autoai-org / aid Goto Github PK

One-Stop System for Machine Learning.

License: Apache License 2.0

Makefile 0.84% Python 4.19% Go 23.58% JavaScript 1.54% HTML 3.24% TypeScript 65.03% Shell 0.07% Smarty 0.25% Dockerfile 0.02% Handlebars 0.36% Rust 0.46% CSS 0.41%

computer-vision deep-learning deep-learning-framework hacktoberfest hacktoberfest2021 machine-learning

aid's People

Contributors

Stargazers

Watchers

aid's Issues

Dependabot can't parse your go.mod

Dependabot couldn't parse the go.mod found at /components/cmd/go.mod.

The error Dependabot encountered was:

go: github.com/flosch/[email protected] requires
	gopkg.in/[email protected]: invalid version: git fetch -f origin refs/heads/*:refs/heads/* refs/tags/*:refs/tags/* in /opt/go/gopath/pkg/mod/cache/vcs/7999e2beb88d49c16df3019dc281fbfef947b52d6454ecb8905b12aea326f558: exit status 128:
	fatal: The remote end hung up unexpectedly

View the update logs.

Model Request: Classification on largest multi-label image database

Model Name

Resnet-101 model

Model Usage

Image Classification

Description

it is pre-trained on ML-Images, and achieves the top-1 accuracy 80.73% on ImageNet via transfer learning

Existed Implementation?

https://github.com/Tencent/tencent-ml-images

Default port when running a repo

As finished in #5, if users do not assign a port to run, it will fail.
We'd better set a default port to run, and save the last port it is used to run.

WS-2018-0021 (Medium) detected in bootstrap-3.3.5.min.js

WS-2018-0021 - Medium Severity Vulnerability

Vulnerable Library - bootstrap-3.3.5.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js

Path to dependency file: /tmp/ws-scm/AID/docs/node_modules/autocomplete.js/test/playground_jquery.html

Path to vulnerable library: /AID/docs/node_modules/autocomplete.js/test/playground_jquery.html

Dependency Hierarchy:

❌ bootstrap-3.3.5.min.js (Vulnerable Library)

Found in HEAD commit: ebabefe22bb0b8eb44a94df17b9732555b41c9a5

Vulnerability Details

XSS in data-target in bootstrap (3.3.7 and before)

Publish Date: 2017-06-27

URL: WS-2018-0021

CVSS 2 Score Details (6.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: twbs/bootstrap#20184

Release Date: 2019-06-12

Fix Resolution: 3.4.0

Step up your Open Source Security Game with WhiteSource here

Use OAuth for Authentication

CVE-2012-6708 (Medium) detected in jquery-1.7.1.min.js

CVE-2012-6708 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.7.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/AID/components/dashboard/node_modules/sockjs/examples/hapi/html/index.html

Path to vulnerable library: /AID/components/dashboard/node_modules/sockjs/examples/hapi/html/index.html,/AID/components/dashboard/node_modules/sockjs/examples/multiplex/index.html,/AID/components/dashboard/node_modules/sockjs/examples/echo/index.html,/AID/components/dashboard/node_modules/sockjs/examples/express-3.x/index.html,/AID/components/dashboard/node_modules/sockjs/examples/express/index.html

Dependency Hierarchy:

❌ jquery-1.7.1.min.js (Vulnerable Library)

Found in HEAD commit: 9beab770a57554f03cb75663a8da65300c1a8473

Vulnerability Details

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

Publish Date: 2018-01-18

URL: CVE-2012-6708

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6708

Release Date: 2018-01-18

Fix Resolution: jQuery - v1.9.0

Step up your Open Source Security Game with WhiteSource here

CVE-2015-9251 (Medium) detected in jquery-1.7.1.min.js

CVE-2015-9251 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.7.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/AID/components/dashboard/node_modules/sockjs/examples/hapi/html/index.html

Dependency Hierarchy:

❌ jquery-1.7.1.min.js (Vulnerable Library)

Found in HEAD commit: 9beab770a57554f03cb75663a8da65300c1a8473

Vulnerability Details

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Publish Date: 2018-01-18

URL: CVE-2015-9251

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251

Release Date: 2018-01-18

Fix Resolution: jQuery - v3.0.0

Step up your Open Source Security Game with WhiteSource here

CVE-2020-11022 (Medium) detected in multiple libraries

CVE-2020-11022 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-2.1.4.min.js, jquery-1.7.1.min.js, jquery-3.2.1.min.js

jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/AID/docs/node_modules/autocomplete.js/examples/basic_angular.html

Path to vulnerable library: /AID/docs/node_modules/autocomplete.js/examples/basic_angular.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

jquery-1.7.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/AID/docs/node_modules/sockjs/examples/express-3.x/index.html

Path to vulnerable library: /AID/docs/node_modules/sockjs/examples/express-3.x/index.html,/AID/docs/node_modules/sockjs/examples/echo/index.html,/AID/components/dashboard/node_modules/sockjs/examples/echo/index.html,/AID/components/dashboard/node_modules/sockjs/examples/express/index.html,/AID/components/dashboard/node_modules/sockjs/examples/express-3.x/index.html,/AID/docs/node_modules/sockjs/examples/multiplex/index.html,/AID/docs/node_modules/sockjs/examples/hapi/html/index.html,/AID/docs/node_modules/sockjs/examples/express/index.html,/AID/components/dashboard/node_modules/sockjs/examples/multiplex/index.html,/AID/components/dashboard/node_modules/sockjs/examples/hapi/html/index.html

Dependency Hierarchy:

❌ jquery-1.7.1.min.js (Vulnerable Library)

jquery-3.2.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/AID/docs/node_modules/autocomplete.js/examples/basic_jquery.html

Path to vulnerable library: /AID/docs/node_modules/autocomplete.js/examples/basic_jquery.html

Dependency Hierarchy:

❌ jquery-3.2.1.min.js (Vulnerable Library)

Found in HEAD commit: b527984278cc3e48be895a49abe9a38080917165

Vulnerability Details

In jQuery before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

CVSS 3 Score Details (5.0)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

Step up your Open Source Security Game with WhiteSource here

Dependabot couldn't find a Pipfile for this project

Dependabot couldn't find a Pipfile for this project.

Dependabot requires a Pipfile to evaluate your project's current Python dependencies. It had expected to find one at the path: /components/aipm/Pipfile.

If this isn't a Python project, or if it is a library, you may wish to disable updates for it from within Dependabot.

View the update logs.

CVE-2020-7608 (Medium) detected in yargs-parser-10.1.0.tgz, yargs-parser-11.1.1.tgz

CVE-2020-7608 - Medium Severity Vulnerability

Vulnerable Libraries - yargs-parser-10.1.0.tgz, yargs-parser-11.1.1.tgz

yargs-parser-10.1.0.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-10.1.0.tgz

Path to dependency file: /tmp/ws-scm/AID/components/dashboard/package.json

Path to vulnerable library: /tmp/ws-scm/AID/components/dashboard/node_modules/ts-jest/node_modules/yargs-parser/package.json

Dependency Hierarchy:

cli-plugin-unit-jest-4.2.3.tgz (Root Library)
- ts-jest-24.3.0.tgz
  - ❌ yargs-parser-10.1.0.tgz (Vulnerable Library)

yargs-parser-11.1.1.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-11.1.1.tgz

Path to dependency file: /tmp/ws-scm/AID/components/dashboard/package.json

Path to vulnerable library: /tmp/ws-scm/AID/components/dashboard/node_modules/webpack-dev-server/node_modules/yargs-parser/package.json

Dependency Hierarchy:

cli-service-4.2.3.tgz (Root Library)
- webpack-dev-server-3.10.3.tgz
  - yargs-12.0.5.tgz
    - ❌ yargs-parser-11.1.1.tgz (Vulnerable Library)

Found in HEAD commit: 1a9a5ff2852ee620d58ff71999319ee09c74714c

Vulnerability Details

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.

Publish Date: 2020-03-16

URL: CVE-2020-7608

CVSS 3 Score Details (5.0)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608

Release Date: 2020-03-16

Fix Resolution: v18.1.1;13.1.2;15.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2018-14042 (Medium) detected in bootstrap-3.3.5.min.js

CVE-2018-14042 - Medium Severity Vulnerability

Vulnerable Library - bootstrap-3.3.5.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js

Path to dependency file: /tmp/ws-scm/AID/docs/node_modules/autocomplete.js/test/playground_jquery.html

Path to vulnerable library: /AID/docs/node_modules/autocomplete.js/test/playground_jquery.html

Dependency Hierarchy:

❌ bootstrap-3.3.5.min.js (Vulnerable Library)

Found in HEAD commit: 708c0f68e8540b044f2c44c3ef7e7aff2e34dfef

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

Publish Date: 2018-07-13

URL: CVE-2018-14042

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: twbs/bootstrap#26630

Release Date: 2018-07-13

Fix Resolution: org.webjars.npm:bootstrap:4.1.2.org.webjars:bootstrap:4.1.2

Step up your Open Source Security Game with WhiteSource here

CVE-2019-8331 (Medium) detected in bootstrap-3.3.5.min.js

CVE-2019-8331 - Medium Severity Vulnerability

Vulnerable Library - bootstrap-3.3.5.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js

Path to dependency file: /tmp/ws-scm/AID/docs/node_modules/autocomplete.js/test/playground_jquery.html

Path to vulnerable library: /AID/docs/node_modules/autocomplete.js/test/playground_jquery.html

Dependency Hierarchy:

❌ bootstrap-3.3.5.min.js (Vulnerable Library)

Found in HEAD commit: 708c0f68e8540b044f2c44c3ef7e7aff2e34dfef

Vulnerability Details

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

Publish Date: 2019-02-20

URL: CVE-2019-8331

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: twbs/bootstrap#28236

Release Date: 2019-02-20

Fix Resolution: bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1

Step up your Open Source Security Game with WhiteSource here

Compatibility for CVTron

Judge if pretrained models required

Add pre-install and post-install scripts supported

Upload to Amazon S3

WS-2020-0070 (High) detected in lodash-4.17.15.tgz

WS-2020-0070 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.15.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz

Path to dependency file: /tmp/ws-scm/AID/components/discovery/package.json

Path to vulnerable library: /tmp/ws-scm/AID/components/discovery/node_modules/lodash/package.json,/tmp/ws-scm/AID/components/discovery/node_modules/lodash/package.json,/tmp/ws-scm/AID/components/discovery/node_modules/lodash/package.json,/tmp/ws-scm/AID/components/discovery/node_modules/lodash/package.json

Dependency Hierarchy:

test-utils-1.0.0-beta.33.tgz (Root Library)
- ❌ lodash-4.17.15.tgz (Vulnerable Library)

Found in HEAD commit: be66f4648fce0f7128d856edc6ff52317631371d

Vulnerability Details

a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype

Publish Date: 2020-04-28

URL: WS-2020-0070

CVSS 3 Score Details (7.4)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Dependency deprecation warning: @types/winston (npm)

On registry https://registry.npmjs.org/, the "latest" version (v2.4.4) of dependency @types/winston has the following deprecation notice:

This is a stub types definition. winston provides its own type definitions, so you do not need this installed.

Marking the latest version of an npm package as deprecated results in the entire package being considered deprecated, so contact the package author you think this is a mistake.

Affected package file(s): discovery/package.json

If you don't care about this, you can close this issue and not be warned about @types/winston's deprecation again. If you would like to completely disable all future deprecation warnings then add the following to your config:

"suppressNotifications": ["deprecationWarningIssues"]

Web Based Test for Packages

add tests for different packages.

Dependabot couldn't find the branch dependencies/updates

Dependabot was set up to create pull requests against the branch dependencies/updates, but couldn't find it.

If the branch has been permanently deleted you can update Dependabot's target branch from your dashboard.

View the update logs.

Automatically create folders when first use.

It should automatically detect and create folder:

One is "pretrained" folder for bundles.
One is "cvpm" folder under user directory when user is first using the pm.

Dependabot can't resolve your Python dependency files

Dependabot can't resolve your Python dependency files.

As a result, Dependabot couldn't update your dependencies.

The error Dependabot encountered was:

Creating virtualenv mlserve-Cn3uyFiU-py3.8 in /home/dependabot/.cache/pypoetry/virtualenvs
Updating dependencies
Resolving dependencies...

[PackageNotFound]
Package more-itertools (8.1.0) not found.

If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.

View the update logs.

WS-2020-0042 (Medium) detected in acorn-5.7.3.tgz, acorn-6.4.0.tgz

WS-2020-0042 - Medium Severity Vulnerability

Vulnerable Libraries - acorn-5.7.3.tgz, acorn-6.4.0.tgz

acorn-5.7.3.tgz

ECMAScript parser

Library home page: https://registry.npmjs.org/acorn/-/acorn-5.7.3.tgz

Path to dependency file: /tmp/ws-scm/AID/components/dashboard/package.json

Path to vulnerable library: /tmp/ws-scm/AID/components/dashboard/node_modules/jsdom/node_modules/acorn/package.json

Dependency Hierarchy:

cli-plugin-unit-jest-4.2.3.tgz (Root Library)
- jest-24.9.0.tgz
  - jest-cli-24.9.0.tgz
    - jest-config-24.9.0.tgz
      - jest-environment-jsdom-24.9.0.tgz
        
        jsdom-11.12.0.tgz
        
        ❌ acorn-5.7.3.tgz (Vulnerable Library)

acorn-6.4.0.tgz

ECMAScript parser

Library home page: https://registry.npmjs.org/acorn/-/acorn-6.4.0.tgz

Path to dependency file: /tmp/ws-scm/AID/components/dashboard/package.json

Path to vulnerable library: /tmp/ws-scm/AID/components/dashboard/node_modules/acorn/package.json

Dependency Hierarchy:

cli-plugin-babel-4.2.3.tgz (Root Library)
- webpack-4.42.0.tgz
  - ❌ acorn-6.4.0.tgz (Vulnerable Library)

Found in HEAD commit: bb75fb3fec700537a57fec11c71829ab95b68b8b

Vulnerability Details

acorn is vulnerable to REGEX DoS. A regex of the form /[x-\ud800]/u causes the parser to enter an infinite loop. attackers may leverage the vulnerability leading to a Denial of Service since the string is not valid UTF16 and it results in it being sanitized before reaching the parser.

Publish Date: 2020-03-08

URL: WS-2020-0042

CVSS 3 Score Details (5.0)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/1488

Release Date: 2020-03-08

Fix Resolution: 7.1.1

Step up your Open Source Security Game with WhiteSource here

Pra instal / pasca instal

Cara buka file

Display progress when install dependencies from pip.

It should display a progress when installing deps, or it may make users suspect it has already stopped.

dataset search

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

WS-2017-0120 (High) detected in angular-1.4.2.min.js

WS-2017-0120 - High Severity Vulnerability

Vulnerable Library - angular-1.4.2.min.js

AngularJS is an MVC framework for building web applications. The core features include HTML enhanced with custom component and data-binding capabilities, dependency injection and strong focus on simplicity, testability, maintainability and boiler-plate reduction.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.4.2/angular.min.js

Path to dependency file: /tmp/ws-scm/AID/docs/node_modules/autocomplete.js/test/playground_angular.html

Path to vulnerable library: /AID/docs/node_modules/autocomplete.js/test/playground_angular.html,/AID/docs/node_modules/autocomplete.js/examples/basic_angular.html

Dependency Hierarchy:

❌ angular-1.4.2.min.js (Vulnerable Library)

Found in HEAD commit: 708c0f68e8540b044f2c44c3ef7e7aff2e34dfef

Vulnerability Details

No proper sanitize of xlink:href attribute interoplation, thus vulnerable to Cross-site Scripting (XSS).

Publish Date: 2017-01-20

URL: WS-2017-0120

CVSS 2 Score Details (7.8)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: angular/angular.js@f33ce17

Release Date: 2015-09-18

Fix Resolution: Replace or update the following files: compileSpec.js, compile.js

Step up your Open Source Security Game with WhiteSource here

Better Log Handler

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

CVE-2020-7598 (High) detected in minimist-0.0.8.tgz, minimist-1.2.0.tgz

CVE-2020-7598 - High Severity Vulnerability

Vulnerable Libraries - minimist-0.0.8.tgz, minimist-1.2.0.tgz

minimist-0.0.8.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz

Path to dependency file: /tmp/ws-scm/AID/components/dashboard/package.json

Path to vulnerable library: /tmp/ws-scm/AID/components/dashboard/node_modules/mkdirp/node_modules/minimist/package.json

Dependency Hierarchy:

eslint-6.8.0.tgz (Root Library)
- mkdirp-0.5.1.tgz
  - ❌ minimist-0.0.8.tgz (Vulnerable Library)

minimist-1.2.0.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz

Path to dependency file: /tmp/ws-scm/AID/components/dashboard/package.json

Path to vulnerable library: /tmp/ws-scm/AID/components/dashboard/node_modules/cypress/node_modules/minimist/package.json

Dependency Hierarchy:

cli-plugin-e2e-cypress-4.2.3.tgz (Root Library)
- cypress-3.8.3.tgz
  - ❌ minimist-1.2.0.tgz (Vulnerable Library)

Found in HEAD commit: 64ca3e674753dfec19b97ea0d2cbe5277da24b08

Vulnerability Details

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.

Publish Date: 2020-03-11

URL: CVE-2020-7598

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94

Release Date: 2020-03-11

Fix Resolution: minimist - 0.2.1,1.2.2

Step up your Open Source Security Game with WhiteSource here

CVE-2019-11358 (Medium) detected in jquery-1.11.1.min.js, jquery-1.12.4.min.js

CVE-2019-11358 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-1.11.1.min.js, jquery-1.12.4.min.js

jquery-1.11.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/AID/components/dashboard/node_modules/@babel/compat-data/build/compat-table/esnext/compiler-skeleton.html

Path to vulnerable library: /AID/components/dashboard/node_modules/@babel/compat-data/build/compat-table/esnext/compiler-skeleton.html

Dependency Hierarchy:

❌ jquery-1.11.1.min.js (Vulnerable Library)

jquery-1.12.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/AID/components/dashboard/node_modules/@babel/compat-data/build/compat-table/es5/index.html

Path to vulnerable library: /AID/components/dashboard/node_modules/@babel/compat-data/build/compat-table/es5/index.html,/AID/components/dashboard/node_modules/@babel/compat-data/build/compat-table/es6/skeleton.html

Dependency Hierarchy:

❌ jquery-1.12.4.min.js (Vulnerable Library)

Found in HEAD commit: bbccc7556511b231aacb67d2e7a5d0a1c22707ea

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-20

URL: CVE-2019-11358

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

Release Date: 2019-04-20

Fix Resolution: 3.4.0

Step up your Open Source Security Game with WhiteSource here

Resolve All Security Alert

Verify if it is a valid github repo for cvpm install

WS-2016-0090 (Medium) detected in jquery-1.7.1.min.js

WS-2016-0090 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.7.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/AID/components/dashboard/node_modules/sockjs/examples/hapi/html/index.html

Dependency Hierarchy:

❌ jquery-1.7.1.min.js (Vulnerable Library)

Found in HEAD commit: 9beab770a57554f03cb75663a8da65300c1a8473

Vulnerability Details

JQuery, before 2.2.0, is vulnerable to Cross-site Scripting (XSS) attacks via text/javascript response with arbitrary code execution.

Publish Date: 2016-11-27

URL: WS-2016-0090

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: jquery/jquery@b078a62

Release Date: 2019-04-08

Fix Resolution: 2.2.0

Step up your Open Source Security Game with WhiteSource here

CVE-2020-8116 (Medium) detected in dot-prop-4.2.0.tgz

CVE-2020-8116 - Medium Severity Vulnerability

Vulnerable Library - dot-prop-4.2.0.tgz

Get, set, or delete a property from a nested object using a dot path

Library home page: https://registry.npmjs.org/dot-prop/-/dot-prop-4.2.0.tgz

Path to dependency file: /tmp/ws-scm/AID/components/dashboard/package.json

Path to vulnerable library: /tmp/ws-scm/AID/components/dashboard/node_modules/dot-prop/package.json

Dependency Hierarchy:

cli-service-4.1.2.tgz (Root Library)
- optimize-cssnano-plugin-1.0.6.tgz
  - cssnano-preset-default-4.0.7.tgz
    - postcss-merge-rules-4.0.3.tgz
      - postcss-selector-parser-3.1.1.tgz
        
        ❌ dot-prop-4.2.0.tgz (Vulnerable Library)

Found in HEAD commit: b83ba7401986acc0324277d0e15d0cc4361910ed

Vulnerability Details

Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

Publish Date: 2020-02-04

URL: CVE-2020-8116

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8116

Release Date: 2020-02-04

Fix Resolution: dot-prop - 5.1.1

Step up your Open Source Security Game with WhiteSource here

CVE-2020-6817 (Medium) detected in bleach-3.1.3-py2.py3-none-any.whl

CVE-2020-6817 - Medium Severity Vulnerability

Vulnerable Library - bleach-3.1.3-py2.py3-none-any.whl

An easy safelist-based HTML-sanitizing tool.

Library home page: https://files.pythonhosted.org/packages/b6/89/dbd5e87a9d990f05a571deabd77c297f6b45213a16b177b76515c73878c5/bleach-3.1.3-py2.py3-none-any.whl

Path to dependency file: /tmp/ws-scm/AID/components/mlserve/requirements.txt

Path to vulnerable library: /tmp/ws-scm/AID/components/mlserve/requirements.txt

Dependency Hierarchy:

readme_renderer-25.0-py2.py3-none-any.whl (Root Library)
- ❌ bleach-3.1.3-py2.py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 5f4a4e30a41b55f7f5d26a70a797a3e75682fe92

Vulnerability Details

A regular expression denial-of-service (ReDoS) found in Bleach before 3.1.4.

Publish Date: 2020-04-01

URL: CVE-2020-6817

CVSS 3 Score Details (4.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/mozilla/bleach/releases/tag/v3.1.4

Release Date: 2020-04-01

Fix Resolution: bleach - 3.1.4

Step up your Open Source Security Game with WhiteSource here

SDKs

We'd better have several SDKs for users to adopt. I am going to implement Go, JavaScript and Python SDKs.

Not Found does not disappear when change to another source

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

Go to '...'
Click on '....'
Scroll down to '....'
See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

OS: [e.g. iOS]
Browser [e.g. chrome, safari]
Version [e.g. 22]

Smartphone (please complete the following information):

Device: [e.g. iPhone6]
OS: [e.g. iOS8.1]
Browser [e.g. stock browser, safari]
Version [e.g. 22]

Additional context
Add any other context about the problem here.

A Better Way to Handle Bundle Constants

About allowed suffix before requests.

    # @deprecated function, now we don't check if suffix is allowed, because there
    # are too many different file format.
    # If users really need this function, please either:
    # uncomment the if file and allowed_file(file.filename, 'infer'), and add your file suffix
    # use another server to make sure certain file suffix is allowed.
    # In near future, this will be added as an optional feature, and allows user to add allowed
    # suffix with the CLI and dashboaaard.
    # if file and allowed_file(file.filename, 'infer'):

Model Request: Faced

Model Name

Face detection

Model Usage

Real time face detection

Description

Existed Implementation?

https://github.com/iitzco/faced

CVE-2018-14040 (Medium) detected in bootstrap-3.3.5.min.js

CVE-2018-14040 - Medium Severity Vulnerability

Vulnerable Library - bootstrap-3.3.5.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js

Path to dependency file: /tmp/ws-scm/AID/docs/node_modules/autocomplete.js/test/playground_jquery.html

Path to vulnerable library: /AID/docs/node_modules/autocomplete.js/test/playground_jquery.html

Dependency Hierarchy:

❌ bootstrap-3.3.5.min.js (Vulnerable Library)

Found in HEAD commit: 708c0f68e8540b044f2c44c3ef7e7aff2e34dfef

Vulnerability Details

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.

Publish Date: 2018-07-13

URL: CVE-2018-14040

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: twbs/bootstrap#26630

Release Date: 2018-07-13

Fix Resolution: org.webjars.npm:bootstrap:4.1.2.org.webjars:bootstrap:4.1.2

Step up your Open Source Security Game with WhiteSource here

Options for delete image after processing.

init command to automatically generate project templates

Payment and Private Repos

CVE-2018-20677 (Medium) detected in bootstrap-3.3.5.min.js

CVE-2018-20677 - Medium Severity Vulnerability

Vulnerable Library - bootstrap-3.3.5.min.js

The most popular front-end framework for developing responsive, mobile first projects on the web.

Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js

Path to dependency file: /tmp/ws-scm/AID/docs/node_modules/autocomplete.js/test/playground_jquery.html

Path to vulnerable library: /AID/docs/node_modules/autocomplete.js/test/playground_jquery.html

Dependency Hierarchy:

❌ bootstrap-3.3.5.min.js (Vulnerable Library)

Found in HEAD commit: 708c0f68e8540b044f2c44c3ef7e7aff2e34dfef

Vulnerability Details

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.

Publish Date: 2019-01-09

URL: CVE-2018-20677

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677

Release Date: 2019-01-09

Fix Resolution: Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0

Step up your Open Source Security Game with WhiteSource here

WS-2020-0068 (Medium) detected in multiple libraries

WS-2020-0068 - Medium Severity Vulnerability

Vulnerable Libraries - yargs-parser-10.1.0.tgz, yargs-parser-13.1.2.tgz, yargs-parser-11.1.1.tgz

yargs-parser-10.1.0.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-10.1.0.tgz

Path to dependency file: /tmp/ws-scm/AID/components/dashboard/package.json

Path to vulnerable library: /tmp/ws-scm/AID/components/dashboard/node_modules/ts-jest/node_modules/yargs-parser/package.json

Dependency Hierarchy:

cli-plugin-unit-jest-4.3.1.tgz (Root Library)
- ts-jest-24.3.0.tgz
  - ❌ yargs-parser-10.1.0.tgz (Vulnerable Library)

yargs-parser-13.1.2.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-13.1.2.tgz

Path to dependency file: /tmp/ws-scm/AID/components/dashboard/package.json

Path to vulnerable library: /tmp/ws-scm/AID/components/discovery/node_modules/yargs-parser/package.json,/tmp/ws-scm/AID/components/discovery/node_modules/yargs-parser/package.json

Dependency Hierarchy:

cli-plugin-unit-jest-4.3.1.tgz (Root Library)
- jest-24.9.0.tgz
  - jest-cli-24.9.0.tgz
    - yargs-13.3.2.tgz
      - ❌ yargs-parser-13.1.2.tgz (Vulnerable Library)

yargs-parser-11.1.1.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-11.1.1.tgz

Path to dependency file: /tmp/ws-scm/AID/components/dashboard/package.json

Path to vulnerable library: /tmp/ws-scm/AID/components/dashboard/node_modules/webpack-dev-server/node_modules/yargs-parser/package.json

Dependency Hierarchy:

cli-service-4.3.1.tgz (Root Library)
- webpack-dev-server-3.10.3.tgz
  - yargs-12.0.5.tgz
    - ❌ yargs-parser-11.1.1.tgz (Vulnerable Library)

Found in HEAD commit: 250ec4f7643616485363161bde87daf930054c88

Vulnerability Details

Affected versions of yargs-parser are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument --foo.proto.bar baz' adds a bar property with value baz to all objects. This is only exploitable if attackers have control over the arguments being passed to yargs-parser.

Publish Date: 2020-05-01

URL: WS-2020-0068

CVSS 3 Score Details (5.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/package/yargs-parser

Release Date: 2020-05-04

Fix Resolution: https://www.npmjs.com/package/yargs-parser/v/18.1.2,https://www.npmjs.com/package/yargs-parser/v/15.0.1

Step up your Open Source Security Game with WhiteSource here

Assign running port from daemon instead of runner.

CVE-2019-20149 (Medium) detected in multiple libraries

CVE-2019-20149 - Medium Severity Vulnerability

Vulnerable Libraries - kind-of-3.2.2.tgz, kind-of-4.0.0.tgz, kind-of-5.1.0.tgz

kind-of-3.2.2.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz

Path to dependency file: /tmp/ws-scm/AID/components/dashboard/package.json

Path to vulnerable library: /tmp/ws-scm/AID/components/discovery/node_modules/to-object-path/node_modules/kind-of/package.json,/tmp/ws-scm/AID/components/discovery/node_modules/to-object-path/node_modules/kind-of/package.json

Dependency Hierarchy:

cli-plugin-babel-4.1.2.tgz (Root Library)
- webpack-4.41.5.tgz
  - micromatch-3.1.10.tgz
    - snapdragon-0.8.2.tgz
      - base-0.11.2.tgz
        
        class-utils-0.3.6.tgz
        
        static-extend-0.1.2.tgz
        
        object-copy-0.1.0.tgz
        
        ❌ kind-of-3.2.2.tgz (Vulnerable Library)

kind-of-4.0.0.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-4.0.0.tgz

Path to dependency file: /tmp/ws-scm/AID/components/discovery/package.json

Path to vulnerable library: /tmp/ws-scm/AID/components/discovery/node_modules/has-values/node_modules/kind-of/package.json,/tmp/ws-scm/AID/components/discovery/node_modules/has-values/node_modules/kind-of/package.json

Dependency Hierarchy:

cli-plugin-babel-4.1.2.tgz (Root Library)
- webpack-4.41.5.tgz
  - micromatch-3.1.10.tgz
    - snapdragon-0.8.2.tgz
      - base-0.11.2.tgz
        
        cache-base-1.0.1.tgz
        
        has-value-1.0.0.tgz
        
        has-values-1.0.0.tgz
        
        ❌ kind-of-4.0.0.tgz (Vulnerable Library)

kind-of-5.1.0.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz

Path to dependency file: /tmp/ws-scm/AID/components/dashboard/package.json

Path to vulnerable library: /tmp/ws-scm/AID/components/discovery/node_modules/is-descriptor/node_modules/kind-of/package.json,/tmp/ws-scm/AID/components/discovery/node_modules/is-descriptor/node_modules/kind-of/package.json

Dependency Hierarchy:

cli-plugin-babel-4.1.2.tgz (Root Library)
- webpack-4.41.5.tgz
  - micromatch-3.1.10.tgz
    - snapdragon-0.8.2.tgz
      - define-property-0.2.5.tgz
        
        is-descriptor-0.1.6.tgz
        
        ❌ kind-of-5.1.0.tgz (Vulnerable Library)

Found in HEAD commit: 9beab770a57554f03cb75663a8da65300c1a8473

Vulnerability Details

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.

Publish Date: 2019-12-30

URL: CVE-2019-20149

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Step up your Open Source Security Game with WhiteSource here

Rollback if installation fails

WS-2019-0367 (Medium) detected in angular-1.4.2.min.js

WS-2019-0367 - Medium Severity Vulnerability

Vulnerable Library - angular-1.4.2.min.js

Library home page: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.4.2/angular.min.js

Path to dependency file: /tmp/ws-scm/AID/docs/node_modules/autocomplete.js/test/playground_angular.html

Path to vulnerable library: /AID/docs/node_modules/autocomplete.js/test/playground_angular.html,/AID/docs/node_modules/autocomplete.js/examples/basic_angular.html

Dependency Hierarchy:

❌ angular-1.4.2.min.js (Vulnerable Library)

Found in HEAD commit: 708c0f68e8540b044f2c44c3ef7e7aff2e34dfef

Vulnerability Details

Prototype Pollution vulnerability found in Angular before 1.7.9.

Publish Date: 2020-01-08

URL: WS-2019-0367

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://github.com/angular/angular.js/blob/master/CHANGELOG.md#179-pollution-eradication-2019-11-19

Release Date: 2020-01-08

Fix Resolution: angular - 1.7.9

Step up your Open Source Security Game with WhiteSource here

autoai-org / aid Goto Github PK

aid's People

Contributors

Stargazers

Watchers

Forkers

aid's Issues

Model Name

Model Usage

Description

Existed Implementation?

WS-2018-0021 - Medium Severity Vulnerability

CVE-2012-6708 - Medium Severity Vulnerability

CVE-2015-9251 - Medium Severity Vulnerability

CVE-2020-11022 - Medium Severity Vulnerability

CVE-2020-7608 - Medium Severity Vulnerability

CVE-2018-14042 - Medium Severity Vulnerability

CVE-2019-8331 - Medium Severity Vulnerability

WS-2020-0070 - High Severity Vulnerability

WS-2020-0042 - Medium Severity Vulnerability

WS-2017-0120 - High Severity Vulnerability

CVE-2020-7598 - High Severity Vulnerability

CVE-2019-11358 - Medium Severity Vulnerability

WS-2016-0090 - Medium Severity Vulnerability

CVE-2020-8116 - Medium Severity Vulnerability

CVE-2020-6817 - Medium Severity Vulnerability

Model Name

Model Usage

Description

Existed Implementation?

CVE-2018-14040 - Medium Severity Vulnerability

CVE-2018-20677 - Medium Severity Vulnerability

WS-2020-0068 - Medium Severity Vulnerability

CVE-2019-20149 - Medium Severity Vulnerability

WS-2019-0367 - Medium Severity Vulnerability

Recommend Projects

Recommend Topics

Recommend Org