finos / finos-deg Goto Github PK

2.0 5.0 4.0 826 KB

Repository for FINOS Decentralized Growth Program Documentation Site

JavaScript 96.78% CSS 3.22%

finos-deg's Introduction

FINOS DEG

FINOS Decentralized Ecosystem is a community-led initiative that ...

This repository contains the object definitions and the logic to publish its documentation on decentralized.finos.org, where you can find out how to use the objects or contribute to the project.

If you want to build and contribute to this repository, checkout the website README

If you want to check the objects source code, browse the src/objects folder.

Contributing

Fork it (https://github.com/finos-deg/finos-deg.github.io/fork)
Create your feature branch (git checkout -b feature/fooBar)
Read our contribution guidelines and Community Code of Conduct
Commit your changes (git commit -am 'Add some fooBar')
Push to the branch (git push origin feature/fooBar)
Create a new Pull Request

NOTE: Commits and pull requests to FINOS repositories will only be accepted from those contributors with an active, executed Individual Contributor License Agreement (ICLA) with FINOS OR who are covered under an existing and active Corporate Contribution License Agreement (CCLA) executed with FINOS. Commits from individuals not covered under an ICLA or CCLA will be flagged and blocked by the FINOS Clabot tool. Please note that some CCLAs require individuals/employees to be explicitly named on the CCLA.

Need an ICLA? Unsure if you are covered under an existing CCLA? Email [email protected]

License

Distributed under the Apache License, Version 2.0.

License

Distributed under the Apache License, Version 2.0.

finos-deg's People

Contributors

Stargazers

Watchers

Forkers

amberella grizzwolf maoo brooklynrob

finos-deg's Issues

WS-2019-0381 (Medium) detected in kind-of-6.0.2.tgz

WS-2019-0381 - Medium Severity Vulnerability

Vulnerable Library - kind-of-6.0.2.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz

Path to dependency file: /finos-deg/website/package.json

Path to vulnerable library: /tmp/git/finos-deg/website/node_modules/kind-of/package.json

Dependency Hierarchy:

docusaurus-1.12.0.tgz (Root Library)
- react-dev-utils-9.0.3.tgz
  - fork-ts-checker-webpack-plugin-1.5.0.tgz
    - micromatch-3.1.10.tgz
      - ❌ kind-of-6.0.2.tgz (Vulnerable Library)

Vulnerability Details

Versions of kind-of 6.x prior to 6.0.3 are vulnerable to a Validation Bypass. A maliciously crafted object can alter the result of the type check, allowing attackers to bypass the type checking validation.

Publish Date: 2020-03-18

URL: WS-2019-0381

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: jonschlinkert/kind-of@975c13a

Release Date: 2020-03-18

Fix Resolution: kind-of - 6.0.3

CVE-2019-20149 (Medium) detected in multiple libraries

CVE-2019-20149 - Medium Severity Vulnerability

Vulnerable Libraries - kind-of-4.0.0.tgz, kind-of-6.0.2.tgz, kind-of-3.2.2.tgz, kind-of-5.1.0.tgz

kind-of-4.0.0.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-4.0.0.tgz

Path to dependency file: /finos-deg/website/package.json

Path to vulnerable library: /tmp/git/finos-deg/website/node_modules/has-values/node_modules/kind-of/package.json

Dependency Hierarchy:

docusaurus-1.12.0.tgz (Root Library)
- react-dev-utils-9.0.3.tgz
  - fork-ts-checker-webpack-plugin-1.5.0.tgz
    - micromatch-3.1.10.tgz
      - snapdragon-0.8.2.tgz
        
        base-0.11.2.tgz
        
        cache-base-1.0.1.tgz
        
        has-value-1.0.0.tgz
        
        has-values-1.0.0.tgz
        
        ❌ kind-of-4.0.0.tgz (Vulnerable Library)

kind-of-6.0.2.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz

Path to dependency file: /finos-deg/website/package.json

Path to vulnerable library: /tmp/git/finos-deg/website/node_modules/kind-of/package.json

Dependency Hierarchy:

docusaurus-1.12.0.tgz (Root Library)
- react-dev-utils-9.0.3.tgz
  - fork-ts-checker-webpack-plugin-1.5.0.tgz
    - micromatch-3.1.10.tgz
      - ❌ kind-of-6.0.2.tgz (Vulnerable Library)

kind-of-3.2.2.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz

Path to dependency file: /finos-deg/website/package.json

Path to vulnerable library: /tmp/git/finos-deg/website/node_modules/is-data-descriptor/node_modules/kind-of/package.json

Dependency Hierarchy:

docusaurus-1.12.0.tgz (Root Library)
- markdown-toc-1.2.0.tgz
  - list-item-1.1.1.tgz
    - is-number-2.1.0.tgz
      - ❌ kind-of-3.2.2.tgz (Vulnerable Library)

kind-of-5.1.0.tgz

Get the native type of a value.

Library home page: https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz

Path to dependency file: /finos-deg/website/package.json

Path to vulnerable library: /tmp/git/finos-deg/website/node_modules/is-descriptor/node_modules/kind-of/package.json

Dependency Hierarchy:

docusaurus-1.12.0.tgz (Root Library)
- react-dev-utils-9.0.3.tgz
  - fork-ts-checker-webpack-plugin-1.5.0.tgz
    - micromatch-3.1.10.tgz
      - snapdragon-0.8.2.tgz
        
        define-property-0.2.5.tgz
        
        is-descriptor-0.1.6.tgz
        
        ❌ kind-of-5.1.0.tgz (Vulnerable Library)

Vulnerability Details

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.

Publish Date: 2019-12-30

URL: CVE-2019-20149

CVSS 2 Score Details (5.0)

Base Score Metrics not available

WS-2020-0070 (High) detected in lodash-4.17.15.tgz

WS-2020-0070 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.15.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz

Path to dependency file: /finos-deg/website/package.json

Path to vulnerable library: /tmp/git/finos-deg/website/node_modules/lodash/package.json

Dependency Hierarchy:

docusaurus-1.12.0.tgz (Root Library)
- ❌ lodash-4.17.15.tgz (Vulnerable Library)

Vulnerability Details

a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype

Publish Date: 2020-04-28

URL: WS-2020-0070

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

finos / finos-deg Goto Github PK

finos-deg's Introduction

FINOS DEG

Contributing

License

License

finos-deg's People

Contributors

Stargazers

Watchers

Forkers

finos-deg's Issues

WS-2019-0381 (Medium) detected in kind-of-6.0.2.tgz

WS-2019-0381 - Medium Severity Vulnerability

CVE-2019-20149 (Medium) detected in multiple libraries

CVE-2019-20149 - Medium Severity Vulnerability

WS-2020-0070 (High) detected in lodash-4.17.15.tgz

WS-2020-0070 - High Severity Vulnerability

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent