hammondjm / webgoat Goto Github PK
View Code? Open in Web Editor NEWThis project forked from webgoat/webgoat
WebGoat is a deliberately insecure application
Home Page: https://webgoat.github.io/WebGoat/
License: Other
This project forked from webgoat/webgoat
WebGoat is a deliberately insecure application
Home Page: https://webgoat.github.io/WebGoat/
License: Other
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.3/jquery.js
Path to dependency file: /tmp/ws-scm/WebGoat/docs/node_modules/jquery.easing/example/demo.html
Path to vulnerable library: /WebGoat/docs/node_modules/jquery.easing/example/demo.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/WebGoat/docs/node_modules/js-base64/test/index.html
Path to vulnerable library: /WebGoat/docs/node_modules/js-base64/test/index.html,/WebGoat/docs/node_modules/jquery.easing/example/example.html,/WebGoat/webgoat-container/src/main/resources/static/js/libs/jquery-2.1.4.min.js,/WebGoat/webgoat-container/target/classes/static/js/libs/jquery-2.1.4.min.js
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
Path to vulnerable library: /WebGoat/webgoat-container/src/main/resources/static/js/libs/jquery.min.js,/WebGoat/webgoat-container/target/classes/static/js/libs/jquery.min.js
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://registry.npmjs.org/jquery/-/jquery-3.3.1.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /WebGoat/docs/node_modules/jquery/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
Base Score Metrics:
Type: Upgrade version
Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.11.0.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).
Publish Date: 2019-04-23
URL: CVE-2018-20822
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20822
Release Date: 2019-08-06
Fix Resolution: LibSass - 3.6.0;node-sass - 4.13.1
Deeply mix the properties of objects into the first object. Like merge-deep, but doesn't clone.
Library home page: https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.1.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/mixin-deep/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Publish Date: 2019-08-23
URL: CVE-2019-10746
Base Score Metrics:
Type: Upgrade version
Origin: jonschlinkert/mixin-deep@8f464c8
Release Date: 2019-07-11
Fix Resolution: 1.3.2,2.0.1
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.11.0.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp.
Publish Date: 2018-12-04
URL: CVE-2018-19837
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19837
Fix Resolution: 3.5.5
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.11.0.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11698
Base Score Metrics:
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-11698
Release Date: 2018-06-04
Fix Resolution: Libsass-3.6.0
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.3/jquery.js
Path to dependency file: /tmp/ws-scm/WebGoat/docs/node_modules/jquery.easing/example/demo.html
Path to vulnerable library: /WebGoat/docs/node_modules/jquery.easing/example/demo.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/WebGoat/docs/node_modules/js-base64/test/index.html
Path to vulnerable library: /WebGoat/docs/node_modules/js-base64/test/index.html,/WebGoat/docs/node_modules/jquery.easing/example/example.html,/WebGoat/webgoat-container/src/main/resources/static/js/libs/jquery-2.1.4.min.js,/WebGoat/webgoat-container/target/classes/static/js/libs/jquery-2.1.4.min.js
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
Path to vulnerable library: /WebGoat/webgoat-container/src/main/resources/static/js/libs/jquery.min.js,/WebGoat/webgoat-container/target/classes/static/js/libs/jquery.min.js
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://registry.npmjs.org/jquery/-/jquery-3.3.1.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /WebGoat/docs/node_modules/jquery/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.11.0.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.
Publish Date: 2019-01-14
URL: CVE-2019-6286
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6286
Release Date: 2019-08-06
Fix Resolution: LibSass - 3.6.0
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.11.0.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.
Publish Date: 2019-01-14
URL: CVE-2019-6284
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6284
Release Date: 2019-08-06
Fix Resolution: LibSass - 3.6.0
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /WebGoat/webgoat-container/target/classes/static/plugins/bootstrap/js/bootstrap.min.js,/WebGoat/webgoat-container/src/main/resources/static/plugins/bootstrap/js/bootstrap.min.js,/WebGoat/webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
Publish Date: 2018-07-13
URL: CVE-2018-14040
Base Score Metrics:
Type: Upgrade version
Origin: twbs/bootstrap#26630
Release Date: 2018-07-13
Fix Resolution: org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0
like `chown -R`
Library home page: https://registry.npmjs.org/chownr/-/chownr-1.0.1.tgz
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.
Publish Date: 2020-06-15
URL: CVE-2017-18869
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18869
Release Date: 2020-06-15
Fix Resolution: 1.1.0
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /WebGoat/webgoat-container/target/classes/static/plugins/bootstrap/js/bootstrap.min.js,/WebGoat/webgoat-container/src/main/resources/static/plugins/bootstrap/js/bootstrap.min.js,/WebGoat/webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
Publish Date: 2019-01-09
URL: CVE-2018-20677
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677
Release Date: 2019-01-09
Fix Resolution: Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/mkdirp/node_modules/minimist/package.json
Dependency Hierarchy:
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/minimist/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
Publish Date: 2020-03-11
URL: CVE-2020-7598
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94
Release Date: 2020-03-11
Fix Resolution: minimist - 0.2.1,1.2.3
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/gulp-uglify/node_modules/lodash/package.json
Dependency Hierarchy:
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
Prototype pollution attack when using _.zipObjectDeep in lodash <= 4.17.15.
Publish Date: 2020-07-15
URL: CVE-2020-8203
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1523
Release Date: 2020-07-23
Fix Resolution: lodash - 4.17.19
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /WebGoat/webgoat-container/target/classes/static/plugins/bootstrap/js/bootstrap.min.js,/WebGoat/webgoat-container/src/main/resources/static/plugins/bootstrap/js/bootstrap.min.js,/WebGoat/webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Publish Date: 2019-01-09
URL: CVE-2016-10735
Base Score Metrics:
Type: Upgrade version
Origin: twbs/bootstrap#20184
Release Date: 2019-01-09
Fix Resolution: 3.4.0
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.11.0.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.
Publish Date: 2018-12-04
URL: CVE-2018-19839
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19839
Release Date: 2018-12-04
Fix Resolution: Libsass:3.6.0
Promise based HTTP client for the browser and node.js
Library home page: https://registry.npmjs.org/axios/-/axios-0.17.1.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/axios/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.
Publish Date: 2019-05-07
URL: CVE-2019-10742
Base Score Metrics:
Type: Upgrade version
Origin: axios/axios#1098
Release Date: 2019-05-31
Fix Resolution: 0.19.0
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://registry.npmjs.org/bootstrap/-/bootstrap-4.2.1.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /WebGoat/docs/node_modules/bootstrap/package.json
Dependency Hierarchy:
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /WebGoat/webgoat-container/target/classes/static/plugins/bootstrap/js/bootstrap.min.js,/WebGoat/webgoat-container/src/main/resources/static/plugins/bootstrap/js/bootstrap.min.js,/WebGoat/webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Publish Date: 2019-02-20
URL: CVE-2019-8331
Base Score Metrics:
Type: Upgrade version
Origin: twbs/bootstrap#28236
Release Date: 2019-02-20
Fix Resolution: bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.11.0.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
An issue was discovered in LibSass <3.5.3. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11695
Base Score Metrics:
Type: Upgrade version
Origin: sass/libsass#2664
Release Date: 2018-06-04
Fix Resolution: Libsass:3.5.3, Node-sass:4.9.0
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.3/jquery.js
Path to dependency file: /tmp/ws-scm/WebGoat/docs/node_modules/jquery.easing/example/demo.html
Path to vulnerable library: /WebGoat/docs/node_modules/jquery.easing/example/demo.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/WebGoat/docs/node_modules/js-base64/test/index.html
Path to vulnerable library: /WebGoat/docs/node_modules/js-base64/test/index.html,/WebGoat/docs/node_modules/jquery.easing/example/example.html,/WebGoat/webgoat-container/src/main/resources/static/js/libs/jquery-2.1.4.min.js,/WebGoat/webgoat-container/target/classes/static/js/libs/jquery-2.1.4.min.js
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - v3.0.0
tar for node
Library home page: https://registry.npmjs.org/tar/-/tar-2.2.1.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/tar/package.json
Dependency Hierarchy:
tar for node
Library home page: https://registry.npmjs.org/tar/-/tar-4.4.1.tgz
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. A patch has been applied to node-tar v2.2.2).
Publish Date: 2019-04-30
URL: CVE-2018-20834
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20834
Release Date: 2019-04-30
Fix Resolution: tar - 2.2.2,4.4.2
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.3/jquery.js
Path to dependency file: /tmp/ws-scm/WebGoat/docs/node_modules/jquery.easing/example/demo.html
Path to vulnerable library: /WebGoat/docs/node_modules/jquery.easing/example/demo.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/WebGoat/docs/node_modules/js-base64/test/index.html
Path to vulnerable library: /WebGoat/docs/node_modules/js-base64/test/index.html,/WebGoat/docs/node_modules/jquery.easing/example/example.html,/WebGoat/webgoat-container/src/main/resources/static/js/libs/jquery-2.1.4.min.js,/WebGoat/webgoat-container/target/classes/static/js/libs/jquery-2.1.4.min.js
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://registry.npmjs.org/jquery/-/jquery-3.3.1.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /WebGoat/docs/node_modules/jquery/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: 3.4.0
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /WebGoat/webgoat-container/target/classes/static/plugins/bootstrap/js/bootstrap.min.js,/WebGoat/webgoat-container/src/main/resources/static/plugins/bootstrap/js/bootstrap.min.js,/WebGoat/webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
Publish Date: 2018-07-13
URL: CVE-2018-14042
Base Score Metrics:
Type: Upgrade version
Origin: twbs/bootstrap#26630
Release Date: 2018-07-13
Fix Resolution: org.webjars.npm:bootstrap:4.1.2.org.webjars:bootstrap:3.4.0
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.11.0.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11696
Base Score Metrics:
Type: Upgrade version
Origin: sass/libsass#2665
Release Date: 2018-06-04
Fix Resolution: Libsass:3.5.5, Node-sass:4.14.0
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.1.1/js/bootstrap.min.js
Path to vulnerable library: /WebGoat/webgoat-container/target/classes/static/plugins/bootstrap/js/bootstrap.min.js,/WebGoat/webgoat-container/src/main/resources/static/plugins/bootstrap/js/bootstrap.min.js,/WebGoat/webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
Publish Date: 2019-01-09
URL: CVE-2018-20676
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20676
Release Date: 2019-01-09
Fix Resolution: bootstrap - 3.4.0
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.11.0.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().
Publish Date: 2018-12-04
URL: CVE-2018-19838
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/sass/libsass/blob/3.6.0/src/ast.cpp
Release Date: 2019-07-01
Fix Resolution: LibSass - 3.6.0
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.11.0.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.
Publish Date: 2018-12-17
URL: CVE-2018-20190
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20190
Release Date: 2018-12-17
Fix Resolution: LibSass - 3.6.0
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.11.0.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-12-03
URL: CVE-2018-19827
Base Score Metrics:
Type: Upgrade version
Origin: sass/libsass#2784
Release Date: 2019-08-29
Fix Resolution: LibSass - 3.6.0
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.11.0.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11697
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11697
Release Date: 2019-09-01
Fix Resolution: LibSass - 3.6.0
Fastest brace expansion for node.js, with the most complete support for the Bash 4.3 braces specification.
Library home page: https://registry.npmjs.org/braces/-/braces-1.8.5.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/micromatch/node_modules/braces/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
Version of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.
Publish Date: 2018-02-16
URL: WS-2019-0019
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/786
Release Date: 2019-02-21
Fix Resolution: 2.3.1
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-4.2.1.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/yargs-parser/package.json
Dependency Hierarchy:
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-5.0.0.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/gulp/node_modules/yargs-parser/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.
Publish Date: 2020-03-16
URL: CVE-2020-7608
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608
Release Date: 2020-03-16
Fix Resolution: v18.1.1;13.1.2;15.0.1
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.11.0.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).
Publish Date: 2019-04-23
URL: CVE-2018-20821
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20821
Release Date: 2019-04-23
Fix Resolution: LibSass - 3.6.0
The Lodash method `_.mergeWith` exported as a module.
Library home page: https://registry.npmjs.org/lodash.mergewith/-/lodash.mergewith-4.6.1.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/lodash.mergewith/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
lodash.mergewith before 4.6.2 is vulnerable to prototype pollution. The function mergeWith() may allow a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects.
Publish Date: 2019-08-14
URL: WS-2019-0180
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1071
Release Date: 2019-08-14
Fix Resolution: 4.6.2
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/gulp-uglify/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
Publish Date: 2019-02-01
URL: CVE-2018-16487
Base Score Metrics:
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16487
Release Date: 2019-02-01
Fix Resolution: 4.17.11
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/kind-of/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
Publish Date: 2019-12-30
URL: CVE-2019-20149
Base Score Metrics:
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20149
Release Date: 2019-12-30
Fix Resolution: 6.0.3
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.11.0.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11694
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11694
Release Date: 2018-06-04
Fix Resolution: LibSass - 3.6.0
Advanced file system stream things
Library home page: https://registry.npmjs.org/fstream/-/fstream-1.0.11.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/fstream/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.
Publish Date: 2019-07-02
URL: CVE-2019-13173
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13173
Release Date: 2019-07-02
Fix Resolution: 1.0.12
Another JSON Schema Validator
Library home page: https://registry.npmjs.org/ajv/-/ajv-6.6.2.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/ajv/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)
Publish Date: 2020-07-15
URL: CVE-2020-15366
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/ajv-validator/ajv/releases/tag/v6.12.3
Release Date: 2020-07-15
Fix Resolution: ajv - 6.12.3
A querystring parser that supports nesting and arrays, with a depth limit
Library home page: https://registry.npmjs.org/qs/-/qs-6.2.3.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/qs/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash.
Publish Date: 2017-07-17
URL: CVE-2017-1000048
Base Score Metrics:
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000048
Release Date: 2017-07-17
Fix Resolution: 6.0.4,6.1.2,6.2.3,6.3.2
Create nested values and any intermediaries using dot notation (`'a.b.c'`) paths.
Library home page: https://registry.npmjs.org/set-value/-/set-value-2.0.0.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/set-value/package.json
Dependency Hierarchy:
Create nested values and any intermediaries using dot notation (`'a.b.c'`) paths.
Library home page: https://registry.npmjs.org/set-value/-/set-value-0.4.3.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/union-value/node_modules/set-value/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and proto payloads.
Publish Date: 2019-08-23
URL: CVE-2019-10747
Base Score Metrics:
Type: Upgrade version
Origin: jonschlinkert/set-value@95e9d99
Release Date: 2019-07-24
Fix Resolution: 2.0.1,3.0.1
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.11.0.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.
Publish Date: 2018-05-26
URL: CVE-2018-11499
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11499
Release Date: 2018-05-26
Fix Resolution: LibSass - 3.6.0
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.11.0.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.
Publish Date: 2019-01-14
URL: CVE-2019-6283
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6284
Release Date: 2019-08-06
Fix Resolution: LibSass - 3.6.0
HTTP proxying for the masses
Library home page: https://registry.npmjs.org/http-proxy/-/http-proxy-1.15.2.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/http-proxy/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
Versions of http-proxy prior to 1.18.1 are vulnerable to Denial of Service. An HTTP request with a long body triggers an ERR_HTTP_HEADERS_SENT unhandled exception that crashes the proxy server. This is only possible when the proxy server sets headers in the proxy request using the proxyReq.setHeader function.
Publish Date: 2020-05-14
URL: WS-2020-0091
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1486
Release Date: 2020-05-26
Fix Resolution: http-proxy - 1.18.1
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.11.0.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.
Publish Date: 2018-12-03
URL: CVE-2018-19797
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19797
Release Date: 2018-12-03
Fix Resolution: libsass-3.6.0
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/gulp-uglify/node_modules/lodash/package.json
Dependency Hierarchy:
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Publish Date: 2019-07-26
URL: CVE-2019-10744
Base Score Metrics:
Type: Upgrade version
Origin: lodash/lodash@a01e4fa
Release Date: 2019-07-08
Fix Resolution: 4.17.12
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/gulp-uglify/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.
Publish Date: 2019-07-17
URL: CVE-2019-1010266
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010266
Release Date: 2019-07-17
Fix Resolution: 4.17.11
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.11.0.tgz
Path to dependency file: /tmp/ws-scm/WebGoat/docs/package.json
Path to vulnerable library: /tmp/ws-scm/WebGoat/docs/node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 03ef13fd3d7830113ef6f26e7405a340c29ca5c1
LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.
Publish Date: 2019-11-06
URL: CVE-2019-18797
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18797
Release Date: 2019-11-06
Fix Resolution: LibSass - 3.6.3
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.