 >=0.4.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-RENDR-10430" - ], - "creationTime": "2017-03-20T14:20:45.979000Z", - "credit": [ - "Spike Brehm" - ], - "cvssScore": 6.5, - "disclosureTime": "2013-12-11T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.5.0-rc1" - ], - "functions": [], - "functions_new": [], - "id": "npm:rendr:20131212", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-RENDR-10430" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-05-30T14:48:25.180367Z", - "moduleName": "rendr", - "packageManager": "npm", - "packageName": "rendr", - "patches": [], - "publicationTime": "2017-05-08T12:34:46.245000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/rendrjs/rendr/commit/dc0a80f8c6cfed474964e097bc80b16958305bfc" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/chriso/validator.js/issues/181" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/chriso/validator.js/issues/223" - } - ], - "semver": { - "vulnerable": [ - "<0.5.0-rc1" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-RENDR-10205" - ], - "creationTime": "2016-10-05T15:21:57.930000Z", - "credit": [ - "Spike Brehm" - ], - "cvssScore": 7.3, - "disclosureTime": "2013-07-08T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.4.8-2" - ], - "functions": [], - "functions_new": [], - "id": "npm:rendr:20130709", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-RENDR-10205" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-05-30T14:18:59.688045Z", - "moduleName": "rendr", - "packageManager": "npm", - "packageName": "rendr", - "patches": [], - "publicationTime": "2016-11-22T15:21:57.930000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/rendrjs/rendr/commit/db392b94128ebf41d86d85b42d99ea053d83dbfd" - } - ], - "semver": { - "vulnerable": [ - "<0.4.8-2" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-RENDR-10120" - ], - "creationTime": "2016-07-25T22:53:17.243000Z", - "credit": [ - "Jon Merrifield" - ], - "cvssScore": 7.3, - "disclosureTime": "2016-07-25T16:24:38Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.1.4" - ], - "functions": [], - "functions_new": [], - "id": "npm:rendr:20160725", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-RENDR-10120" - ], - "CVE": [ - "CVE-2016-1000230" - ], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-v5hp-35hw-cw5x" - ], - "NSP": [ - 128 - ] - }, - "language": "js", - "modificationTime": "2020-09-02T16:13:45.188973Z", - "moduleName": "rendr", - "packageManager": "npm", - "packageName": "rendr", - "patches": [], - "publicationTime": "2016-07-25T16:24:38Z", - "references": [ - { - "title": "GitHub PR", - "url": "https://github.com/rendrjs/rendr-handlebars/pull/61" - }, - { - "title": "GitHub PR", - "url": "https://github.com/rendrjs/rendr/pull/513" - } - ], - "semver": { - "vulnerable": [ - "<1.1.4" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - } - ], - "rendr-handlebars": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-RENDRHANDLEBARS-10521" - ], - "creationTime": "2017-03-22T13:15:40.525000Z", - "credit": [ - "Kevin Ball" - ], - "cvssScore": 6.5, - "disclosureTime": "2014-07-21T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.0.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:rendr-handlebars:20140722", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-RENDRHANDLEBARS-10521" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-05-30T14:51:04.137850Z", - "moduleName": "rendr-handlebars", - "packageManager": "npm", - "packageName": "rendr-handlebars", - "patches": [], - "publicationTime": "2017-05-30T09:56:37.274000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/rendrjs/rendr-handlebars/commit/f1ee88e36318175b401b743ed00379e8bc63ea8c" - }, - { - "title": "GitHub PR", - "url": "https://github.com/rendrjs/rendr-handlebars/pull/48" - }, - { - "title": "GitHub PR", - "url": "https://github.com/rendrjs/rendr/pull/382" - } - ], - "semver": { - "vulnerable": [ - "<1.0.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "reveal.js": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2020-01-31T14:24:59.403460Z", - "credit": [ - "Unknown" - ], - "cvssScore": 9.8, - "disclosureTime": "2020-01-31T15:03:16Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "3.9.2" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-REVEALJS-543841", - "identifiers": { - "CVE": [ - "CVE-2020-8127" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:00.903599Z", - "moduleName": "reveal.js", - "packageManager": "npm", - "packageName": "reveal.js", - "patches": [], - "publicationTime": "2020-01-31T15:03:14Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/hakimel/reveal.js/commit/b6cc6b4916d594ac9f5aeed34d4c4c93dafc1a12" - }, - { - "title": "GitHub Release", - "url": "https://github.com/hakimel/reveal.js/releases/tag/3.9.2" - }, - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/691977" - } - ], - "semver": { - "vulnerable": [ - "<3.9.2" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "alternativeIds": [], - "creationTime": "2019-02-26T11:38:08.114132Z", - "credit": [ - "albert-ziegler" - ], - "cvssScore": 5.9, - "disclosureTime": "2019-01-30T16:42:12Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.0.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-REVEALJS-173730", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-331" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:05.266961Z", - "moduleName": "reveal.js", - "packageManager": "npm", - "packageName": "reveal.js", - "patches": [], - "publicationTime": "2019-02-26T16:42:12Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/hakimel/reveal.js/commit/27b70ed0bab93aa05dfb62717042ce22c9a027be" - }, - { - "title": "GitHub PR", - "url": "https://github.com/hakimel/reveal.js/pull/2312" - } - ], - "semver": { - "vulnerable": [ - "<4.0.0" - ] - }, - "severity": "medium", - "title": "Insecure Randomness" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-REVEALJS-10420" - ], - "creationTime": "2017-03-06T15:53:02.678000Z", - "credit": [ - "Hakim El Hattab" - ], - "cvssScore": 6.5, - "disclosureTime": "2013-10-23T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.6.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:reveal.js:20131024", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-REVEALJS-10420" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:58.137735Z", - "moduleName": "reveal.js", - "packageManager": "npm", - "packageName": "reveal.js", - "patches": [], - "publicationTime": "2017-03-13T08:00:22.654000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/hakimel/reveal.js/commit/f1f28f61e608b70f437860e82555e3e4a9abd4b9" - } - ], - "semver": { - "vulnerable": [ - "<2.6.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "rgb2hex": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-RGB2HEX-12130" - ], - "creationTime": "2018-02-25T16:43:31.853000Z", - "credit": [ - "ChALkeR" - ], - "cvssScore": 6.5, - "disclosureTime": "2018-04-29T16:43:31Z", - "exploit": "Functional", - "fixedIn": [ - "0.1.6" - ], - "functions": [], - "functions_new": [], - "id": "npm:rgb2hex:20180429", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-RGB2HEX-12130" - ], - "CVE": [], - "CWE": [ - "CWE-400" - ], - "GHSA": [ - "GHSA-65p8-3hm4-h9h8" - ], - "NSP": [ - 647 - ] - }, - "language": "js", - "modificationTime": "2019-06-02T07:13:59.904700Z", - "moduleName": "rgb2hex", - "packageManager": "npm", - "packageName": "rgb2hex", - "patches": [], - "publicationTime": "2018-04-30T13:07:31Z", - "references": [ - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/319629" - } - ], - "semver": { - "vulnerable": [ - "<0.1.6" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "riot": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-RIOT-10447" - ], - "creationTime": "2017-03-20T14:44:23.092000Z", - "credit": [ - "crazy2be" - ], - "cvssScore": 6.5, - "disclosureTime": "2013-11-13T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.9.6" - ], - "functions": [], - "functions_new": [], - "id": "npm:riot:20131114", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-RIOT-10447" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:05.080234Z", - "moduleName": "riot", - "packageManager": "npm", - "packageName": "riot", - "patches": [], - "publicationTime": "2017-05-08T12:34:46.386000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/riot/riot/commit/759fc7fac07cc700302ac47c2c9dd80daa55d567" - }, - { - "title": "GitHub PR", - "url": "https://github.com/riot/riot/pull/46" - } - ], - "semver": { - "vulnerable": [ - "<0.9.6" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "rrule": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [], - "creationTime": "2018-10-15T08:22:06.527081Z", - "credit": [ - "Fredrik-Oberg" - ], - "cvssScore": 7.5, - "disclosureTime": "2018-10-04T09:45:36Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.6.0" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "src/iter.ts", - "functionName": "iter" - }, - "version": [ - "<2.6.0" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "src/iter.ts", - "functionName": "iter" - }, - "version": [ - "<2.6.0" - ] - } - ], - "id": "SNYK-JS-RRULE-72455", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:55.223564Z", - "moduleName": "rrule", - "packageManager": "npm", - "packageName": "rrule", - "patches": [], - "publicationTime": "2018-10-15T09:45:36Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/jakubroztocil/rrule/commit/a906fdd973f09c078bae2da8b9b38d3de4230cca" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/jakubroztocil/rrule/issues/287" - }, - { - "title": "GitHub PR", - "url": "https://github.com/jakubroztocil/rrule/pull/288" - } - ], - "semver": { - "vulnerable": [ - "<2.6.0" - ] - }, - "severity": "high", - "title": "Denial of Service (DoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", - "alternativeIds": [], - "creationTime": "2018-10-04T08:37:13.444276Z", - "credit": [ - "David Golightly" - ], - "cvssScore": 4.3, - "disclosureTime": "2018-09-30T08:27:16Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.5.6" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-RRULE-72421", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:56.302810Z", - "moduleName": "rrule", - "packageManager": "npm", - "packageName": "rrule", - "patches": [], - "publicationTime": "2018-10-09T08:27:16Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/jakubroztocil/rrule/commit/eab930c35b74f79ad0dd6e7474a847d5179ff169" - }, - { - "title": "GitHub PR", - "url": "https://github.com/jakubroztocil/rrule/pull/282" - }, - { - "title": "GitHub Release", - "url": "https://github.com/jakubroztocil/rrule/releases/tag/v2.5.6" - } - ], - "semver": { - "vulnerable": [ - "<2.5.6" - ] - }, - "severity": "medium", - "title": "Denial of Service (DoS)" - } - ], - "sanitize-html": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", - "alternativeIds": [], - "creationTime": "2020-07-17T15:02:43.082824Z", - "credit": [ - "mikesamuel" - ], - "cvssScore": 9.4, - "disclosureTime": "2020-09-07T09:46:18Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.0.0-beta" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-SANITIZEHTML-585892", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-94" - ] - }, - "language": "js", - "modificationTime": "2020-09-07T15:37:06.961614Z", - "moduleName": "sanitize-html", - "packageManager": "npm", - "packageName": "sanitize-html", - "patches": [], - "publicationTime": "2020-09-07T09:46:10Z", - "references": [ - { - "title": "GitHub PR", - "url": "https://github.com/apostrophecms/sanitize-html/pull/156" - } - ], - "semver": { - "vulnerable": [ - "<2.0.0-beta" - ] - }, - "severity": "high", - "title": "Arbitrary Code Execution" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-SANITIZEHTML-10468" - ], - "creationTime": "2017-04-16T07:20:02.755000Z", - "credit": [ - "Jim O'Brien" - ], - "cvssScore": 5.4, - "disclosureTime": "2014-07-17T17:20:02.755000Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.2.3" - ], - "functions": [], - "functions_new": [], - "id": "npm:sanitize-html:20140717", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SANITIZEHTML-10468" - ], - "CVE": [ - "CVE-2017-16017" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 155 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:08.852964Z", - "moduleName": "sanitize-html", - "packageManager": "npm", - "packageName": "sanitize-html", - "patches": [], - "publicationTime": "2017-04-16T07:20:02.755000Z", - "references": [ - { - "title": "GitHub Changelog", - "url": "https://github.com/punkave/sanitize-html/blob/master/README.md%23changelog" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/punkave/sanitize-html/issues/19" - }, - { - "title": "GitHub PR", - "url": "https://github.com/punkave/sanitize-html/pull/20" - } - ], - "semver": { - "vulnerable": [ - "<1.2.3" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-SANITIZEHTML-10461" - ], - "creationTime": "2017-04-12T10:49:58.283000Z", - "credit": [ - "Andrew Krasichkov" - ], - "cvssScore": 5.4, - "disclosureTime": "2016-03-26T23:49:58.283000Z", - "exploit": "Functional", - "fixedIn": [ - "1.11.4" - ], - "functions": [], - "functions_new": [], - "id": "npm:sanitize-html:20161026", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SANITIZEHTML-10461" - ], - "CVE": [ - "CVE-2017-16016" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 154 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:07.352424Z", - "moduleName": "sanitize-html", - "packageManager": "npm", - "packageName": "sanitize-html", - "patches": [], - "publicationTime": "2017-04-12T11:00:58.283000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/punkave/sanitize-html/commit/5d205a1005ba0df80e21d8c64a15bb3accdb2403" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/punkave/sanitize-html/issues/100" - } - ], - "semver": { - "vulnerable": [ - "<1.11.4" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-SANITIZEHTML-10127" - ], - "creationTime": "2016-08-02T08:28:08.097000Z", - "credit": [ - "Björn Kimminich" - ], - "cvssScore": 4.7, - "disclosureTime": "2016-08-01T18:02:31Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:sanitize-html:20160801", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SANITIZEHTML-10127" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 135 - ] - }, - "language": "js", - "modificationTime": "2018-11-18T11:50:40.402417Z", - "moduleName": "sanitize-html", - "packageManager": "npm", - "packageName": "sanitize-html", - "patches": [], - "publicationTime": "2016-08-01T18:02:31Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/punkave/sanitize-html/commit/762fbc7bba389f3f789cc291c1eb2b64f60f2caf" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/punkave/sanitize-html/issues/29" - } - ], - "semver": { - "vulnerable": [ - "<=1.4.2" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-SANITIZEHTML-10048" - ], - "creationTime": "2015-11-06T02:09:36.180000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 4.3, - "disclosureTime": "2015-11-06T02:09:36Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.4.3" - ], - "functions": [], - "functions_new": [], - "id": "npm:sanitize-html:20141024", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SANITIZEHTML-10048" - ], - "CVE": [ - "CVE-2016-1000237" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-04-16T09:38:43.588321Z", - "moduleName": "sanitize-html", - "packageManager": "npm", - "packageName": "sanitize-html", - "patches": [], - "publicationTime": "2015-11-06T02:09:36Z", - "references": [ - { - "title": "CVE", - "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000237.json" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/punkave/sanitize-html/issues/29" - }, - { - "title": "Node Security Advisories", - "url": "https://nodesecurity.io/advisories/135" - } - ], - "semver": { - "vulnerable": [ - "<1.4.3" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "secure-compare": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-SECURECOMPARE-10060" - ], - "creationTime": "2015-11-06T02:09:36.186000Z", - "credit": [ - "Joshua Dague" - ], - "cvssScore": 5.3, - "disclosureTime": "2015-10-24T21:00:53Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.0.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:secure-compare:20151024", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SECURECOMPARE-10060" - ], - "CVE": [ - "CVE-2015-9238" - ], - "CWE": [ - "CWE-697" - ], - "GHSA": [ - "GHSA-h9x2-5rm7-x4gm" - ], - "NSP": [ - 50 - ] - }, - "language": "js", - "modificationTime": "2019-11-01T13:34:01.649700Z", - "moduleName": "secure-compare", - "packageManager": "npm", - "packageName": "secure-compare", - "patches": [ - { - "comments": [ - "https://github.com/vdemedes/secure-compare/commit/b768f45003dad04743c91747e35df1b0a4c4c897.patch" - ], - "id": "patch:npm:secure-compare:20151024:0", - "modificationTime": "2019-12-03T11:40:45.769814Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/secure-compare/20151024/secure-compare_20151024_0_0_b768f45003dad04743c91747e35df1b0a4c4c897.patch" - ], - "version": "=3.0.0" - } - ], - "publicationTime": "2015-11-06T02:09:36Z", - "references": [ - { - "title": "GitHub PR", - "url": "https://github.com/vdemedes/secure-compare/pull/1" - } - ], - "semver": { - "vulnerable": [ - "<3.0.1" - ] - }, - "severity": "medium", - "title": "Insecure Comparison" - } - ], - "select2": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "alternativeIds": [], - "creationTime": "2019-08-04T12:19:40.371424Z", - "credit": [ - "Je1te" - ], - "cvssScore": 6.1, - "disclosureTime": "2016-09-15T16:00:30Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.0.8" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-SELECT2-456562", - "identifiers": { - "CVE": [ - "CVE-2016-10744" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:03.402815Z", - "moduleName": "select2", - "packageManager": "npm", - "packageName": "select2", - "patches": [], - "publicationTime": "2019-08-04T12:20:00Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/select2/docs/commit/1c394a421b76f26b8923a9634437b99fb6bffec3" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/select2/docs/commit/1f79acbe5ffa651dfdbed70d6c955c2ee4447cfa" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/select2/select2/issues/4587" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/select2/select2/issues/5448" - } - ], - "semver": { - "vulnerable": [ - "<4.0.8" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-SELECT2-10421" - ], - "creationTime": "2017-03-01T09:33:43.698000Z", - "credit": [ - "Jelte Fennema" - ], - "cvssScore": 6.5, - "disclosureTime": "2013-01-07T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.3.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:select2:20130108", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SELECT2-10421" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:56.826375Z", - "moduleName": "select2", - "packageManager": "npm", - "packageName": "select2", - "patches": [], - "publicationTime": "2017-03-13T08:00:22.725000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/select2/select2/commit/353672832dc8d0e4abed7ec14db6d82c83e17045" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/select2/select2/commit/fcea1523fddbf678dc482c00b7df5997527f8d33" - }, - { - "title": "GitHub Comparison", - "url": "https://github.com/select2/select2/compare/5f2828098e6e98f33efe6db39555c4708e5a7240...fcea1523fddbf678dc482c00b7df5997527f8d33" - }, - { - "title": "GitHub PR", - "url": "https://github.com/select2/select2/pull/691" - }, - { - "title": "GitHub PR", - "url": "https://github.com/select2/select2/pull/703" - } - ], - "semver": { - "vulnerable": [ - ">=1.0.0 <3.3.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "semantic-ui": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [], - "creationTime": "2019-05-14T16:32:12.141866Z", - "credit": [ - "akila1996" - ], - "cvssScore": 6.5, - "disclosureTime": "2019-01-08T22:22:16Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-SEMANTICUI-174699", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 885, - 760 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:43.393154Z", - "moduleName": "semantic-ui", - "packageManager": "npm", - "packageName": "semantic-ui", - "patches": [], - "publicationTime": "2019-05-14T17:34:32Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/Semantic-Org/Semantic-UI/issues/4498" - }, - { - "title": "GitHub PR", - "url": "https://github.com/fomantic/Fomantic-UI/pull/298" - }, - { - "title": "GitHub Release", - "url": "https://github.com/fomantic/Fomantic-UI/releases/tag/2.7.0" - }, - { - "title": "NPM Security Advisory", - "url": "https://www.npmjs.com/advisories/760" - } - ], - "semver": { - "vulnerable": [ - "<=2.4.2" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-SEMANTICUI-10661" - ], - "creationTime": "2017-03-01T13:39:33.968000Z", - "credit": [ - "Scott Jackson" - ], - "cvssScore": 5.4, - "disclosureTime": "2017-01-29T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.2.8" - ], - "functions": [], - "functions_new": [], - "id": "npm:semantic-ui:20170130", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SEMANTICUI-10661" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:16.651726Z", - "moduleName": "semantic-ui", - "packageManager": "npm", - "packageName": "semantic-ui", - "patches": [], - "publicationTime": "2017-06-21T14:07:50.699000Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/Semantic-Org/Semantic-UI/issues/4962" - } - ], - "semver": { - "vulnerable": [ - "<2.2.8" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-SEMANTICUI-10660" - ], - "creationTime": "2017-03-01T13:36:04.208000Z", - "credit": [ - "Denis Rechkunov" - ], - "cvssScore": 5.4, - "disclosureTime": "2014-08-23T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.0.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:semantic-ui:20140824", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SEMANTICUI-10660" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:17.400375Z", - "moduleName": "semantic-ui", - "packageManager": "npm", - "packageName": "semantic-ui", - "patches": [], - "publicationTime": "2017-06-21T14:07:50.625000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/Semantic-Org/Semantic-UI/commit/259fd6f0dbf07e3b67fcd190fa575980c0998ec8" - }, - { - "title": "GitHub PR", - "url": "https://github.com/Semantic-Org/Semantic-UI/pull/1033" - } - ], - "semver": { - "vulnerable": [ - "<1.0.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "serialize-to-js": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L", - "alternativeIds": [], - "creationTime": "2019-12-08T14:37:34.550063Z", - "credit": [ - "Unknown" - ], - "cvssScore": 8.1, - "disclosureTime": "2019-12-01T20:30:14Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.0.1" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-SERIALIZETOJS-536958", - "identifiers": { - "CVE": [ - "CVE-2019-16769", - "CVE-2019-16772" - ], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-h9rv-jmmf-4pgx", - "GHSA-3fjq-93xj-3f3f" - ], - "NSP": [ - 1426, - 1429 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:03.143567Z", - "moduleName": "serialize-to-js", - "packageManager": "npm", - "packageName": "serialize-to-js", - "patches": [], - "publicationTime": "2019-12-05T20:30:14Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/commenthol/serialize-to-js/commit/181d7d583ae5293cd47cc99b14ad13352875f3e3" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/yahoo/serialize-javascript/commit/16a68ab53d9626fc7c942b48a1163108fcd184c8" - } - ], - "semver": { - "vulnerable": [ - "<3.0.1" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:O", - "alternativeIds": [], - "creationTime": "2019-08-22T12:06:41.644260Z", - "credit": [ - "Dor Tumarkin" - ], - "cvssScore": 5.9, - "disclosureTime": "2019-03-28T21:15:07Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.0.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-SERIALIZETOJS-460149", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 790 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:00.947330Z", - "moduleName": "serialize-to-js", - "packageManager": "npm", - "packageName": "serialize-to-js", - "patches": [], - "publicationTime": "2019-08-22T12:27:50Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/commenthol/serialize-to-js/pull/8/commits/ef723b5b2924b9a2369b3b12f2417f256660ae49" - }, - { - "title": "GitHub PR", - "url": "https://github.com/commenthol/serialize-to-js/pull/8" - }, - { - "title": "NPM Advisory", - "url": "https://www.npmjs.com/advisories/790" - } - ], - "semver": { - "vulnerable": [ - "<2.0.0" - ] - }, - "severity": "medium", - "title": "Denial of Service (DoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-SERIALIZETOJS-10401" - ], - "creationTime": "2017-02-12T19:01:20Z", - "credit": [ - "Ajin Abraham" - ], - "cvssScore": 9.8, - "disclosureTime": "2017-02-08T19:01:20Z", - "exploit": "High", - "fixedIn": [ - "1.0.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:serialize-to-js:20170208", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SERIALIZETOJS-10401" - ], - "CVE": [ - "CVE-2017-5954" - ], - "CWE": [ - "CWE-502" - ], - "NSP": [ - 313 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:57.371598Z", - "moduleName": "serialize-to-js", - "packageManager": "npm", - "packageName": "serialize-to-js", - "patches": [], - "publicationTime": "2017-02-13T19:01:20Z", - "references": [ - { - "title": "Disclaimer by Package Owner", - "url": "https://www.npmjs.com/package/serialize-to-js%23deserialize" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/commenthol/serialize-to-js/commit/1cd433960e5b9db4c0b537afb28366198a319429" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/commenthol/serialize-to-js/issues/1" - }, - { - "title": "Opsecx Blog", - "url": "https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/" - } - ], - "semver": { - "vulnerable": [ - "<1.0.0" - ] - }, - "severity": "high", - "title": "Arbitrary Code Execution" - } - ], - "shaka-player": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-SHAKAPLAYER-10914" - ], - "creationTime": "2018-02-22T14:36:50Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 3.7, - "disclosureTime": "2018-02-21T16:19:06Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "2.3.3" - ], - "functions": [], - "functions_new": [], - "id": "npm:shaka-player:20180222", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SHAKAPLAYER-10914" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.775534Z", - "moduleName": "shaka-player", - "packageManager": "npm", - "packageName": "shaka-player", - "patches": [], - "publicationTime": "2018-02-22T15:42:02Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/google/shaka-player/commit/0a2190246ced4935fc47cb624b88e1d030741a61" - } - ], - "semver": { - "vulnerable": [ - "<2.3.3" - ] - }, - "severity": "low", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "shell-quote": [ - { - "CVSSv3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "alternativeIds": [ - "SNYK-JS-SHELLQUOTE-10106" - ], - "creationTime": "2016-06-21T18:00:10.120000Z", - "credit": [ - "Koki Takahashi", - "Node Security Team" - ], - "cvssScore": 8.4, - "disclosureTime": "2016-06-21T17:40:40Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.6.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:shell-quote:20160621", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SHELLQUOTE-10106" - ], - "CVE": [ - "CVE-2016-10541" - ], - "CWE": [ - "CWE-78" - ], - "NSP": [ - 117 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:42.716094Z", - "moduleName": "shell-quote", - "packageManager": "npm", - "packageName": "shell-quote", - "patches": [ - { - "comments": [], - "id": "patch:npm:shell-quote:20160621:0", - "modificationTime": "2019-12-03T11:40:45.836174Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/shell-quote/20160621/shell-quote_20160621_0_0.patch" - ], - "version": "<=1.6.0 >1.4.2" - } - ], - "publicationTime": "2016-06-21T17:40:40Z", - "references": [ - { - "title": "GitHub Comparison", - "url": "https://github.com/substack/node-shell-quote/compare/1.6.0...1.6.1" - } - ], - "semver": { - "vulnerable": [ - "<1.6.1" - ] - }, - "severity": "high", - "title": "Command Injection" - } - ], - "showdown-xss-filter": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-SHOWDOWNXSSFILTER-10863" - ], - "creationTime": "2017-03-27T12:24:52.151000Z", - "credit": [ - "markgeraty" - ], - "cvssScore": 6.5, - "disclosureTime": "2015-06-01T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.1.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:showdown-xss-filter:20150602", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SHOWDOWNXSSFILTER-10863" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-06-02T07:09:52.440215Z", - "moduleName": "showdown-xss-filter", - "packageManager": "npm", - "packageName": "showdown-xss-filter", - "patches": [], - "publicationTime": "2018-01-19T09:35:48.439000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/VisionistInc/showdown-xss-filter/commit/154d5cc15f22ba2687392488849f0f95860c66d3" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/VisionistInc/showdown-xss-filter/issues/4" - } - ], - "semver": { - "vulnerable": [ - "<0.1.1" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "simditor": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [], - "creationTime": "2019-05-13T14:43:50.507577Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2018-11-09T14:23:57Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.3.22" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-SIMDITOR-174638", - "identifiers": { - "CVE": [ - "CVE-2018-19048" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 884 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:02.564189Z", - "moduleName": "simditor", - "packageManager": "npm", - "packageName": "simditor", - "patches": [], - "publicationTime": "2019-05-13T14:45:22Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/mycolorway/simditor/commit/ef01a643cbb7f8163535d6bfb71135f80ec6a6fd" - }, - { - "title": "GitHub Release", - "url": "https://github.com/mycolorway/simditor/releases/tag/v2.3.22" - }, - { - "title": "NPM Advisory", - "url": "https://www.npmjs.com/advisories/884" - } - ], - "semver": { - "vulnerable": [ - "<2.3.22" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-SIMDITOR-11020" - ], - "creationTime": "2018-02-27T11:44:58.623000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.1, - "disclosureTime": "2018-01-30T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.3.22" - ], - "functions": [], - "functions_new": [], - "id": "npm:simditor:20180131", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SIMDITOR-11020" - ], - "CVE": [ - "CVE-2018-6464" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:44.342219Z", - "moduleName": "simditor", - "packageManager": "npm", - "packageName": "simditor", - "patches": [], - "publicationTime": "2018-03-01T15:59:48Z", - "references": [ - { - "title": "Advisory", - "url": "https://github.com/Heartway/simditor/blob/master/simditor.docx" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/mycolorway/simditor/commit/ef01a643cbb7f8163535d6bfb71135f80ec6a6fd" - }, - { - "title": "NVD", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6464" - } - ], - "semver": { - "vulnerable": [ - "<2.3.22" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "simpl-schema": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-SIMPLSCHEMA-11084" - ], - "creationTime": "2018-04-15T15:16:32.900000Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 7.1, - "disclosureTime": "2018-04-15T15:16:32.900000Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "1.5.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:simpl-schema:20180219", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SIMPLSCHEMA-11084" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.708477Z", - "moduleName": "simpl-schema", - "packageManager": "npm", - "packageName": "simpl-schema", - "patches": [], - "publicationTime": "2018-04-15T15:16:32.900000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/aldeed/simple-schema-js/commit/30c43688a38e49e17959d16e7b07131b502a7d1f" - } - ], - "semver": { - "vulnerable": [ - "<1.5.0" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "simplemde": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [], - "creationTime": "2018-11-08T09:40:22.504411Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2018-11-07T09:39:45Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-SIMPLEMDE-72570", - "identifiers": { - "CVE": [ - "CVE-2018-19057" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2018-11-18T11:50:40.112656Z", - "moduleName": "simplemde", - "packageManager": "npm", - "packageName": "simplemde", - "patches": [], - "publicationTime": "2018-11-08T17:28:36.424508Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/sparksuite/simplemde-markdown-editor/issues/721" - } - ], - "semver": { - "vulnerable": [ - "<=1.11.2" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "slug": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "alternativeIds": [ - "SNYK-JS-SLUG-10784" - ], - "creationTime": "2017-09-26T05:48:40.307000Z", - "credit": [ - "Cristian-Alexandru Staicu" - ], - "cvssScore": 5.3, - "disclosureTime": "2017-09-07T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.9.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:slug:20170907", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SLUG-10784" - ], - "CVE": [ - "CVE-2017-16117" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 537 - ] - }, - "language": "js", - "modificationTime": "2018-11-18T11:50:39.675608Z", - "moduleName": "slug", - "packageManager": "npm", - "packageName": "slug", - "patches": [], - "publicationTime": "2017-09-26T05:48:40Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/zhuangya/node-slug/commit/e82fccc6b3d850227560db659b17df0e242ae51b" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/dodo/node-slug/issues/82" - }, - { - "title": "GitHub PR", - "url": "https://github.com/dodo/node-slug/pull/83" - } - ], - "semver": { - "vulnerable": [ - "<0.9.2" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "slugify": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "alternativeIds": [ - "SNYK-JS-SLUGIFY-11130" - ], - "creationTime": "2018-08-05T21:00:00Z", - "credit": [ - "David Halls" - ], - "cvssScore": 5.3, - "disclosureTime": "2018-08-05T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.3.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:slugify:20180805", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SLUGIFY-11130" - ], - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2019-06-02T07:10:39.484635Z", - "moduleName": "slugify", - "packageManager": "npm", - "packageName": "slugify", - "patches": [], - "publicationTime": "2018-08-05T21:00:00Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/simov/slugify/commit/e8f8a694c0839c77e53e336616b1e6e3b1c7feab" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/simov/slugify/issues/37" - } - ], - "semver": { - "vulnerable": [ - "<1.3.1" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "socket.io": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-SOCKETIO-10398" - ], - "creationTime": "2017-02-01T13:28:52.754000Z", - "credit": [ - "Almog Melamed" - ], - "cvssScore": 5.4, - "disclosureTime": "2012-04-16T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.9.6" - ], - "functions": [], - "functions_new": [], - "id": "npm:socket.io:20120417", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SOCKETIO-10398" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:49.355893Z", - "moduleName": "socket.io", - "packageManager": "npm", - "packageName": "socket.io", - "patches": [], - "publicationTime": "2017-02-13T13:28:52.754000Z", - "references": [ - { - "title": "GitHub Changelog", - "url": "https://github.com/socketio/socket.io/blob/master/History.md%23096--2012-04-17" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/socketio/socket.io/commit/e98fc7bc865640e777c26dbb1040f33ff103aa78" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/socketio/socket.io/issues/925" - } - ], - "semver": { - "vulnerable": [ - "<0.9.6" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-SOCKETIO-10397" - ], - "creationTime": "2017-02-01T13:46:59.513000Z", - "credit": [ - "Martin Thomson" - ], - "cvssScore": 5.3, - "disclosureTime": "2012-03-22T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.9.7" - ], - "functions": [], - "functions_new": [], - "id": "npm:socket.io:20120323", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SOCKETIO-10397" - ], - "CVE": [ - "CVE-2017-16031" - ], - "CWE": [ - "CWE-330" - ], - "NSP": [ - 321 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:50.099694Z", - "moduleName": "socket.io", - "packageManager": "npm", - "packageName": "socket.io", - "patches": [], - "publicationTime": "2017-02-13T13:46:59.513000Z", - "references": [ - { - "title": "GitHub Changelog", - "url": "https://github.com/socketio/socket.io/blob/master/History.md%23097--2012-07-24" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/socketio/socket.io/commit/67b4eb9abdf111dfa9be4176d1709374a2b4ded8" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/socketio/socket.io/issues/856" - }, - { - "title": "GitHub PR", - "url": "https://github.com/socketio/socket.io/pull/857" - }, - { - "title": "Google Group Forum", - "url": "https://groups.google.com/forum/%23%21topic/socket_io/Peq-R_BTSx0/discussion" - } - ], - "semver": { - "vulnerable": [ - "<0.9.7" - ] - }, - "severity": "medium", - "title": "Insecure Randomness" - } - ], - "squel": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [ - "SNYK-JS-SQUEL-12135" - ], - "creationTime": "2018-04-09T16:14:27.623000Z", - "credit": [ - "Sean Lynch" - ], - "cvssScore": 6.3, - "disclosureTime": "2018-03-22T04:52:43Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:squel:20180322", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SQUEL-12135" - ], - "CVE": [], - "CWE": [ - "CWE-89" - ], - "GHSA": [ - "GHSA-4qhx-g9wp-g9m6" - ], - "NSP": [ - 575 - ] - }, - "language": "js", - "modificationTime": "2018-11-18T11:50:42.218527Z", - "moduleName": "squel", - "packageManager": "npm", - "packageName": "squel", - "patches": [], - "publicationTime": "2018-05-09T16:11:26Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/hiddentao/squel/issues/350" - } - ], - "semver": { - "vulnerable": [ - "<=5.13.0" - ] - }, - "severity": "medium", - "title": "SQL Injection" - } - ], - "squire-rte": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-SQUIRERTE-10422" - ], - "creationTime": "2017-03-06T16:08:15.131000Z", - "credit": [ - "Neil Jenkins" - ], - "cvssScore": 6.5, - "disclosureTime": "2016-06-05T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.6.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:squire-rte:20160606", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SQUIRERTE-10422" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-05-30T14:48:20.874818Z", - "moduleName": "squire-rte", - "packageManager": "npm", - "packageName": "squire-rte", - "patches": [], - "publicationTime": "2017-03-13T08:00:22.796000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/neilj/Squire/commit/bd4d377cf0c836f81ecf30b76bbdf7fc454bb0be" - } - ], - "semver": { - "vulnerable": [ - "<1.6.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "string": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H/RL:U/RC:C", - "alternativeIds": [ - "SNYK-JS-STRING-10785" - ], - "creationTime": "2017-09-26T05:48:40.307000Z", - "credit": [ - "Cristian-Alexandru Staicu" - ], - "cvssScore": 5.3, - "disclosureTime": "2017-09-07T21:00:00Z", - "exploit": "High", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:string:20170907", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-STRING-10785" - ], - "CVE": [ - "CVE-2017-16116" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 536 - ] - }, - "language": "js", - "modificationTime": "2018-11-22T10:10:10.842859Z", - "moduleName": "string", - "packageManager": "npm", - "packageName": "string", - "patches": [], - "publicationTime": "2017-09-26T05:48:40.307000Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/jprichardson/string.js/issues/212" - } - ], - "semver": { - "vulnerable": [ - "<=3.3.3" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "superagent": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-SUPERAGENT-12185" - ], - "creationTime": "2018-11-08T19:42:02Z", - "credit": [ - "pszabop" - ], - "cvssScore": 5.3, - "disclosureTime": "2018-11-08T19:42:02Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.8.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:superagent:20181108", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SUPERAGENT-12185" - ], - "CVE": [], - "CWE": [ - "CWE-200" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:53.893456Z", - "moduleName": "superagent", - "packageManager": "npm", - "packageName": "superagent", - "patches": [], - "publicationTime": "2018-07-31T13:43:37Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/visionmedia/superagent/commit/087edaf15cac51f69ae6346c431f40627aff0ff4" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/visionmedia/superagent/issues/1309" - } - ], - "semver": { - "vulnerable": [ - "<3.8.1" - ] - }, - "severity": "medium", - "title": "Information Exposure" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "alternativeIds": [ - "SNYK-JS-SUPERAGENT-10789" - ], - "creationTime": "2017-09-27T11:38:25.465000Z", - "credit": [ - "Dennis Appelt" - ], - "cvssScore": 3.7, - "disclosureTime": "2017-08-06T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.7.0" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "lib/node/index.js", - "functionName": "Request.prototype.end" - }, - "version": [ - "<3.4.0" - ] - }, - { - "functionId": { - "className": null, - "filePath": "lib/node/index.js", - "functionName": "Request.prototype._end" - }, - "version": [ - ">=3.4.0 <3.7.0" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "lib/node/index.js", - "functionName": "Request.prototype.end" - }, - "version": [ - "<3.4.0" - ] - }, - { - "functionId": { - "filePath": "lib/node/index.js", - "functionName": "Request.prototype._end" - }, - "version": [ - ">=3.4.0 <3.7.0" - ] - } - ], - "id": "npm:superagent:20170807", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SUPERAGENT-10789" - ], - "CVE": [ - "CVE-2017-16129" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 479 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:53.888095Z", - "moduleName": "superagent", - "packageManager": "npm", - "packageName": "superagent", - "patches": [], - "publicationTime": "2017-09-27T11:38:25Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/visionmedia/superagent/issues/1259" - } - ], - "semver": { - "vulnerable": [ - "<3.7.0" - ] - }, - "severity": "low", - "title": "Denial of Service (DoS)" - } - ], - "swagger-ui": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/RL:O", - "alternativeIds": [], - "creationTime": "2020-06-11T14:30:10.957189Z", - "credit": [ - "Unknown" - ], - "cvssScore": 4.6, - "disclosureTime": "2020-06-11T14:27:11Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.26.1" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-SWAGGERUI-572012", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-453" - ] - }, - "language": "js", - "modificationTime": "2020-07-01T15:32:35.532108Z", - "moduleName": "swagger-ui", - "packageManager": "npm", - "packageName": "swagger-ui", - "patches": [], - "publicationTime": "2020-07-01T07:15:46Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/swagger-api/swagger-ui/commit/a616cb471d31f04a28d185aeb1bcb83637afc3cf" - } - ], - "semver": { - "vulnerable": [ - "<3.26.1" - ] - }, - "severity": "medium", - "title": "Insecure Defaults" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [], - "creationTime": "2019-10-11T14:29:32.995363Z", - "credit": [ - "crazykid95" - ], - "cvssScore": 6.5, - "disclosureTime": "2019-10-10T22:15:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.23.11" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-SWAGGERUI-472935", - "identifiers": { - "CVE": [ - "CVE-2019-17495" - ], - "CWE": [ - "CWE-94" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:03.389243Z", - "moduleName": "swagger-ui", - "packageManager": "npm", - "packageName": "swagger-ui", - "patches": [], - "publicationTime": "2019-10-11T13:21:30Z", - "references": [ - { - "title": "GitHub PR", - "url": "https://github.com/swagger-api/swagger-ui/pull/5616" - }, - { - "title": "GitHub Release", - "url": "https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11" - }, - { - "title": "POC by crazykid95", - "url": "https://github.com/tarantula-team/CSS-injection-in-Swagger-UI" - } - ], - "semver": { - "vulnerable": [ - "<3.23.11" - ] - }, - "severity": "medium", - "title": "Relative Path Overwrite (RPO)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "alternativeIds": [], - "creationTime": "2019-06-16T17:01:13.075648Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.1, - "disclosureTime": "2014-08-24T17:00:44Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.0.24" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-SWAGGERUI-449942", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:01.116978Z", - "moduleName": "swagger-ui", - "packageManager": "npm", - "packageName": "swagger-ui", - "patches": [], - "publicationTime": "2019-06-16T16:59:25Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/swagger-api/swagger-ui/pull/541/commits/5da60bfa626ef6acc929f4460afd7258f9e968b8" - }, - { - "title": "GitHub PR", - "url": "https://github.com/swagger-api/swagger-ui/pull/541" - } - ], - "semver": { - "vulnerable": [ - ">=2.0.3 <2.0.24" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [], - "creationTime": "2019-06-16T16:22:08.684477Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2016-06-01T22:55:45Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.0.13" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-SWAGGERUI-449941", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 985 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:55.416277Z", - "moduleName": "swagger-ui", - "packageManager": "npm", - "packageName": "swagger-ui", - "patches": [], - "publicationTime": "2019-06-16T16:17:54Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/swagger-api/swagger-ui/issues/3163" - }, - { - "title": "GitHub PR", - "url": "https://github.com/swagger-api/swagger-ui/pull/3165" - } - ], - "semver": { - "vulnerable": [ - ">=3.0.0 <3.0.13" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [], - "creationTime": "2019-06-16T16:08:05.723898Z", - "credit": [ - "Unknown", - "Scott Davis" - ], - "cvssScore": 6.5, - "disclosureTime": "2015-09-22T16:03:49Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.2.1" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-SWAGGERUI-449940", - "identifiers": { - "CVE": [ - "CVE-2016-1000226", - "CVE-2016-1000233", - "CVE-2016-5682" - ], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-g336-c7wv-8hp3" - ], - "NSP": [ - 988, - 987, - 986 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:56.373858Z", - "moduleName": "swagger-ui", - "packageManager": "npm", - "packageName": "swagger-ui", - "patches": [], - "publicationTime": "2019-06-16T16:02:38Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/swagger-api/swagger-ui/issues/1154" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/swagger-api/swagger-ui/issues/1617" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/swagger-api/swagger-ui/issues/1863" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/swagger-api/swagger-ui/issues/1864" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/swagger-api/swagger-ui/issues/1865" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/swagger-api/swagger-ui/issues/1866" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/swagger-api/swagger-ui/issues/830" - }, - { - "title": "GitHub PR", - "url": "https://github.com/swagger-api/swagger-ui/pull/1867" - }, - { - "title": "GitHub PR", - "url": "https://github.com/swagger-api/swagger-ui/pull/2334" - }, - { - "title": "GitHub Release", - "url": "https://github.com/swagger-api/swagger-ui/releases/tag/v2.2.1" - } - ], - "semver": { - "vulnerable": [ - "<2.2.1" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [], - "creationTime": "2019-06-14T18:06:52.670644Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2019-02-23T18:03:41Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.20.9" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-SWAGGERUI-449921", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 976 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:55.882334Z", - "moduleName": "swagger-ui", - "packageManager": "npm", - "packageName": "swagger-ui", - "patches": [], - "publicationTime": "2019-06-14T18:03:32Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/swagger-api/swagger-ui/commit/1e184e8e218676278c83e60a45846c199ce3d15e" - }, - { - "title": "GitHub PR", - "url": "https://github.com/swagger-api/swagger-ui/pull/5190" - } - ], - "semver": { - "vulnerable": [ - "<3.20.9" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "alternativeIds": [], - "creationTime": "2019-06-13T09:34:29.660632Z", - "credit": [ - "Unknown" - ], - "cvssScore": 4.3, - "disclosureTime": "2018-08-04T09:33:38Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.18.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-SWAGGERUI-449808", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-1022" - ], - "GHSA": [ - "GHSA-x9p2-fxq6-2m5f" - ], - "NSP": [ - 975 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:03.397472Z", - "moduleName": "swagger-ui", - "packageManager": "npm", - "packageName": "swagger-ui", - "patches": [], - "publicationTime": "2019-06-13T09:07:39Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/swagger-api/swagger-ui/pull/4789/commits/3f4cae3334fdd492a373f4453bd03a9ebd87becf" - }, - { - "title": "GitHub PR", - "url": "https://github.com/swagger-api/swagger-ui/pull/4789" - }, - { - "title": "GitHub Release", - "url": "https://github.com/swagger-api/swagger-ui/releases/tag/v3.18.0" - } - ], - "semver": { - "vulnerable": [ - "<3.18.0" - ] - }, - "severity": "medium", - "title": "Reverse Tabnabbing" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-SWAGGERUI-12034" - ], - "creationTime": "2017-12-19T11:50:39.144000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2017-10-30T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.4.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:swagger-ui:20171031", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SWAGGERUI-12034" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:46.245666Z", - "moduleName": "swagger-ui", - "packageManager": "npm", - "packageName": "swagger-ui", - "patches": [], - "publicationTime": "2017-12-25T14:45:02Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/swagger-api/swagger-ui/commit/afa615e01dc7f6724d20a11abfe1fcdf8f6ecd57" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/swagger-api/swagger-ui/issues/3847" - }, - { - "title": "GitHub PR", - "url": "https://github.com/swagger-api/swagger-ui/pull/3848" - } - ], - "semver": { - "vulnerable": [ - "<3.4.2" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-SWAGGERUI-10423" - ], - "creationTime": "2017-03-01T11:21:34.018000Z", - "credit": [ - "bodnia" - ], - "cvssScore": 6.1, - "disclosureTime": "2016-08-31T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.2.3" - ], - "functions": [], - "functions_new": [], - "id": "npm:swagger-ui:20160901", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SWAGGERUI-10423" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-06-13T10:15:40.438653Z", - "moduleName": "swagger-ui", - "packageManager": "npm", - "packageName": "swagger-ui", - "patches": [], - "publicationTime": "2017-03-13T08:00:22Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/swagger-api/swagger-ui/commit/f87eaaa81073a61e30ff0cedee4fd9cd2dd1fca9" - }, - { - "title": "GitHub PR", - "url": "https://github.com/swagger-api/swagger-ui/pull/2374" - } - ], - "semver": { - "vulnerable": [ - "<2.2.3" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-SWAGGERUI-10129" - ], - "creationTime": "2016-08-15T06:54:38.003000Z", - "credit": [ - "mehmetaydogdu" - ], - "cvssScore": 9.1, - "disclosureTime": "2016-08-15T00:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.1.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:swagger-ui:20160815", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SWAGGERUI-10129" - ], - "CVE": [], - "CWE": [ - "CWE-80" - ], - "NSP": [ - 137 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:30.653769Z", - "moduleName": "swagger-ui", - "packageManager": "npm", - "packageName": "swagger-ui", - "patches": [], - "publicationTime": "2016-08-15T00:00:00Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/swagger-api/swagger-ui/commit/162cd536a1d4bcf883af6129806c1f6387c3e690" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/swagger-api/swagger-ui/issues/1262" - }, - { - "title": "GitHub PR", - "url": "https://github.com/swagger-api/swagger-ui/pull/1325" - } - ], - "semver": { - "vulnerable": [ - "<2.1.0" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-SWAGGERUI-10122" - ], - "creationTime": "2016-07-25T22:53:17.243000Z", - "credit": [ - "Joe Vennix" - ], - "cvssScore": 7.3, - "disclosureTime": "2016-07-25T16:25:23Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.2.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:swagger-ui:20160725", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SWAGGERUI-10122" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 131 - ] - }, - "language": "js", - "modificationTime": "2019-06-13T10:17:11.719826Z", - "moduleName": "swagger-ui", - "packageManager": "npm", - "packageName": "swagger-ui", - "patches": [], - "publicationTime": "2016-07-25T16:25:23Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/swagger-api/swagger-ui/issues/1863" - }, - { - "title": "GitHub PR", - "url": "https://github.com/swagger-api/swagger-ui/pull/1869" - } - ], - "semver": { - "vulnerable": [ - "<2.2.1" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-SWAGGERUI-10117" - ], - "creationTime": "2016-07-25T22:53:17.243000Z", - "credit": [ - "Joe Vennix" - ], - "cvssScore": 9.1, - "disclosureTime": "2016-07-21T20:38:25Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.2.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:swagger-ui:20160721", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SWAGGERUI-10117" - ], - "CVE": [ - "CVE-2016-1000229" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 126 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:42.604785Z", - "moduleName": "swagger-ui", - "packageManager": "npm", - "packageName": "swagger-ui", - "patches": [], - "publicationTime": "2016-07-21T20:38:25Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/swagger-api/swagger-ui/issues/1865" - }, - { - "title": "GitHub Release", - "url": "https://github.com/swagger-api/swagger-ui/releases/tag/v2.2.1" - }, - { - "title": "Rapid 7 Blog Post", - "url": "https://community.rapid7.com/community/infosec/blog/2016/09/02/r7-2016-19-persistent-xss-via-unescaped-parameters-in-swagger-ui" - } - ], - "semver": { - "vulnerable": [ - "<2.2.1" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", - "alternativeIds": [ - "SNYK-JS-SWAGGERUI-10114" - ], - "creationTime": "2016-07-20T20:00:03.160000Z", - "credit": [ - "Joe Vennix" - ], - "cvssScore": 9.1, - "disclosureTime": "2016-07-20T19:01:30Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.2.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:swagger-ui:20160720", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-SWAGGERUI-10114" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 123 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:42.712692Z", - "moduleName": "swagger-ui", - "packageManager": "npm", - "packageName": "swagger-ui", - "patches": [], - "publicationTime": "2016-07-20T19:01:30Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/swagger-api/swagger-ui/issues/1866" - }, - { - "title": "GitHub PR", - "url": "https://github.com/swagger-api/swagger-ui/pull/1867" - }, - { - "title": "GitHub Release", - "url": "https://github.com/swagger-api/swagger-ui/releases/tag/v2.2.1" - } - ], - "semver": { - "vulnerable": [ - "<2.2.1" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - } - ], - "textangular": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-TEXTANGULAR-10402" - ], - "creationTime": "2017-01-25T13:28:01.461000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 5.4, - "disclosureTime": "2013-12-26T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.2.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:textangular:20131227", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-TEXTANGULAR-10402" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:51.598998Z", - "moduleName": "textangular", - "packageManager": "npm", - "packageName": "textangular", - "patches": [], - "publicationTime": "2017-02-13T13:28:01.461000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/fraywing/textAngular/commit/eea6ec6c390301a673d89bc0eda1ba92c038b444" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/fraywing/textAngular/issues/62" - }, - { - "title": "GitHub PR", - "url": "https://github.com/fraywing/textAngular/pull/72" - } - ], - "semver": { - "vulnerable": [ - "<1.2.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-TEXTANGULAR-10395" - ], - "creationTime": "2017-01-25T13:21:37.595000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 4.3, - "disclosureTime": "2015-02-12T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.3.7" - ], - "functions": [], - "functions_new": [], - "id": "npm:textangular:20150213", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-TEXTANGULAR-10395" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:48.601640Z", - "moduleName": "textangular", - "packageManager": "npm", - "packageName": "textangular", - "patches": [], - "publicationTime": "2017-02-13T13:21:37.595000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/fraywing/textAngular/commit/f5f27c26bc99dc6f8bb226d7beb99ce8bcada01a" - }, - { - "title": "GitHub Release", - "url": "https://github.com/fraywing/textAngular/releases/tag/v1.3.7" - } - ], - "semver": { - "vulnerable": [ - "<1.3.7" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "timespan": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [ - "SNYK-JS-TIMESPAN-10786" - ], - "creationTime": "2017-09-26T05:48:40.307000Z", - "credit": [ - "Cristian-Alexandru Staicu" - ], - "cvssScore": 7.5, - "disclosureTime": "2017-09-07T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "lib/time-span.js", - "functionName": "exports.parse" - }, - "version": [ - "*" - ] - }, - { - "functionId": { - "className": null, - "filePath": "lib/time-span.js", - "functionName": "exports.test" - }, - "version": [ - "*" - ] - }, - { - "functionId": { - "className": null, - "filePath": "lib/time-span.js", - "functionName": "exports.parseDate" - }, - "version": [ - ">=2.1.0" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "lib/time-span.js", - "functionName": "exports.parse" - }, - "version": [ - "*" - ] - }, - { - "functionId": { - "filePath": "lib/time-span.js", - "functionName": "exports.test" - }, - "version": [ - "*" - ] - }, - { - "functionId": { - "filePath": "lib/time-span.js", - "functionName": "exports.parseDate" - }, - "version": [ - ">=2.1.0" - ] - } - ], - "id": "npm:timespan:20170907", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-TIMESPAN-10786" - ], - "CVE": [ - "CVE-2017-16115" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 533 - ] - }, - "language": "js", - "modificationTime": "2019-03-07T14:29:49.070184Z", - "moduleName": "timespan", - "packageManager": "npm", - "packageName": "timespan", - "patches": [], - "publicationTime": "2017-09-26T05:48:40Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/indexzero/TimeSpan.js/issues/10" - }, - { - "title": "GitHub PR", - "url": "https://github.com/indexzero/TimeSpan.js/pull/11/" - } - ], - "semver": { - "vulnerable": [ - "<=2.3.0" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "tiny-json-http": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-TINYJSONHTTP-12093" - ], - "creationTime": "2018-03-13T01:44:28.201000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 5.3, - "disclosureTime": "2018-02-14T01:44:28Z", - "exploit": "Not Defined", - "fixedIn": [ - "7.0.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:tiny-json-http:20180214", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-TINYJSONHTTP-12093" - ], - "CVE": [ - "CVE-2018-1000096" - ], - "CWE": [ - "CWE-300" - ] - }, - "language": "js", - "modificationTime": "2018-11-18T11:50:39.956146Z", - "moduleName": "tiny-json-http", - "packageManager": "npm", - "packageName": "tiny-json-http", - "patches": [], - "publicationTime": "2018-03-15T13:14:46Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/brianleroux/tiny-json-http/pull/15/commits/1460a815c9a657daaf29ebdf085b935221fcf676" - }, - { - "title": "GitHub PR", - "url": "https://github.com/brianleroux/tiny-json-http/pull/15" - } - ], - "semver": { - "vulnerable": [ - "<7.0.0" - ] - }, - "severity": "medium", - "title": "Man-in-the-Middle (MitM)" - } - ], - "tinymce": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "alternativeIds": [], - "creationTime": "2020-08-12T10:32:42.440074Z", - "credit": [ - "George Steketee", - "Chris Davis" - ], - "cvssScore": 9.6, - "disclosureTime": "2020-08-11T14:55:01Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.9.11", - "5.4.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-TINYMCE-598223", - "identifiers": { - "CVE": [ - "CVE-2020-12648" - ], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-vrv8-v4w8-f95h" - ] - }, - "language": "js", - "modificationTime": "2020-08-12T10:53:14.352152Z", - "moduleName": "tinymce", - "packageManager": "npm", - "packageName": "tinymce", - "patches": [], - "publicationTime": "2020-08-12T10:53:14Z", - "references": [ - { - "title": "TinyMCE Release Notes", - "url": "https://www.tiny.cloud/docs/release-notes/release-notes54/%23securityfixes" - } - ], - "semver": { - "vulnerable": [ - "<4.9.11", - ">=5.0.0 <5.4.0" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2020-05-12T13:46:42.094289Z", - "credit": [ - "Michal Bentkowski" - ], - "cvssScore": 6.3, - "disclosureTime": "2020-05-12T13:14:14Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "4.9.10", - "5.2.2" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-TINYMCE-568922", - "identifiers": { - "CVE": [ - "CVE-2019-1010091" - ], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-c78w-2gw7-gjv3" - ] - }, - "language": "js", - "modificationTime": "2020-05-12T15:14:06.604729Z", - "moduleName": "tinymce", - "packageManager": "npm", - "packageName": "tinymce", - "patches": [], - "publicationTime": "2020-05-12T15:14:06Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/tinymce/tinymce/pull/5593/files" - }, - { - "title": "Release Notes", - "url": "https://www.tiny.cloud/docs/release-notes/release-notes522/%23securityfixes" - } - ], - "semver": { - "vulnerable": [ - "<4.9.10", - ">=5.0.0 <5.2.2" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", - "alternativeIds": [], - "creationTime": "2020-01-31T10:34:38.252292Z", - "credit": [ - "Michal Bentkowski" - ], - "cvssScore": 7.3, - "disclosureTime": "2020-01-30T10:35:10Z", - "exploit": "Not Defined", - "fixedIn": [ - "5.1.4", - "4.9.7" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-TINYMCE-543825", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-27gm-ghr9-4v95" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:54.814775Z", - "moduleName": "tinymce", - "packageManager": "npm", - "packageName": "tinymce", - "patches": [], - "publicationTime": "2020-01-31T10:35:08Z", - "references": [ - { - "title": "GitHub Advisory", - "url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/tinymce/tinymce/commit/425a859780fd7d839593c57636e9ba3473e79a12" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/tinymce/tinymce/commit/67e52b815cf575498cab127dbf7f1899216d819f" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/tinymce/tinymce/commit/b9576c8681d6f715623e6a1f403e5aca8d27cbe0" - } - ], - "semver": { - "vulnerable": [ - ">=5.0.0 <5.1.4", - "<4.9.7" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-TINYMCE-12156" - ], - "creationTime": "2018-05-22T21:09:49.725000Z", - "credit": [ - "unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2018-05-22T21:09:49Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.5.12", - "4.7.12" - ], - "functions": [], - "functions_new": [], - "id": "npm:tinymce:20180522", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-TINYMCE-12156" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-07-02T12:49:21.897271Z", - "moduleName": "tinymce", - "packageManager": "npm", - "packageName": "tinymce", - "patches": [], - "publicationTime": "2018-05-24T13:55:33Z", - "references": [ - { - "title": "Changelog", - "url": "https://www.tinymce.com/docs/changelog/%23version4712may32018" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/tinymce/tinymce/commit/15ff5b81c2a1e44efbc7fdba92b65d2bdcbc4c38" - } - ], - "semver": { - "vulnerable": [ - "<4.5.12", - ">=4.6.0 <4.7.12" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-TINYMCE-11105" - ], - "creationTime": "2018-05-24T13:49:24.240000Z", - "credit": [ - "Johan Sörlin" - ], - "cvssScore": 7.1, - "disclosureTime": "2018-05-24T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.6.4" - ], - "functions": [], - "functions_new": [], - "id": "npm:tinymce:20170613", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-TINYMCE-11105" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:36.616123Z", - "moduleName": "tinymce", - "packageManager": "npm", - "packageName": "tinymce", - "patches": [], - "publicationTime": "2018-05-24T13:49:24.240000Z", - "references": [ - { - "title": "Changelog", - "url": "https://www.tinymce.com/docs/changelog/%23version464june132017" - } - ], - "semver": { - "vulnerable": [ - "<4.6.4" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-TINYMCE-10264" - ], - "creationTime": "2016-12-29T13:49:24.240000Z", - "credit": [ - "Johan Sörlin" - ], - "cvssScore": 7.1, - "disclosureTime": "2015-06-10T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.2.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:tinymce:20150610", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-TINYMCE-10264" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:40.338207Z", - "moduleName": "tinymce", - "packageManager": "npm", - "packageName": "tinymce", - "patches": [], - "publicationTime": "2017-01-09T14:00:00Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/tinymce/tinymce/commit/9c78e4a4f9aad14f3e86094b36f163177f38c248" - } - ], - "semver": { - "vulnerable": [ - "<4.2.0" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-TINYMCE-10165" - ], - "creationTime": "2016-09-27T13:49:24.240000Z", - "credit": [ - "Johan Sörlin" - ], - "cvssScore": 7.1, - "disclosureTime": "2015-08-12T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "4.2.4" - ], - "functions": [], - "functions_new": [], - "id": "npm:tinymce:20150813", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-TINYMCE-10165" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:05.785942Z", - "moduleName": "tinymce", - "packageManager": "npm", - "packageName": "tinymce", - "patches": [], - "publicationTime": "2016-10-27T13:49:24.240000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/tinymce/tinymce/commit/c68a5930512d7b37b5dc495bde5f7cbb739e11e7" - } - ], - "semver": { - "vulnerable": [ - "<4.2.4" - ] - }, - "severity": "high", - "title": "Cross-site Scripting (XSS)" - } - ], - "truncate": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-TRUNCATE-10920" - ], - "creationTime": "2018-02-25T13:55:43.248000Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 7.1, - "disclosureTime": "2018-02-25T13:55:43.248000Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "2.0.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:truncate:20180225", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-TRUNCATE-10920" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.644114Z", - "moduleName": "truncate", - "packageManager": "npm", - "packageName": "truncate", - "patches": [], - "publicationTime": "2018-02-25T14:35:13.194000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/FGRibreau/node-truncate/commit/a3cea056427b2dfbbffebf24a95419b09db23b22" - }, - { - "title": "GitHub PR", - "url": "https://github.com/FGRibreau/node-truncate/pull/6" - } - ], - "semver": { - "vulnerable": [ - "<2.0.1" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "ua-parser": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [ - "SNYK-JS-UAPARSER-10754" - ], - "creationTime": "2017-08-30T08:29:25.582000Z", - "credit": [ - "Adam Baldwin" - ], - "cvssScore": 7.5, - "disclosureTime": "2017-08-28T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [], - "functions_new": [], - "id": "npm:ua-parser:20170829", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-UAPARSER-10754" - ], - "CVE": [ - "CVE-2017-16086" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 316 - ] - }, - "language": "js", - "modificationTime": "2018-11-18T11:50:41.472653Z", - "moduleName": "ua-parser", - "packageManager": "npm", - "packageName": "ua-parser", - "patches": [], - "publicationTime": "2017-08-30T08:29:25.582000Z", - "references": [ - { - "title": "Nodesecurity", - "url": "https://nodesecurity.io/advisories/316" - } - ], - "semver": { - "vulnerable": [ - "<=0.3.5" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "ua-parser-js": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [], - "creationTime": "2020-09-09T15:30:19.590314Z", - "credit": [ - "Yeting Li" - ], - "cvssScore": 7.5, - "disclosureTime": "2020-09-09T15:28:29Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.7.22" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-UAPARSERJS-610226", - "identifiers": { - "CVE": [ - "CVE-2020-7733" - ], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-09-16T14:54:56.176103Z", - "moduleName": "ua-parser-js", - "packageManager": "npm", - "packageName": "ua-parser-js", - "patches": [], - "publicationTime": "2020-09-16T14:54:55.938440Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d" - } - ], - "semver": { - "vulnerable": [ - "<0.7.22" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-UAPARSERJS-11094" - ], - "creationTime": "2018-05-01T10:52:22.381000Z", - "credit": [ - "Zach Bjornson", - "Jamie Davis" - ], - "cvssScore": 5.3, - "disclosureTime": "2018-02-26T22:00:00Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "0.7.18" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "src/ua-parser.js", - "functionName": "mapper.regex" - }, - "version": [ - "=0.5.20" - ] - }, - { - "functionId": { - "className": null, - "filePath": "src/ua-parser.js", - "functionName": "mapper.rgx" - }, - "version": [ - "> 0.5.20 <0.7.18" - ] - }, - { - "functionId": { - "className": null, - "filePath": "ua-parser.js", - "functionName": "mapper.regex" - }, - "version": [ - ">=0.4.0 <0.5.15" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "src/ua-parser.js", - "functionName": "mapper.regex" - }, - "version": [ - "=0.5.20" - ] - }, - { - "functionId": { - "filePath": "src/ua-parser.js", - "functionName": "mapper.rgx" - }, - "version": [ - "> 0.5.20 <0.7.18" - ] - }, - { - "functionId": { - "filePath": "ua-parser.js", - "functionName": "mapper.regex" - }, - "version": [ - ">=0.4.0 <0.5.15" - ] - } - ], - "id": "npm:ua-parser-js:20180227", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-UAPARSERJS-11094" - ], - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.516722Z", - "moduleName": "ua-parser-js", - "packageManager": "npm", - "packageName": "ua-parser-js", - "patches": [], - "publicationTime": "2018-05-02T14:33:27Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/faisalman/ua-parser-js/commit/2e57a9778f0735a1e5e73e723155e155848a88af" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/faisalman/ua-parser-js/issues/298" - }, - { - "title": "GitHub PR", - "url": "https://github.com/faisalman/ua-parser-js/pull/299" - } - ], - "semver": { - "vulnerable": [ - "<0.7.18" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "alternativeIds": [ - "SNYK-JS-UAPARSERJS-11027" - ], - "creationTime": "2018-03-01T12:03:17.553000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 5.3, - "disclosureTime": "2017-10-11T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.7.16" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "src/ua-parser.js", - "functionName": "UAParser.getOS" - }, - "version": [ - "<0.7.16" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "src/ua-parser.js", - "functionName": "UAParser.getOS" - }, - "version": [ - "<0.7.16" - ] - } - ], - "id": "npm:ua-parser-js:20171012", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-UAPARSERJS-11027" - ], - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:02.717672Z", - "moduleName": "ua-parser-js", - "packageManager": "npm", - "packageName": "ua-parser-js", - "patches": [], - "publicationTime": "2018-03-06T11:16:29Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/faisalman/ua-parser-js/commit/25e143ee7caba78c6405a57d1d06b19c1e8e2f79" - }, - { - "title": "GitHub PR", - "url": "https://github.com/faisalman/ua-parser-js/pull/273" - } - ], - "semver": { - "vulnerable": [ - "<0.7.16" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "uikit": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-UIKIT-10448" - ], - "creationTime": "2017-03-20T11:45:02.932000Z", - "credit": [ - "aheinze" - ], - "cvssScore": 5.4, - "disclosureTime": "2016-06-30T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.26.4" - ], - "functions": [], - "functions_new": [], - "id": "npm:uikit:20160701", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-UIKIT-10448" - ], - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2019-12-23T15:15:57.572104Z", - "moduleName": "uikit", - "packageManager": "npm", - "packageName": "uikit", - "patches": [], - "publicationTime": "2017-05-08T12:34:46Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/uikit/uikit/commit/aabd2bf61615fdb25c729a836148aaa4549e9a8b" - } - ], - "semver": { - "vulnerable": [ - ">=2.0.0 <2.26.4" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "underscore.string": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [ - "SNYK-JS-UNDERSCORESTRING-12168" - ], - "creationTime": "2018-06-21T17:51:09.741000Z", - "credit": [ - "Cristian-Alexandru Staicu" - ], - "cvssScore": 7.5, - "disclosureTime": "2017-09-08T17:51:09Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.3.5" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "unescapeHTML.js", - "functionName": "module.exports" - }, - "version": [ - ">2.4.1 <3.3.5" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "unescapeHTML.js", - "functionName": "module.exports" - }, - "version": [ - ">2.4.1 <3.3.5" - ] - } - ], - "id": "npm:underscore.string:20170908", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-UNDERSCORESTRING-12168" - ], - "CVE": [], - "CWE": [ - "CWE-400" - ], - "GHSA": [ - "GHSA-v2p6-4mp7-3r9v" - ], - "NSP": [ - 745 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:53.901480Z", - "moduleName": "underscore.string", - "packageManager": "npm", - "packageName": "underscore.string", - "patches": [], - "publicationTime": "2018-06-25T13:19:28Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/epeli/underscore.string/commit/f486cd684c94c12db48b45d52b1472a1b9661029" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/epeli/underscore.string/issues/510" - } - ], - "semver": { - "vulnerable": [ - ">2.4.1 <3.3.5" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "uri-js": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [ - "SNYK-JS-URIJS-10470" - ], - "creationTime": "2016-08-04T03:44:13.903000Z", - "credit": [ - "Peter Dotchev" - ], - "cvssScore": 7.5, - "disclosureTime": "2016-03-15T08:05:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.0.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:uri-js:20160804", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-URIJS-10470" - ], - "CVE": [ - "CVE-2017-16021" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 100 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:40:08.106307Z", - "moduleName": "uri-js", - "packageManager": "npm", - "packageName": "uri-js", - "patches": [], - "publicationTime": "2017-04-16T08:05:00Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/garycourt/uri-js/issues/12" - }, - { - "title": "GitHub PR", - "url": "https://github.com/garycourt/uri-js/pull/17" - }, - { - "title": "WWW.OWASP.ORG", - "url": "https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS" - } - ], - "semver": { - "vulnerable": [ - "<3.0.0" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "url-parse": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2020-01-27T10:37:31.297521Z", - "credit": [ - "ronperris" - ], - "cvssScore": 7.3, - "disclosureTime": "2020-01-27T09:10:53Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "1.4.5" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-URLPARSE-543307", - "identifiers": { - "CVE": [ - "CVE-2020-8124" - ], - "CWE": [ - "CWE-20" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:37:03.818269Z", - "moduleName": "url-parse", - "packageManager": "npm", - "packageName": "url-parse", - "patches": [], - "publicationTime": "2020-01-27T11:18:35Z", - "references": [ - { - "title": "Hacker1 Report", - "url": "https://hackerone.com/reports/496293" - } - ], - "semver": { - "vulnerable": [ - "<1.4.5" - ] - }, - "severity": "high", - "title": "Improper Input Validation" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-URLPARSE-12186" - ], - "creationTime": "2018-07-19T12:08:46.131000Z", - "credit": [ - "Ahmed" - ], - "cvssScore": 7.5, - "disclosureTime": "2018-07-31T12:08:46Z", - "exploit": "Functional", - "fixedIn": [ - "1.4.3" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "index.js", - "functionName": "URL" - }, - "version": [ - ">=0.1.0 <1.4.3" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "index.js", - "functionName": "URL" - }, - "version": [ - ">=0.1.0 <1.4.3" - ] - } - ], - "id": "npm:url-parse:20180731", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-URLPARSE-12186" - ], - "CVE": [ - "CVE-2018-3774" - ], - "CWE": [ - "CWE-601" - ], - "NSP": [ - 678 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:18.592299Z", - "moduleName": "url-parse", - "packageManager": "npm", - "packageName": "url-parse", - "patches": [], - "publicationTime": "2018-07-31T13:43:37Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de" - }, - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/384029" - } - ], - "semver": { - "vulnerable": [ - "<1.4.3" - ] - }, - "severity": "high", - "title": "Open Redirect" - } - ], - "useragent": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [], - "creationTime": "2019-05-19T10:43:12.145885Z", - "credit": [ - "ChALkeR" - ], - "cvssScore": 7.5, - "disclosureTime": "2019-04-03T20:24:34Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "index.js", - "functionName": "isSafe" - }, - "version": [ - ">=2.1.13 <2.2.0", - ">=2.2.1" - ] - }, - { - "functionId": { - "className": null, - "filePath": "core.js", - "functionName": "isSafe" - }, - "version": [ - ">=2.2.0 <2.2.1" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "index.js", - "functionName": "isSafe" - }, - "version": [ - ">=2.1.13 <2.2.0", - ">=2.2.1" - ] - }, - { - "functionId": { - "filePath": "core.js", - "functionName": "isSafe" - }, - "version": [ - ">=2.2.0 <2.2.1" - ] - } - ], - "id": "SNYK-JS-USERAGENT-174737", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2019-05-23T12:34:55.461665Z", - "moduleName": "useragent", - "packageManager": "npm", - "packageName": "useragent", - "patches": [], - "publicationTime": "2019-05-19T10:43:43Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/3rd-Eden/useragent/commit/187c17255028bd30d82e3af108846ce73a8197fb" - }, - { - "title": "GitHub PR", - "url": "https://github.com/3rd-Eden/useragent/pull/137" - }, - { - "title": "GitHub PR", - "url": "https://github.com/3rd-Eden/useragent/pull/140" - }, - { - "title": "GitHub PR", - "url": "https://github.com/3rd-Eden/useragent/pull/145" - }, - { - "title": "Hackerone Report", - "url": "https://hackerone.com/reports/320159" - } - ], - "semver": { - "vulnerable": [ - "<=2.3.0" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "alternativeIds": [ - "SNYK-JS-USERAGENT-11000" - ], - "creationTime": "2018-02-28T15:30:23.809000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 5.3, - "disclosureTime": "2017-03-07T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.1.13" - ], - "functions": [], - "functions_new": [], - "id": "npm:useragent:20170308", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-USERAGENT-11000" - ], - "CVE": [], - "CWE": [ - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2019-05-19T10:50:02.327726Z", - "moduleName": "useragent", - "packageManager": "npm", - "packageName": "useragent", - "patches": [], - "publicationTime": "2018-03-06T11:16:29.988000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/3rd-Eden/useragent/commit/b18cf7c2a13c994ea8d6d0d132feef4eb8193c36" - } - ], - "semver": { - "vulnerable": [ - "<2.1.13" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-USERAGENT-10471" - ], - "creationTime": "2017-04-16T08:45:42.742000Z", - "credit": [ - "Mathias Madsen" - ], - "cvssScore": 7.5, - "disclosureTime": "2017-02-06T22:45:42.742000Z", - "exploit": "High", - "fixedIn": [ - "2.1.12" - ], - "functions": [], - "functions_new": [], - "id": "npm:useragent:20170206", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-USERAGENT-10471" - ], - "CVE": [ - "CVE-2017-16030" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 312 - ] - }, - "language": "js", - "modificationTime": "2019-05-19T10:50:02.320124Z", - "moduleName": "useragent", - "packageManager": "npm", - "packageName": "useragent", - "patches": [], - "publicationTime": "2017-04-16T08:45:42.742000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/3rd-Eden/useragent/commit/64b15c9446a24abd9f52ed4ceb970f1a5cf790dd" - } - ], - "semver": { - "vulnerable": [ - "<2.1.12" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "utile": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-UTILE-12182" - ], - "creationTime": "2018-07-23T19:21:17.566000Z", - "credit": [ - "ChALkeR" - ], - "cvssScore": 2.2, - "disclosureTime": "2018-06-14T19:21:17.566000Z", - "exploit": "Not Defined", - "fixedIn": [], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "lib/base64.js", - "functionName": "base64.decode" - }, - "version": [ - ">0.0.6 <=0.3.0" - ] - }, - { - "functionId": { - "className": null, - "filePath": "lib/base64.js", - "functionName": "base64.encode" - }, - "version": [ - ">0.0.6 <=0.3.0" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "lib/base64.js", - "functionName": "base64.decode" - }, - "version": [ - ">0.0.6 <=0.3.0" - ] - }, - { - "functionId": { - "filePath": "lib/base64.js", - "functionName": "base64.encode" - }, - "version": [ - ">0.0.6 <=0.3.0" - ] - } - ], - "id": "npm:utile:20180614", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-UTILE-12182" - ], - "CVE": [], - "CWE": [ - "CWE-399" - ] - }, - "language": "js", - "modificationTime": "2019-05-21T08:15:11.559382Z", - "moduleName": "utile", - "packageManager": "npm", - "packageName": "utile", - "patches": [], - "publicationTime": "2018-07-24T15:14:13.765000Z", - "references": [ - { - "title": "HackerOne Report", - "url": "https://hackerone.com/reports/321701" - } - ], - "semver": { - "vulnerable": [ - "<=0.3.0" - ] - }, - "severity": "low", - "title": "Uninitialized Memory Exposure" - } - ], - "uuid": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-UUID-10214" - ], - "creationTime": "2016-11-23T15:24:29.994000Z", - "credit": [ - "Robert Kieffer" - ], - "cvssScore": 5.3, - "disclosureTime": "2011-12-29T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.3.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:uuid:20111230", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-UUID-10214" - ], - "CVE": [], - "CWE": [ - "CWE-330" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:24.640655Z", - "moduleName": "uuid", - "packageManager": "npm", - "packageName": "uuid", - "patches": [], - "publicationTime": "2017-02-13T15:24:29.994000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/defunctzombie/node-uuid/commit/283bd40be4c1836e510ec7a1685288f2d52943f8" - } - ], - "semver": { - "vulnerable": [ - "<1.3.1" - ] - }, - "severity": "medium", - "title": "Insecure Randomness" - } - ], - "valid-data-url": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-VALIDDATAURL-10888" - ], - "creationTime": "2018-02-15T14:36:50Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 5.3, - "disclosureTime": "2018-02-13T20:39:06Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "0.1.5" - ], - "functions": [], - "functions_new": [], - "id": "npm:valid-data-url:20180214", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-VALIDDATAURL-10888" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.635385Z", - "moduleName": "valid-data-url", - "packageManager": "npm", - "packageName": "valid-data-url", - "patches": [], - "publicationTime": "2018-02-15T19:52:28.947000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/killmenot/valid-data-url/commit/64bad3cf1eff246103d71b51f945d7ea73bf7adf" - } - ], - "semver": { - "vulnerable": [ - "<0.1.5" - ] - }, - "severity": "medium", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "validator": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-VALIDATOR-10896" - ], - "creationTime": "2018-02-18T14:36:50Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 3.7, - "disclosureTime": "2018-02-18T20:39:06Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "9.4.1" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "lib/isDataURI.js", - "functionName": "isDataURI" - }, - "version": [ - ">=5.2.0 <9.4.1" - ] - }, - { - "functionId": { - "className": null, - "filePath": "validator.js", - "functionName": "isDataURI" - }, - "version": [ - ">=5.2.0 <9.4.1" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "lib/isDataURI.js", - "functionName": "isDataURI" - }, - "version": [ - ">=5.2.0 <9.4.1" - ] - }, - { - "functionId": { - "filePath": "validator.js", - "functionName": "isDataURI" - }, - "version": [ - ">=5.2.0 <9.4.1" - ] - } - ], - "id": "npm:validator:20180218", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-VALIDATOR-10896" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:46.799441Z", - "moduleName": "validator", - "packageManager": "npm", - "packageName": "validator", - "patches": [], - "publicationTime": "2018-02-18T15:02:40Z", - "references": [ - { - "title": "GitHub ChangeLog", - "url": "https://github.com/chriso/validator.js/blob/master/CHANGELOG.md%23941" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/chriso/validator.js/commit/19508354cde4e08c75b377321a3d5f910dddee4e" - } - ], - "semver": { - "vulnerable": [ - ">=5.2.0 <9.4.1" - ] - }, - "severity": "low", - "title": "Regular Expression Denial of Service (ReDoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "alternativeIds": [ - "SNYK-JS-VALIDATOR-10895" - ], - "creationTime": "2018-02-18T14:36:50Z", - "credit": [ - "Guillaume Leclerc" - ], - "cvssScore": 5.3, - "disclosureTime": "2016-02-18T20:39:06Z", - "exploit": "Not Defined", - "fixedIn": [ - "5.0.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:validator:20160218", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-VALIDATOR-10895" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2019-04-30T14:17:25.773876Z", - "moduleName": "validator", - "packageManager": "npm", - "packageName": "validator", - "patches": [], - "publicationTime": "2018-02-18T15:02:40.305000Z", - "references": [ - { - "title": "GitHub ChangeLog", - "url": "https://github.com/chriso/validator.js/blob/master/CHANGELOG.md%23941" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/chriso/validator.js/commit/19508354cde4e08c75b377321a3d5f910dddee4e" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/chriso/validator.js/issues/502" - }, - { - "title": "GitHub PR", - "url": "https://github.com/chriso/validator.js/pull/503" - } - ], - "semver": { - "vulnerable": [ - "<5.0.0" - ] - }, - "severity": "medium", - "title": "Buffer Overflow" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "alternativeIds": [ - "SNYK-JS-VALIDATOR-10213" - ], - "creationTime": "2016-11-23T14:52:22.668000Z", - "credit": [ - "Alessandro Segala" - ], - "cvssScore": 4.3, - "disclosureTime": "2015-03-12T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.34.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:validator:20150313", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-VALIDATOR-10213" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:26.553565Z", - "moduleName": "validator", - "packageManager": "npm", - "packageName": "validator", - "patches": [], - "publicationTime": "2017-01-30T15:00:00Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/chriso/validator.js/commit/570889bf1b3c963439871a0c15aa5801ef6322d7" - } - ], - "semver": { - "vulnerable": [ - ">=3.0.0 <3.34.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "alternativeIds": [ - "SNYK-JS-VALIDATOR-10026" - ], - "creationTime": "2014-11-12T08:45:48Z", - "credit": [ - "Karl Düüna" - ], - "cvssScore": 7.5, - "disclosureTime": "2014-11-12T08:45:48Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.22.1" - ], - "functions": [ - { - "functionId": { - "className": null, - "filePath": "lib/validators.js", - "functionName": "validators.isEmail" - }, - "version": [ - ">2.0.0 <=2.1.0" - ] - }, - { - "functionId": { - "className": null, - "filePath": "validator.js", - "functionName": "validator.isEmail" - }, - "version": [ - ">2.1.0 <3.22.1" - ] - } - ], - "functions_new": [ - { - "functionId": { - "filePath": "lib/validators.js", - "functionName": "validators.isEmail" - }, - "version": [ - ">2.0.0 <=2.1.0" - ] - }, - { - "functionId": { - "filePath": "validator.js", - "functionName": "validator.isEmail" - }, - "version": [ - ">2.1.0 <3.22.1" - ] - } - ], - "id": "npm:validator:20130705", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-VALIDATOR-10026" - ], - "CVE": [ - "CVE-2014-8882" - ], - "CWE": [ - "CWE-400" - ], - "NSP": [ - 42 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:49.081687Z", - "moduleName": "validator", - "packageManager": "npm", - "packageName": "validator", - "patches": [], - "publicationTime": "2014-11-12T08:45:48Z", - "references": [ - { - "title": "Analysis of Node.js platform web application security (pdf)", - "url": "http://lab.cs.ttu.ee/dl93" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/chriso/validator.js/issues/152%23issuecomment-48107184" - } - ], - "semver": { - "vulnerable": [ - ">=0.1.0 <3.22.1" - ] - }, - "severity": "high", - "title": "Regular Expression Denial of Service (ReDoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-VALIDATOR-10024" - ], - "creationTime": "2014-10-27T06:33:48Z", - "credit": [ - "taku0" - ], - "cvssScore": 6.5, - "disclosureTime": "2014-10-27T06:33:48Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.0.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:validator:20130705-1", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-VALIDATOR-10024" - ], - "CVE": [ - "CVE-2014-9772" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 43 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:50.604657Z", - "moduleName": "validator", - "packageManager": "npm", - "packageName": "validator", - "patches": [ - { - "comments": [], - "id": "patch:npm:validator:20130705-1:0", - "modificationTime": "2019-12-03T11:40:45.747672Z", - "urls": [ - "https://snyk-patches.s3.amazonaws.com/npm/validator/20130705-1/validator_20130705-1_0_0_2d5d6999541add350fb396ef02dc42ca3215049e_snyk.patch" - ], - "version": "<2.0.0 >=1.5.1" - } - ], - "publicationTime": "2014-10-27T06:33:48Z", - "references": [ - { - "title": "GitHub Issue", - "url": "https://github.com/chriso/validator.js/issues/181" - } - ], - "semver": { - "vulnerable": [ - "<2.0.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-VALIDATOR-10006" - ], - "creationTime": "2013-07-05T09:29:10Z", - "credit": [ - "Neal Poole", - "Krzysztof Kotowicz" - ], - "cvssScore": 6.5, - "disclosureTime": "2013-07-05T09:29:10Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.1.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:validator:20130705-2", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-VALIDATOR-10006" - ], - "CVE": [ - "CVE-2013-7451", - "CVE-2013-7452", - "CVE-2013-7453", - "CVE-2013-7454" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 41 - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:48.332307Z", - "moduleName": "validator", - "packageManager": "npm", - "packageName": "validator", - "patches": [], - "publicationTime": "2013-07-05T09:29:10Z", - "references": [ - { - "title": "CodeIgniter <= 2.1.1 xss_clean() Cross Site Scripting filter bypass", - "url": "http://blog.kotowicz.net/2012/07/codeigniter-210-xssclean-cross-site.html" - }, - { - "title": "XSS Filter Bypass in validator Node.js Module", - "url": "https://nealpoole.com/blog/2013/07/xss-filter-bypass-in-validator-nodejs-module/" - } - ], - "semver": { - "vulnerable": [ - "<1.1.1" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "vega": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-VEGA-10424" - ], - "creationTime": "2017-03-01T15:06:16.813000Z", - "credit": [ - "Ryan Russell" - ], - "cvssScore": 5.4, - "disclosureTime": "2015-11-20T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.4.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:vega:20151121", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-VEGA-10424" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:57.581588Z", - "moduleName": "vega", - "packageManager": "npm", - "packageName": "vega", - "patches": [], - "publicationTime": "2017-03-13T08:00:22.934000Z", - "references": [ - { - "title": "GitHub Comparison", - "url": "https://github.com/vega/vega/compare/d778748acd9833e77d7b8380d3402d305b16c9e8...c97316c4462cde93297e0c7e861873131da8fb54" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/vega/vega/issues/444" - }, - { - "title": "GitHub PR", - "url": "https://github.com/vega/vega/pull/449" - } - ], - "semver": { - "vulnerable": [ - "<2.4.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "vue": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-VUE-12036" - ], - "creationTime": "2017-12-19T11:56:17.017000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2017-08-28T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.4.3" - ], - "functions": [], - "functions_new": [], - "id": "npm:vue:20170829", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-VUE-12036" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-06-02T07:10:48.027016Z", - "moduleName": "vue", - "packageManager": "npm", - "packageName": "vue", - "patches": [], - "publicationTime": "2017-12-25T14:45:02.568000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/vuejs/vue/commit/5091e2c9847601e329ac36d17eae90bb5cb77a91" - } - ], - "semver": { - "vulnerable": [ - "<2.4.3" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-VUE-12035" - ], - "creationTime": "2017-12-19T11:55:30.354000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 6.5, - "disclosureTime": "2017-03-31T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.3.0-beta.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:vue:20170401", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-VUE-12035" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:25.050609Z", - "moduleName": "vue", - "packageManager": "npm", - "packageName": "vue", - "patches": [], - "publicationTime": "2017-12-25T14:45:02.463000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/vuejs/vue/commit/1e37633567f5d015db24ae0210b1adb4b1c3d355" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/vuejs/vue/issues/5351" - } - ], - "semver": { - "vulnerable": [ - "<2.3.0-beta.1" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-VUE-11126" - ], - "creationTime": "2018-08-02T20:00:00Z", - "credit": [ - "Dan Abramov" - ], - "cvssScore": 6.5, - "disclosureTime": "2018-08-01T11:44:35Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "2.5.17" - ], - "functions": [], - "functions_new": [], - "id": "npm:vue:20180802", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-VUE-11126" - ], - "CVE": [ - "CVE-2018-6341" - ], - "CWE": [ - "CWE-79" - ], - "GHSA": [ - "GHSA-cg48-9hh2-x6mx" - ], - "NSP": [ - 1421 - ] - }, - "language": "js", - "modificationTime": "2020-06-12T14:36:45.513034Z", - "moduleName": "vue", - "packageManager": "npm", - "packageName": "vue", - "patches": [], - "publicationTime": "2020-04-06T11:39:36Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/facebook/react/pull/13302/commits/cac762a32b322f5d99a5a8c807cf70f16a948fd8" - }, - { - "title": "GitHub Commit", - "url": "https://github.com/vuejs/vue/commit/c28f79290d57240c607d8cec3b3413b49702e1fb" - }, - { - "title": "GitHub PR", - "url": "https://github.com/facebook/react/pull/13302" - }, - { - "title": "GitHub PR", - "url": "https://github.com/sveltejs/svelte/pull/1623" - }, - { - "title": "GitHub Release", - "url": "https://github.com/developit/preact-render-to-string/releases/tag/3.7.2" - }, - { - "title": "GitHub Release", - "url": "https://github.com/vuejs/vue/releases/tag/v2.5.17" - }, - { - "title": "@reactjs tweet", - "url": "https://twitter.com/reactjs/status/1024745321987887104" - }, - { - "title": "React Security Blog", - "url": "https://reactjs.org/blog/2018/08/01/react-v-16-4-2.html" - }, - { - "title": "@vuejs tweet", - "url": "https://twitter.com/vuejs/status/1024754536877973504" - } - ], - "semver": { - "vulnerable": [ - "<2.5.17" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-VUE-10910" - ], - "creationTime": "2018-02-22T14:36:50Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 3.7, - "disclosureTime": "2018-02-21T16:19:06Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "2.5.14" - ], - "functions": [], - "functions_new": [], - "id": "npm:vue:20180222", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-VUE-10910" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.626630Z", - "moduleName": "vue", - "packageManager": "npm", - "packageName": "vue", - "patches": [], - "publicationTime": "2018-02-22T15:42:02Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/vuejs/vue/commit/cd334070f3b82d3f5892c4999cc290ccd4f56fd8" - } - ], - "semver": { - "vulnerable": [ - "<2.5.14" - ] - }, - "severity": "low", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "wicket": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-WICKET-10989" - ], - "creationTime": "2018-02-27T13:46:54.168000Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 3.7, - "disclosureTime": "2018-02-27T13:46:54.168000Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "1.3.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:wicket:20180225", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-WICKET-10989" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.777499Z", - "moduleName": "wicket", - "packageManager": "npm", - "packageName": "wicket", - "patches": [], - "publicationTime": "2018-02-27T16:32:25.060000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/arthur-e/Wicket/commit/aa4a3bc1ec50c55c06ea4faf11dd36d2623ac4a2" - }, - { - "title": "GitHub PR", - "url": "https://github.com/arthur-e/Wicket/pull/122" - } - ], - "semver": { - "vulnerable": [ - "<1.3.2" - ] - }, - "severity": "low", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "wysihtml": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-WYSIHTML-10425" - ], - "creationTime": "2017-03-01T14:24:34.987000Z", - "credit": [ - "Christopher Blum" - ], - "cvssScore": 5.4, - "disclosureTime": "2012-12-28T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "0.4.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:wysihtml:20121229", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-WYSIHTML-10425" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:56.081072Z", - "moduleName": "wysihtml", - "packageManager": "npm", - "packageName": "wysihtml", - "patches": [], - "publicationTime": "2017-03-13T08:00:23.005000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/Voog/wysihtml/commit/34ebe36a3d6b070883f9315fa3097f7598ed11e9" - } - ], - "semver": { - "vulnerable": [ - "<0.4.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "xlsx": [ - { - "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", - "alternativeIds": [], - "creationTime": "2020-07-17T15:50:50.104711Z", - "credit": [ - "Jamie Davis of Virginia Tech", - "Adam Cazzolla of Sonatype Security Team" - ], - "cvssScore": 3.7, - "disclosureTime": "2020-04-20T15:50:15Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "0.16.0" - ], - "functions": [], - "functions_new": [], - "id": "SNYK-JS-XLSX-585898", - "identifiers": { - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-07-17T15:55:44.271232Z", - "moduleName": "xlsx", - "packageManager": "npm", - "packageName": "xlsx", - "patches": [], - "publicationTime": "2020-07-17T15:50:04Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/SheetJS/sheetjs/commit/257d4e6db2444ce1a0be814c1c352423f4aba7b5" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/SheetJS/sheetjs/issues/1904" - } - ], - "semver": { - "vulnerable": [ - "<0.16.0" - ] - }, - "severity": "low", - "title": "Regular Expression Denial of Service (ReDoS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-XLSX-10909" - ], - "creationTime": "2018-02-20T14:36:50Z", - "credit": [ - "Jamie Davis" - ], - "cvssScore": 3.7, - "disclosureTime": "2018-02-21T16:19:06Z", - "exploit": "Proof of Concept", - "fixedIn": [ - "0.12.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:xlsx:20180222", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-XLSX-10909" - ], - "CVE": [], - "CWE": [ - "CWE-185", - "CWE-400" - ] - }, - "language": "js", - "modificationTime": "2020-06-09T09:57:45.398613Z", - "moduleName": "xlsx", - "packageManager": "npm", - "packageName": "xlsx", - "patches": [], - "publicationTime": "2018-02-22T15:42:02Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/SheetJS/js-xlsx/commit/88e9e31ebf067c40b58c84dc1a7a842750c379ba" - } - ], - "semver": { - "vulnerable": [ - "<0.12.2" - ] - }, - "severity": "low", - "title": "Regular Expression Denial of Service (ReDoS)" - } - ], - "yui": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-YUI-10387" - ], - "creationTime": "2017-01-22T09:01:24.863000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 5.4, - "disclosureTime": "2013-06-03T21:00:00Z", - "exploit": "Functional", - "fixedIn": [ - "3.10.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:yui:20130604", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-YUI-10387" - ], - "CVE": [ - "CVE-2013-4939", - "CVE-2013-4940" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-04-06T16:45:16.761354Z", - "moduleName": "yui", - "packageManager": "npm", - "packageName": "yui", - "patches": [], - "publicationTime": "2017-02-13T09:01:24.863000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/yui/yui3/commit/da0d3a401ebf5a9cfab30e9ca7621aaf73ace79c" - }, - { - "title": "YUI Blog", - "url": "http://yuiblog.com/blog/2013/06/06/yui-3-10-3-released-to-fix-reintroduced-swf-vulnerability/" - }, - { - "title": "YUI Security Updates", - "url": "http://yuilibrary.com/support/20130515-vulnerability/" - } - ], - "semver": { - "vulnerable": [ - ">=3.0.0 <3.10.1", - "=3.10.2" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C", - "alternativeIds": [ - "SNYK-JS-YUI-10386" - ], - "creationTime": "2017-01-22T08:54:05.822000Z", - "credit": [ - "Aleksandr Dobkin" - ], - "cvssScore": 5.4, - "disclosureTime": "2013-05-14T21:00:00Z", - "exploit": "Functional", - "fixedIn": [ - "3.10.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:yui:20130515", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-YUI-10386" - ], - "CVE": [ - "CVE-2013-4941", - "CVE-2013-4942" - ], - "CWE": [ - "CWE-79" - ], - "NSP": [ - 332 - ] - }, - "language": "js", - "modificationTime": "2019-05-30T14:48:00.268806Z", - "moduleName": "yui", - "packageManager": "npm", - "packageName": "yui", - "patches": [], - "publicationTime": "2017-02-13T08:54:05.822000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/yui/yui3/commit/6a2da7d0df7f4b0d347cfbfb46e131d403658fc4" - }, - { - "title": "YUI Security Updates", - "url": "http://yuilibrary.com/support/20130515-vulnerability/" - } - ], - "semver": { - "vulnerable": [ - "<3.10.0 >=3.0.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-YUI-10385" - ], - "creationTime": "2017-01-22T09:20:03.679000Z", - "credit": [ - "Unknwon" - ], - "cvssScore": 5.4, - "disclosureTime": "2012-10-29T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.0.0" - ], - "functions": [], - "functions_new": [], - "id": "npm:yui:20121030", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-YUI-10385" - ], - "CVE": [ - "CVE-2012-5881", - "CVE-2012-5882", - "CVE-2012-5883" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-05-30T14:47:59.566607Z", - "moduleName": "yui", - "packageManager": "npm", - "packageName": "yui", - "patches": [], - "publicationTime": "2017-02-13T09:20:03.679000Z", - "references": [ - { - "title": "YUI Security Updates", - "url": "http://yuilibrary.com/support/20121030-vulnerability/" - } - ], - "semver": { - "vulnerable": [ - "<3.0.0 >=2.4.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-YUI-10384" - ], - "creationTime": "2017-01-22T09:12:40.841000Z", - "credit": [ - "Ryan Grove" - ], - "cvssScore": 5.4, - "disclosureTime": "2012-04-27T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "3.5.1" - ], - "functions": [], - "functions_new": [], - "id": "npm:yui:20120428", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-YUI-10384" - ], - "CVE": [], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:42.601602Z", - "moduleName": "yui", - "packageManager": "npm", - "packageName": "yui", - "patches": [], - "publicationTime": "2017-02-13T09:12:40.841000Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/yui/yui3/commit/c5a4b8ccdcdae7142a0fd8d9a3ec3a499cd60b3d" - }, - { - "title": "GitHub Release Notes", - "url": "https://github.com/yui/yui2/blob/master/RELEASENOTES%23L124" - } - ], - "semver": { - "vulnerable": [ - "<3.5.1 >=3.5.0-PR1" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-YUI-10383" - ], - "creationTime": "2017-01-22T09:24:55.944000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 5.4, - "disclosureTime": "2010-10-24T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "2.8.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:yui:20101025", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-YUI-10383" - ], - "CVE": [ - "CVE-2010-4207" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-05-30T14:47:58.142372Z", - "moduleName": "yui", - "packageManager": "npm", - "packageName": "yui", - "patches": [], - "publicationTime": "2017-02-13T09:24:55.944000Z", - "references": [ - { - "title": "YUI Security Updates", - "url": "http://yuiblog.com/blog/2010/10/25/yui-2-8-2-security-update/" - } - ], - "semver": { - "vulnerable": [ - "<2.8.2 >=2.4.0" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ], - "zeroclipboard": [ - { - "CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-ZEROCLIPBOARD-12091" - ], - "creationTime": "2018-03-11T09:04:07.187000Z", - "credit": [ - "Unknown" - ], - "cvssScore": 3.7, - "disclosureTime": "2013-01-04T09:04:07Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.0.8" - ], - "functions": [], - "functions_new": [], - "id": "npm:zeroclipboard:20130104", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ZEROCLIPBOARD-12091" - ], - "CVE": [ - "CVE-2013-1808" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:38:28.058625Z", - "moduleName": "zeroclipboard", - "packageManager": "npm", - "packageName": "zeroclipboard", - "patches": [], - "publicationTime": "2018-03-15T13:14:47Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/zeroclipboard/zeroclipboard/commit/a0e02933f5f7ce5f364fbad36a005f0a349f0696" - }, - { - "title": "Jenkins Security Advisory", - "url": "https://www.cloudbees.com/jenkins-security-advisory-2013-05-02" - }, - { - "title": "NVD", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1808" - } - ], - "semver": { - "vulnerable": [ - "<1.0.8" - ] - }, - "severity": "low", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-ZEROCLIPBOARD-10428" - ], - "creationTime": "2017-02-13T15:47:17.281000Z", - "credit": [ - "Masato Kinugawa" - ], - "cvssScore": 4.3, - "disclosureTime": "2014-01-30T22:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.3.2" - ], - "functions": [], - "functions_new": [], - "id": "npm:zeroclipboard:20140131", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ZEROCLIPBOARD-10428" - ], - "CVE": [ - "CVE-2014-1869" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2020-01-10T15:42:10.298760Z", - "moduleName": "zeroclipboard", - "packageManager": "npm", - "packageName": "zeroclipboard", - "patches": [], - "publicationTime": "2017-03-13T08:00:23Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/zeroclipboard/zeroclipboard/commit/2f9eb9750a433965572d047e24b0fc78fd1415ca" - }, - { - "title": "GitHub PR", - "url": "https://github.com/zeroclipboard/zeroclipboard/pull/335" - } - ], - "semver": { - "vulnerable": [ - ">=1.0.7 <1.3.2" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - }, - { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "alternativeIds": [ - "SNYK-JS-ZEROCLIPBOARD-10427" - ], - "creationTime": "2017-02-13T15:29:56.077000Z", - "credit": [ - "Kingfo" - ], - "cvssScore": 4.3, - "disclosureTime": "2012-05-27T21:00:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.1.4" - ], - "functions": [], - "functions_new": [], - "id": "npm:zeroclipboard:20120528", - "identifiers": { - "ALTERNATIVE": [ - "SNYK-JS-ZEROCLIPBOARD-10427" - ], - "CVE": [ - "CVE-2012-6550" - ], - "CWE": [ - "CWE-79" - ] - }, - "language": "js", - "modificationTime": "2019-12-02T14:39:59.842090Z", - "moduleName": "zeroclipboard", - "packageManager": "npm", - "packageName": "zeroclipboard", - "patches": [], - "publicationTime": "2017-03-13T08:00:23Z", - "references": [ - { - "title": "GitHub Commit", - "url": "https://github.com/zeroclipboard/zeroclipboard/commit/51b67b6d696f62aaf003210c08542588222c4913" - }, - { - "title": "GitHub Issue", - "url": "https://github.com/zeroclipboard/zeroclipboard/issues/14" - }, - { - "title": "GitHub PR", - "url": "https://github.com/zeroclipboard/zeroclipboard/pull/2" - }, - { - "title": "GitHub Release", - "url": "https://github.com/zeroclipboard/zeroclipboard/releases/tag/v1.1.4" - }, - { - "title": "Seclists Full Disclosure", - "url": "http://seclists.org/fulldisclosure/2013/Feb/103" - } - ], - "semver": { - "vulnerable": [ - "<1.1.4" - ] - }, - "severity": "medium", - "title": "Cross-site Scripting (XSS)" - } - ] - } -} \ No newline at end of file +{"npm":{"ag-grid":[],"angular":[{"id":"SNYK-JS-ANGULAR-572020","packageManager":"npm","packageName":"angular","semver":{"vulnerable":["<1.8.0"]},"severity":"high"},{"id":"SNYK-JS-ANGULAR-570058","packageManager":"npm","packageName":"angular","semver":{"vulnerable":["<1.8.0"]},"severity":"medium"},{"id":"SNYK-JS-ANGULAR-534884","packageManager":"npm","packageName":"angular","semver":{"vulnerable":[">=1.4.0-beta.6 <1.7.9"]},"severity":"high"},{"id":"SNYK-JS-ANGULAR-471885","packageManager":"npm","packageName":"angular","semver":{"vulnerable":["<1.6.3"]},"severity":"medium"},{"id":"SNYK-JS-ANGULAR-471882","packageManager":"npm","packageName":"angular","semver":{"vulnerable":["<1.6.5"]},"severity":"medium"},{"id":"SNYK-JS-ANGULAR-471879","packageManager":"npm","packageName":"angular","semver":{"vulnerable":["<1.6.0-rc.0"]},"severity":"medium"},{"id":"npm:angular:20180202","packageManager":"npm","packageName":"angular","semver":{"vulnerable":["<1.6.9"]},"severity":"medium"},{"id":"npm:angular:20171018","packageManager":"npm","packageName":"angular","semver":{"vulnerable":["<1.6.7"]},"severity":"medium"},{"id":"npm:angular:20160527","packageManager":"npm","packageName":"angular","semver":{"vulnerable":[">=1.0.0 <1.2.30"]},"severity":"medium"},{"id":"npm:angular:20160122","packageManager":"npm","packageName":"angular","semver":{"vulnerable":[">=1.3.0 <1.5.0-rc.2"]},"severity":"medium"},{"id":"npm:angular:20140608","packageManager":"npm","packageName":"angular","semver":{"vulnerable":["<1.3.0"]},"severity":"low"},{"id":"npm:angular:20131113","packageManager":"npm","packageName":"angular","semver":{"vulnerable":["<1.2.2"]},"severity":"high"},{"id":"npm:angular:20140908","packageManager":"npm","packageName":"angular","semver":{"vulnerable":["<1.3.0-rc.4"]},"severity":"medium"},{"id":"npm:angular:20161101","packageManager":"npm","packageName":"angular","semver":{"vulnerable":[">=1.5.0 <1.5.9"]},"severity":"medium"},{"id":"npm:angular:20150909","packageManager":"npm","packageName":"angular","semver":{"vulnerable":["<1.5.0-beta.2"]},"severity":"high"},{"id":"npm:angular:20151205","packageManager":"npm","packageName":"angular","semver":{"vulnerable":["<1.5.0-rc.0"]},"severity":"medium"},{"id":"npm:angular:20151130","packageManager":"npm","packageName":"angular","semver":{"vulnerable":["<1.4.10"]},"severity":"medium"},{"id":"npm:angular:20130622","packageManager":"npm","packageName":"angular","semver":{"vulnerable":[">=1.0.0 <1.2.0"]},"severity":"medium"},{"id":"npm:angular:20150807-1","packageManager":"npm","packageName":"angular","semver":{"vulnerable":[">=1.3.1 <1.5.0-beta.0"]},"severity":"medium"},{"id":"npm:angular:20150807","packageManager":"npm","packageName":"angular","semver":{"vulnerable":[">=1.0.0 <1.5.0-beta.0"]},"severity":"high"},{"id":"npm:angular:20150315","packageManager":"npm","packageName":"angular","semver":{"vulnerable":["<1.6.1"]},"severity":"medium"},{"id":"npm:angular:20150310","packageManager":"npm","packageName":"angular","semver":{"vulnerable":["<1.4.0-beta.6"]},"severity":"high"},{"id":"npm:angular:20141104","packageManager":"npm","packageName":"angular","semver":{"vulnerable":["<1.3.2"]},"severity":"medium"},{"id":"npm:angular:20130621","packageManager":"npm","packageName":"angular","semver":{"vulnerable":["<1.2.0"]},"severity":"medium"},{"id":"npm:angular:20140909","packageManager":"npm","packageName":"angular","semver":{"vulnerable":[">=1.2.19 <1.2.24"]},"severity":"high"},{"id":"npm:angular:20130625","packageManager":"npm","packageName":"angular","semver":{"vulnerable":["<1.1.5"]},"severity":"high"}],"angular-gettext":[],"angular-jwt":[],"angular-redactor":[],"ansi2html":[],"ascii-art":[],"assign-deep":[],"astronomia":[],"atob":[],"auth0-lock":[],"backbone":[{"id":"npm:backbone:20160523","packageManager":"npm","packageName":"backbone","semver":{"vulnerable":["<0.1.2"]},"severity":"medium"},{"id":"npm:backbone:20110701","packageManager":"npm","packageName":"backbone","semver":{"vulnerable":["<0.5.0"]},"severity":"medium"}],"base64-url":[],"blueimp-file-upload":[],"bootstrap":[{"id":"SNYK-JS-BOOTSTRAP-173700","packageManager":"npm","packageName":"bootstrap","semver":{"vulnerable":["<3.4.1",">=4.0.0 <4.3.1"]},"severity":"medium"},{"id":"SNYK-JS-BOOTSTRAP-73560","packageManager":"npm","packageName":"bootstrap","semver":{"vulnerable":[">=4.0.0 <4.1.2"]},"severity":"medium"},{"id":"SNYK-JS-BOOTSTRAP-72890","packageManager":"npm","packageName":"bootstrap","semver":{"vulnerable":["<3.4.0"]},"severity":"medium"},{"id":"SNYK-JS-BOOTSTRAP-72889","packageManager":"npm","packageName":"bootstrap","semver":{"vulnerable":["<3.4.0"]},"severity":"medium"},{"id":"npm:bootstrap:20180529","packageManager":"npm","packageName":"bootstrap","semver":{"vulnerable":["<3.4.0",">=4.0.0 <4.1.2"]},"severity":"medium"},{"id":"npm:bootstrap:20160627","packageManager":"npm","packageName":"bootstrap","semver":{"vulnerable":["<3.4.0",">=4.0.0-alpha <4.0.0-beta.2"]},"severity":"medium"},{"id":"npm:bootstrap:20120510","packageManager":"npm","packageName":"bootstrap","semver":{"vulnerable":["<2.1.0"]},"severity":"medium"}],"bootstrap-markdown":[],"bootstrap-tagsinput":[],"brace-expansion":[],"braces":[],"bson":[],"buefy":[],"c3":[],"checkit":[],"citeproc":[],"ckeditor":[],"clusterize.js":[],"compromise":[],"console-io":[],"content-type-parser":[],"crypto-browserify":[],"d3.js":[],"datatables":[],"deap":[],"decamelize":[],"deep-extend":[],"defaults-deep":[],"diff":[],"dijit":[],"dojo":[{"id":"SNYK-JS-DOJO-559224","packageManager":"npm","packageName":"dojo","semver":{"vulnerable":["<1.11.10",">=1.12.0 <1.12.8",">=1.13.0 <1.13.7",">=1.14.0 <1.14.6",">=1.15.0 <1.15.3",">=1.16.0 <1.16.2"]},"severity":"medium"},{"id":"SNYK-JS-DOJO-174934","packageManager":"npm","packageName":"dojo","semver":{"vulnerable":[">=1.0.0 <1.0.3",">=1.1.0 <1.1.2",">=1.2.0 <1.2.4",">=1.3.0 <1.3.3",">=1.4.0 <1.4.2"]},"severity":"medium"},{"id":"SNYK-JS-DOJO-174933","packageManager":"npm","packageName":"dojo","semver":{"vulnerable":["<1.2.0"]},"severity":"medium"},{"id":"SNYK-JS-DOJO-72305","packageManager":"npm","packageName":"dojo","semver":{"vulnerable":["<1.14"]},"severity":"medium"},{"id":"npm:dojo:20180818","packageManager":"npm","packageName":"dojo","semver":{"vulnerable":["<1.10.10",">=1.11.0 <1.11.6",">=1.12.0 <1.12.4",">=1.13.0 <1.13.1"]},"severity":"medium"},{"id":"npm:dojo:20160523","packageManager":"npm","packageName":"dojo","semver":{"vulnerable":["<0.0.0"]},"severity":"medium"},{"id":"npm:dojo:20100614-6","packageManager":"npm","packageName":"dojo","semver":{"vulnerable":["<1.4.2"]},"severity":"medium"},{"id":"npm:dojo:20100614","packageManager":"npm","packageName":"dojo","semver":{"vulnerable":[">=0.4.0 <0.4.4",">=1.0.0 <1.0.3",">=1.1.0 <1.1.2",">=1.2.0 <1.2.4",">=1.3.0 <1.3.3",">=1.4.0 <1.4.2"]},"severity":"medium"},{"id":"npm:dojo:20090409","packageManager":"npm","packageName":"dojo","semver":{"vulnerable":["<0.0.0"]},"severity":"medium"}],"dojox":[],"dompurify":[],"ducktype":[],"dustjs-linkedin":[],"easyxdm":[],"ember":[],"emojione":[],"engine.io":[],"engine.io-client":[],"exceljs":[],"extend":[],"favico.js":[],"faye":[],"fernet":[],"foundation-sites":[{"id":"npm:foundation-sites:20170802","packageManager":"npm","packageName":"foundation-sites","semver":{"vulnerable":["<6.0.0"]},"severity":"medium"},{"id":"npm:foundation-sites:20150619","packageManager":"npm","packageName":"foundation-sites","semver":{"vulnerable":["<5.5.3"]},"severity":"medium"},{"id":"npm:foundation-sites:20120717","packageManager":"npm","packageName":"foundation-sites","semver":{"vulnerable":[">=3.0.0 <3.0.6"]},"severity":"medium"}],"fuelux":[],"fullpage.js":[],"getstats":[],"git-username":[],"github-url-to-object":[],"gmail-js":[],"google-closure-library":[{"id":"SNYK-JS-GOOGLECLOSURELIBRARY-561341","packageManager":"npm","packageName":"google-closure-library","semver":{"vulnerable":["<20200315.0.0"]},"severity":"medium"},{"id":"SNYK-JS-GOOGLECLOSURELIBRARY-174519","packageManager":"npm","packageName":"google-closure-library","semver":{"vulnerable":[">=20190121.0.0 <20190301.0.0"]},"severity":"medium"}],"handlebars":[{"id":"SNYK-JS-HANDLEBARS-567742","packageManager":"npm","packageName":"handlebars","semver":{"vulnerable":["<4.6.0"]},"severity":"medium"},{"id":"SNYK-JS-HANDLEBARS-534988","packageManager":"npm","packageName":"handlebars","semver":{"vulnerable":[">=4.0.0 <4.5.3","<3.0.8"]},"severity":"high"},{"id":"SNYK-JS-HANDLEBARS-534478","packageManager":"npm","packageName":"handlebars","semver":{"vulnerable":[">=4.0.0 <4.5.3","<3.0.8"]},"severity":"high"},{"id":"SNYK-JS-HANDLEBARS-480388","packageManager":"npm","packageName":"handlebars","semver":{"vulnerable":[">=4.0.0 <4.4.5"]},"severity":"high"},{"id":"SNYK-JS-HANDLEBARS-469063","packageManager":"npm","packageName":"handlebars","semver":{"vulnerable":[">=4.0.0 <4.3.0","<3.8.0"]},"severity":"high"},{"id":"SNYK-JS-HANDLEBARS-174183","packageManager":"npm","packageName":"handlebars","semver":{"vulnerable":[">=3.0.0 <3.0.7",">=4.1.0 <4.1.2",">=4.0.0 <4.0.14"]},"severity":"high"},{"id":"SNYK-JS-HANDLEBARS-173692","packageManager":"npm","packageName":"handlebars","semver":{"vulnerable":["<4.0.14",">=4.1.0 <4.1.2"]},"severity":"high"},{"id":"npm:handlebars:20151207","packageManager":"npm","packageName":"handlebars","semver":{"vulnerable":["<4.0.0"]},"severity":"medium"},{"id":"npm:handlebars:20110425","packageManager":"npm","packageName":"handlebars","semver":{"vulnerable":["<=1.0.0-beta.3"]},"severity":"medium"}],"haraka":[],"harb":[],"hawk":[],"highcharts":[{"id":"SNYK-JS-HIGHCHARTS-571995","packageManager":"npm","packageName":"highcharts","semver":{"vulnerable":["<7.2.2",">=8.0.0 <8.1.1"]},"severity":"high"},{"id":"npm:highcharts:20180225","packageManager":"npm","packageName":"highcharts","semver":{"vulnerable":["<6.1.0"]},"severity":"high"}],"html-dom-parser":[],"i18next":[],"is-my-json-valid":[],"is-url":[],"ismobilejs":[],"jplayer":[],"jqtree":[],"jquery":[{"id":"SNYK-JS-JQUERY-569619","packageManager":"npm","packageName":"jquery","semver":{"vulnerable":["<1.9.0"]},"severity":"medium"},{"id":"SNYK-JS-JQUERY-567880","packageManager":"npm","packageName":"jquery","semver":{"vulnerable":[">=1.2.0 <3.5.0"]},"severity":"medium"},{"id":"SNYK-JS-JQUERY-565129","packageManager":"npm","packageName":"jquery","semver":{"vulnerable":[">=1.0.3 <3.5.0"]},"severity":"medium"},{"id":"SNYK-JS-JQUERY-174006","packageManager":"npm","packageName":"jquery","semver":{"vulnerable":["<3.4.0"]},"severity":"medium"},{"id":"npm:jquery:20160529","packageManager":"npm","packageName":"jquery","semver":{"vulnerable":[">=3.0.0-rc1 <3.0.0"]},"severity":"low"},{"id":"npm:jquery:20150627","packageManager":"npm","packageName":"jquery","semver":{"vulnerable":["<1.12.2",">=1.12.3 <2.2.2",">=2.2.3 <3.0.0"]},"severity":"medium"},{"id":"npm:jquery:20140902","packageManager":"npm","packageName":"jquery","semver":{"vulnerable":[">=1.4.2 <1.6.2"]},"severity":"medium"},{"id":"npm:jquery:20120206","packageManager":"npm","packageName":"jquery","semver":{"vulnerable":[">=1.7.1 <1.9.0"]},"severity":"medium"},{"id":"npm:jquery:20110606","packageManager":"npm","packageName":"jquery","semver":{"vulnerable":["<1.6.3"]},"severity":"medium"}],"jquery-colorbox":[],"jquery-file-upload":[],"jquery-migrate":[],"jquery-mobile":[{"id":"SNYK-JS-JQUERYMOBILE-174599","packageManager":"npm","packageName":"jquery-mobile","semver":{"vulnerable":["<=1.5.0-alpha.1"]},"severity":"medium"},{"id":"npm:jquery-mobile:20120802","packageManager":"npm","packageName":"jquery-mobile","semver":{"vulnerable":["<1.2.0"]},"severity":"medium"}],"jquery-ui":[{"id":"npm:jquery-ui:20121127","packageManager":"npm","packageName":"jquery-ui","semver":{"vulnerable":["<1.10.0"]},"severity":"medium"},{"id":"npm:jquery-ui:20100903","packageManager":"npm","packageName":"jquery-ui","semver":{"vulnerable":["<1.10.0"]},"severity":"medium"},{"id":"npm:jquery-ui:20160721","packageManager":"npm","packageName":"jquery-ui","semver":{"vulnerable":["<1.12.0"]},"severity":"high"}],"jquery-ujs":[],"jquery.js":[],"js-quantities":[],"js-yaml":[],"jshamcrest":[],"jspdf":[],"jsrender":[],"jstree":[],"knex":[],"knockout":[{"id":"npm:knockout:20180213","packageManager":"npm","packageName":"knockout","semver":{"vulnerable":["<3.5.0-beta"]},"severity":"medium"},{"id":"npm:knockout:20130701","packageManager":"npm","packageName":"knockout","semver":{"vulnerable":[">=2.1.0-pre <3.0.0"]},"severity":"medium"}],"lodash":[{"id":"SNYK-JS-LODASH-608086","packageManager":"npm","packageName":"lodash","semver":{"vulnerable":["<4.17.17"]},"severity":"high"},{"id":"SNYK-JS-LODASH-590103","packageManager":"npm","packageName":"lodash","semver":{"vulnerable":["<4.17.20"]},"severity":"high"},{"id":"SNYK-JS-LODASH-567746","packageManager":"npm","packageName":"lodash","semver":{"vulnerable":["<4.17.16"]},"severity":"medium"},{"id":"SNYK-JS-LODASH-450202","packageManager":"npm","packageName":"lodash","semver":{"vulnerable":["<4.17.12"]},"severity":"high"},{"id":"SNYK-JS-LODASH-73639","packageManager":"npm","packageName":"lodash","semver":{"vulnerable":["<4.17.11"]},"severity":"medium"},{"id":"SNYK-JS-LODASH-73638","packageManager":"npm","packageName":"lodash","semver":{"vulnerable":["<4.17.11"]},"severity":"high"},{"id":"npm:lodash:20180130","packageManager":"npm","packageName":"lodash","semver":{"vulnerable":["<4.17.5"]},"severity":"medium"}],"mapbox.js":[],"markdown-it":[],"marked":[],"mathjs":[],"mediaelement":[],"merge":[],"merge-deep":[],"merge-objects":[],"merge-options":[],"merge-recursive":[],"mergely":[],"millisecond":[],"mimer":[],"mixin-deep":[],"mobile-detect":[],"moddle-xml":[],"mol-proto":[],"moment":[{"id":"npm:moment:20170905","packageManager":"npm","packageName":"moment","semver":{"vulnerable":["<2.19.3"]},"severity":"low"},{"id":"npm:moment:20161019","packageManager":"npm","packageName":"moment","semver":{"vulnerable":["<2.15.2"]},"severity":"medium"},{"id":"npm:moment:20160126","packageManager":"npm","packageName":"moment","semver":{"vulnerable":["<2.11.2"]},"severity":"medium"}],"morris.js":[],"mqtt":[],"ms":[],"mustache":[{"id":"npm:mustache:20151207","packageManager":"npm","packageName":"mustache","semver":{"vulnerable":["<2.2.1"]},"severity":"medium"},{"id":"npm:mustache:20110814","packageManager":"npm","packageName":"mustache","semver":{"vulnerable":["< 0.3.1"]},"severity":"medium"}],"mxgraph":[],"next":[{"id":"SNYK-JS-NEXT-571938","packageManager":"npm","packageName":"next","semver":{"vulnerable":["<5.1.0"]},"severity":"high"},{"id":"SNYK-JS-NEXT-561584","packageManager":"npm","packageName":"next","semver":{"vulnerable":["<9.3.2"]},"severity":"medium"},{"id":"SNYK-JS-NEXT-174590","packageManager":"npm","packageName":"next","semver":{"vulnerable":["<2.4.1"]},"severity":"high"},{"id":"SNYK-JS-NEXT-72454","packageManager":"npm","packageName":"next","semver":{"vulnerable":[">=7.0.0 <7.0.2"]},"severity":"medium"},{"id":"npm:next:20180124","packageManager":"npm","packageName":"next","semver":{"vulnerable":["<4.2.3"]},"severity":"high"},{"id":"npm:next:20170607","packageManager":"npm","packageName":"next","semver":{"vulnerable":["<2.4.3"]},"severity":"medium"},{"id":"npm:next:20170601","packageManager":"npm","packageName":"next","semver":{"vulnerable":["<2.4.1",">=3.0.0-beta1 <3.0.0-beta7"]},"severity":"high"}],"ng-dialog":[],"no-case":[],"node-htmlparser-classic":[],"node-jose":[],"node-red":[],"node-serialize":[],"node-uuid":[],"nunjucks":[],"nwmatcher":[],"openwhisk":[],"parsejson":[],"pivottable":[],"plist":[],"plotly.js":[],"preact-render-to-string":[],"protobufjs":[],"pym.js":[],"qs":[],"querystringify":[],"quill":[],"ractive":[],"react":[{"id":"npm:react:20150318","packageManager":"npm","packageName":"react","semver":{"vulnerable":[">=0.0.1 <0.14.0"]},"severity":"high"},{"id":"npm:react:20131217","packageManager":"npm","packageName":"react","semver":{"vulnerable":[">=0.5.0 <0.5.2",">=0.4.0 <0.4.2"]},"severity":"medium"}],"react-dom":[],"react-marked-markdown":[],"react-svg":[],"react-tooltip":[],"reduce-css-calc":[],"remarkable":[],"rendr":[],"rendr-handlebars":[],"reveal.js":[],"rgb2hex":[],"riot":[{"id":"npm:riot:20131114","packageManager":"npm","packageName":"riot","semver":{"vulnerable":["<0.9.6"]},"severity":"medium"}],"rrule":[],"sanitize-html":[],"secure-compare":[],"select2":[],"semantic-ui":[],"serialize-to-js":[],"shaka-player":[],"shell-quote":[],"showdown-xss-filter":[],"simditor":[],"simpl-schema":[],"simplemde":[],"slug":[],"slugify":[],"socket.io":[{"id":"npm:socket.io:20120417","packageManager":"npm","packageName":"socket.io","semver":{"vulnerable":["<0.9.6"]},"severity":"medium"},{"id":"npm:socket.io:20120323","packageManager":"npm","packageName":"socket.io","semver":{"vulnerable":["<0.9.7"]},"severity":"medium"}],"squel":[],"squire-rte":[],"string":[],"superagent":[],"swagger-ui":[],"textangular":[],"timespan":[],"tiny-json-http":[],"tinymce":[],"truncate":[],"ua-parser":[],"ua-parser-js":[],"uikit":[],"underscore.string":[],"uri-js":[],"url-parse":[],"useragent":[],"utile":[],"uuid":[],"valid-data-url":[],"validator":[],"vega":[],"vue":[{"id":"npm:vue:20170829","packageManager":"npm","packageName":"vue","semver":{"vulnerable":["<2.4.3"]},"severity":"medium"},{"id":"npm:vue:20170401","packageManager":"npm","packageName":"vue","semver":{"vulnerable":["<2.3.0-beta.1"]},"severity":"medium"},{"id":"npm:vue:20180802","packageManager":"npm","packageName":"vue","semver":{"vulnerable":["<2.5.17"]},"severity":"medium"},{"id":"npm:vue:20180222","packageManager":"npm","packageName":"vue","semver":{"vulnerable":["<2.5.14"]},"severity":"low"}],"wicket":[],"wysihtml":[],"xlsx":[],"yui":[{"id":"npm:yui:20130604","packageManager":"npm","packageName":"yui","semver":{"vulnerable":[">=3.0.0 <3.10.1","=3.10.2"]},"severity":"medium"},{"id":"npm:yui:20130515","packageManager":"npm","packageName":"yui","semver":{"vulnerable":["<3.10.0 >=3.0.0"]},"severity":"medium"},{"id":"npm:yui:20121030","packageManager":"npm","packageName":"yui","semver":{"vulnerable":["<3.0.0 >=2.4.0"]},"severity":"medium"},{"id":"npm:yui:20120428","packageManager":"npm","packageName":"yui","semver":{"vulnerable":["<3.5.1 >=3.5.0-PR1"]},"severity":"medium"},{"id":"npm:yui:20101025","packageManager":"npm","packageName":"yui","semver":{"vulnerable":["<2.8.2 >=2.4.0"]},"severity":"medium"}],"zeroclipboard":[]}} \ No newline at end of file diff --git a/scripts/lint-markdown.js b/scripts/lint-markdown.js index 68fdfa31be8..867237572fa 100644 --- a/scripts/lint-markdown.js +++ b/scripts/lint-markdown.js @@ -12,7 +12,7 @@ const path = require('path'); const markdownlint = require('markdownlint'); const globby = require('globby'); -const files = globby.sync(['**/*.md', '!**/CHANGELOG.md', '!**/node_modules/**'], { +const files = globby.sync(['**/*.md', '!**/CHANGELOG.md', '!**/node_modules/**', '!**/markdown-webhint-report.md'], { cwd: process.cwd(), gitignore: true }); @@ -79,4 +79,4 @@ if (resultString) { console.error(resultString); } -process.exit(returnCode); // eslint-disable-line \ No newline at end of file +process.exit(returnCode); // eslint-disable-line diff --git a/tsconfig.json b/tsconfig.json index d38391b08b0..eaa9b9ad19b 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -44,6 +44,7 @@ { "path": "packages/formatter-excel" }, { "path": "packages/formatter-html" }, { "path": "packages/formatter-json" }, + { "path": "packages/formatter-markdown" }, { "path": "packages/formatter-stylish" }, { "path": "packages/formatter-summary" }, { "path": "packages/hint" }, diff --git a/yarn.lock b/yarn.lock index d43074b89d7..f3b26a8645d 100644 --- a/yarn.lock +++ b/yarn.lock @@ -715,6 +715,11 @@ resolved "https://registry.yarnpkg.com/@types/node/-/node-14.6.2.tgz#264b44c5a28dfa80198fc2f7b6d3c8a054b9491f" integrity sha512-onlIwbaeqvZyniGPfdw/TEhKIh79pz66L1q06WUQqJLnAb6wbjvOtepLYTGHTqzdXgBYIE3ZdmqHDGsRsbBz7A== +"@types/node@^14.11.1": + version "14.11.1" + resolved "https://registry.yarnpkg.com/@types/node/-/node-14.11.1.tgz#56af902ad157e763f9ba63d671c39cda3193c835" + integrity sha512-oTQgnd0hblfLsJ6BvJzzSL+Inogp3lq9fGgqRkMB/ziKMgEUaFl801OncOzUmalfzt14N0oPHMK47ipl+wbTIw== + "@types/node@^8.0.7": version "8.10.50" resolved "https://registry.yarnpkg.com/@types/node/-/node-8.10.50.tgz#f3d68482b1f54b5f4fba8daaac385db12bb6a706" @@ -4553,6 +4558,21 @@ file-loader@~6.0.0: loader-utils "^2.0.0" schema-utils "^2.6.5" +file-match@^1.0.1: + version "1.0.2" + resolved "https://registry.yarnpkg.com/file-match/-/file-match-1.0.2.tgz#c9cad265d2c8adf3a81475b0df475859069faef7" + integrity sha1-ycrSZdLIrfOoFHWw30dYWQafrvc= + dependencies: + utils-extend "^1.0.6" + +file-system@^2.2.2: + version "2.2.2" + resolved "https://registry.yarnpkg.com/file-system/-/file-system-2.2.2.tgz#7d65833e3a2347dcd956a813c677153ed3edd987" + integrity sha1-fWWDPjojR9zZVqgTxncVPtPt2Yc= + dependencies: + file-match "^1.0.1" + utils-extend "^1.0.4" + file-type@^10.10.0: version "10.11.0" resolved "https://registry.yarnpkg.com/file-type/-/file-type-10.11.0.tgz#2961d09e4675b9fb9a3ee6b69e9cd23f43fd1890" @@ -11330,6 +11350,11 @@ util@^0.11.0: dependencies: inherits "2.0.3" +utils-extend@^1.0.4, utils-extend@^1.0.6: + version "1.0.8" + resolved "https://registry.yarnpkg.com/utils-extend/-/utils-extend-1.0.8.tgz#ccfd7b64540f8e90ee21eec57769d0651cab8a5f" + integrity sha1-zP17ZFQPjpDuIe7Fd2nQZRyril8= + utils-merge@1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/utils-merge/-/utils-merge-1.0.1.tgz#9f95710f50a267947b2ccc124741c1028427e713"