ignatandrei / console_to_saas Goto Github PK
View Code? Open in Web Editor NEWA book where you can learn how to build a SAAS product incrementally
Home Page: https://ignatandrei.github.io/console_to_saas/
License: MIT License
A book where you can learn how to build a SAAS product incrementally
Home Page: https://ignatandrei.github.io/console_to_saas/
License: MIT License
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-9.0.2.tgz
Path to dependency file: /tmp/ws-scm/console_to_saas/print/package.json
Path to vulnerable library: /tmp/ws-scm/console_to_saas/print/node_modules/yargs-parser/package.json
Dependency Hierarchy:
Found in HEAD commit: e88b87616d135a822e33bdc35d9eb66662e231f7
Affected versions of yargs-parser are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument --foo.proto.bar baz' adds a bar property with value baz to all objects. This is only exploitable if attackers have control over the arguments being passed to yargs-parser.
Publish Date: 2020-05-01
URL: WS-2020-0068
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/package/yargs-parser
Release Date: 2020-05-04
Fix Resolution: https://www.npmjs.com/package/yargs-parser/v/18.1.2,https://www.npmjs.com/package/yargs-parser/v/15.0.1
Step up your Open Source Security Game with WhiteSource here
a glob matcher in javascript
Library home page: https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz
Path to dependency file: /print/package.json
Path to vulnerable library: /print/node_modules/minimatch/package.json
Dependency Hierarchy:
Found in base branch: master
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
Publish Date: 2022-10-17
URL: CVE-2022-3517
Base Score Metrics:
Step up your Open Source Security Game with Mend here
Here's the Weekly Digest for ignatandrei/console_to_saas:
Last week, no issues were created.
Last week, no pull requests were created, updated or merged.
Last week there were no commits.
Last week there were no contributors.
Last week there were no stargazers.
Last week there were no releases.
That's all for last week, please ๐ Watch and โญ Star the repository ignatandrei/console_to_saas to receive next weekly updates. ๐
You can also view all Weekly Digests by clicking here.
Your Weekly Digest bot. ๐
Here's the Weekly Digest for ignatandrei/console_to_saas:
Last week, no issues were created.
Last week, no pull requests were created, updated or merged.
Last week there were no commits.
Last week there were no contributors.
Last week there were no stargazers.
Last week there were no releases.
That's all for last week, please ๐ Watch and โญ Star the repository ignatandrei/console_to_saas to receive next weekly updates. ๐
You can also view all Weekly Digests by clicking here.
Your Weekly Digest bot. ๐
Modify Chapter 01 - readme in order to be happy.
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-9.0.2.tgz
Path to dependency file: /tmp/ws-scm/console_to_saas/print/package.json
Path to vulnerable library: /tmp/ws-scm/console_to_saas/print/node_modules/yargs-parser/package.json
Dependency Hierarchy:
Found in HEAD commit: e88b87616d135a822e33bdc35d9eb66662e231f7
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.
Publish Date: 2020-03-16
URL: CVE-2020-7608
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608
Release Date: 2020-03-16
Fix Resolution: v18.1.1;13.1.2;15.0.1
Step up your Open Source Security Game with WhiteSource here
review chapter 07 web app code
Here's the Weekly Digest for ignatandrei/console_to_saas:
This week, no issues have been created or closed.
This week, no pull requests has been proposed by the users.
This week, no user has contributed to this repository.
This week, no user has starred this repository.
This week, there have been no commits.
This week, no releases were published.
That's all for this week, please watch ๐ and star โญ ignatandrei/console_to_saas to receive next weekly updates. ๐
Here's the Weekly Digest for ignatandrei/console_to_saas:
Last week, no issues were created.
Last week, no pull requests were created, updated or merged.
Last week there were no commits.
Last week there were no contributors.
Last week there were no stargazers.
Last week there were no releases.
That's all for last week, please ๐ Watch and โญ Star the repository ignatandrei/console_to_saas to receive next weekly updates. ๐
You can also view all Weekly Digests by clicking here.
Your Weekly Digest bot. ๐
And on PDF
Here's the Weekly Digest for ignatandrei/console_to_saas:
Last week, no issues were created.
Last week, no pull requests were created, updated or merged.
Last week there were no commits.
Last week there were no contributors.
Last week there were no stargazers.
Last week there were no releases.
That's all for last week, please ๐ Watch and โญ Star the repository ignatandrei/console_to_saas to receive next weekly updates. ๐
You can also view all Weekly Digests by clicking here.
Your Weekly Digest bot. ๐
Syntax highlighting with language autodetection.
Library home page: https://registry.npmjs.org/highlight.js/-/highlight.js-9.18.3.tgz
Path to dependency file: /print/package.json
Path to vulnerable library: /print/node_modules/highlight.js/package.json
Dependency Hierarchy:
Found in base branch: master
If are you are using Highlight.js to highlight user-provided data you are possibly vulnerable. On the client-side (in a browser or Electron environment) risks could include lengthy freezes or crashes... On the server-side infinite freezes could occur... effectively preventing users from accessing your app or service (ie, Denial of Service). This is an issue with grammars shipped with the parser (and potentially 3rd party grammars also), not the parser itself. If you are using Highlight.js with any of the following grammars you are vulnerable. If you are using highlightAuto to detect the language (and have any of these grammars registered) you are vulnerable.
Publish Date: 2020-12-04
URL: WS-2020-0208
Base Score Metrics:
Step up your Open Source Security Game with Mend here
Here's the Weekly Digest for ignatandrei/console_to_saas:
Last week, no issues were created.
Last week, no pull requests were created, updated or merged.
Last week there were no commits.
Last week there were no contributors.
Last week there were no stargazers.
Last week there were no releases.
That's all for last week, please ๐ Watch and โญ Star the repository ignatandrei/console_to_saas to receive next weekly updates. ๐
You can also view all Weekly Digests by clicking here.
Your Weekly Digest bot. ๐
In readme exists
Authors Andrei & Daniel
Please put something more profi
Higher-order functions and common patterns for asynchronous code
Library home page: https://registry.npmjs.org/async/-/async-1.5.2.tgz
Path to dependency file: /print/package.json
Path to vulnerable library: /print/node_modules/async/package.json
Dependency Hierarchy:
Found in base branch: master
In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.
Publish Date: 2022-04-06
URL: CVE-2021-43138
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-43138
Release Date: 2022-04-06
Fix Resolution: async - 2.6.4,3.2.2
Step up your Open Source Security Game with Mend here
Here's the Weekly Digest for ignatandrei/console_to_saas:
Last week, no issues were created.
Last week, no pull requests were created, updated or merged.
Last week there were no commits.
Last week there were no contributors.
Last week there were no stargazers.
Last week there were no releases.
That's all for last week, please ๐ Watch and โญ Star the repository ignatandrei/console_to_saas to receive next weekly updates. ๐
You can also view all Weekly Digests by clicking here.
Your Weekly Digest bot. ๐
Client-side form validation made easy
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.17.0/jquery.validate.js
Path to vulnerable library: /docs/sources/Chapter07/Chapter07/FastExtractDocumentMetadata/FastExtractor.Web/wwwroot/lib/jquery-validation/dist/jquery.validate.js,/Chapter07/FastExtractDocumentMetadata/FastExtractor.Web/wwwroot/lib/jquery-validation/dist/jquery.validate.js
Dependency Hierarchy:
Client-side form validation made easy
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.17.0/jquery.validate.min.js
Path to vulnerable library: /docs/sources/Chapter07/Chapter07/FastExtractDocumentMetadata/FastExtractor.Web/wwwroot/lib/jquery-validation/dist/jquery.validate.min.js,/Chapter07/FastExtractDocumentMetadata/FastExtractor.Web/wwwroot/lib/jquery-validation/dist/jquery.validate.min.js
Dependency Hierarchy:
Found in base branch: master
The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.
Publish Date: 2021-01-13
URL: CVE-2021-21252
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-jxwx-85vp-gvwm
Release Date: 2021-01-13
Fix Resolution: jquery-validation - 1.19.3
Step up your Open Source Security Game with Mend here
Here's the Weekly Digest for ignatandrei/console_to_saas:
Last week, no issues were created.
Last week, no pull requests were created, updated or merged.
Last week there were no commits.
Last week there were no contributors.
Last week there were no stargazers.
Last week there were no releases.
That's all for last week, please ๐ Watch and โญ Star the repository ignatandrei/console_to_saas to receive next weekly updates. ๐
You can also view all Weekly Digests by clicking here.
Your Weekly Digest bot. ๐
adaugat linkuri pentru
Identity Server
2FA
Authentication / Authorization in .NET Core
Here's the Weekly Digest for ignatandrei/console_to_saas:
Last week, no issues were created.
Last week, no pull requests were created, updated or merged.
Last week there were no commits.
Last week there were no contributors.
Last week there were no stargazers.
Last week there were no releases.
That's all for last week, please ๐ Watch and โญ Star the repository ignatandrei/console_to_saas to receive next weekly updates. ๐
You can also view all Weekly Digests by clicking here.
Your Weekly Digest bot. ๐
add version time stamp to the footer of each page
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.