Code Monkey home page Code Monkey logo

splitterino's Introduction

Build Status Coverage Code Climate maintainability Release Version License

Splitterino

Splitterino is an open-source multi-platform applications for speedrunners (gaming-speedrunners) to time their runs with! It's greatly insprired from existing splitters like LiveSplit, but is build freshly from the ground up with customization in mind.

Splitterino is built ontop Electron and Vue, using TypeScript as the language for a more reliable and stable application.

Usage

To install Splitterino to use it, you should use the installer for your operating system. Download the appropriate installer from the GitHub Releases page and follow the instructions.

Installation

This installation is aimed for developers to work on and test the code.

Required Software:

First, clone the repository to your local machine. The rules for contributing are specified in CONTRIBUTING

Then install all packages via yarn and then serve the application.

yarn
yarn serve

Beware of possible zombie threads when the application is killed via Ctrl+C.

splitterino's People

Contributors

alexatfrink avatar dependabot[bot] avatar mend-bolt-for-github[bot] avatar murbal avatar prefixaut avatar sirchronus avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

wahello

splitterino's Issues

CVE-2018-19838 (Medium) detected in opennms-opennms-source-22.0.1-1

CVE-2018-19838 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-22.0.1-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121

Library Source Files (64)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /splitterino/node_modules/console-browserify/test/static/test-adapter.js
  • /splitterino/node_modules/nan/nan_callbacks_pre_12_inl.h
  • /splitterino/node_modules/node-sass/src/libsass/src/expand.hpp
  • /splitterino/node_modules/node-sass/src/sass_types/factory.cpp
  • /splitterino/node_modules/js-base64/.attic/test-moment/./yoshinoya.js
  • /splitterino/node_modules/node-sass/src/sass_types/boolean.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/value.h
  • /splitterino/node_modules/node-sass/src/libsass/src/emitter.hpp
  • /splitterino/node_modules/nan/nan_converters_pre_43_inl.h
  • /splitterino/node_modules/node-sass/src/libsass/src/file.cpp
  • /splitterino/node_modules/nan/nan_persistent_12_inl.h
  • /splitterino/node_modules/node-sass/src/libsass/src/operation.hpp
  • /splitterino/node_modules/nan/nan_persistent_pre_12_inl.h
  • /splitterino/node_modules/node-sass/src/libsass/src/operators.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/constants.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/error_handling.hpp
  • /splitterino/node_modules/nan/nan_implementation_pre_12_inl.h
  • /splitterino/node_modules/js-base64/.attic/test-moment/./dankogai.js
  • /splitterino/node_modules/node-sass/src/libsass/src/constants.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/list.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/functions.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/util.cpp
  • /splitterino/node_modules/node-sass/src/custom_function_bridge.cpp
  • /splitterino/node_modules/node-sass/src/custom_importer_bridge.h
  • /splitterino/node_modules/node-sass/src/libsass/src/bind.cpp
  • /splitterino/node_modules/nan/nan_json.h
  • /splitterino/node_modules/node-sass/src/libsass/src/eval.hpp
  • /splitterino/node_modules/nan/nan_converters.h
  • /splitterino/node_modules/node-sass/src/libsass/src/backtrace.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/extend.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
  • /splitterino/node_modules/node-sass/src/libsass/src/error_handling.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/emitter.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/number.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/color.h
  • /splitterino/node_modules/nan/nan_new.h
  • /splitterino/node_modules/node-sass/src/libsass/src/sass_values.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/ast.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/output.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/check_nesting.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/null.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/cssize.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/ast.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/to_c.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/to_value.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
  • /splitterino/node_modules/nan/nan_callbacks.h
  • /splitterino/node_modules/node-sass/src/libsass/src/inspect.hpp
  • /splitterino/node_modules/node-sass/src/sass_types/color.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/values.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/list.h
  • /splitterino/node_modules/node-sass/src/libsass/src/check_nesting.hpp
  • /splitterino/node_modules/nan/nan_define_own_property_helper.h
  • /splitterino/node_modules/js-base64/test/./es5.js
  • /splitterino/node_modules/node-sass/src/sass_types/map.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/to_value.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/context.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/string.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/sass_context.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/prelexer.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/context.hpp
  • /splitterino/node_modules/node-sass/src/sass_types/boolean.h
  • /splitterino/node_modules/nan/nan_private.h

Vulnerability Details

In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().

Publish Date: 2018-12-04

URL: CVE-2018-19838

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/sass/libsass/blob/3.6.0/src/ast.cpp

Release Date: 2019-07-01

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7660 (Medium) detected in serialize-javascript-2.1.2.tgz

CVE-2020-7660 - Medium Severity Vulnerability

Vulnerable Library - serialize-javascript-2.1.2.tgz

Serialize JavaScript to a superset of JSON that includes regular expressions and functions.

Library home page: https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-2.1.2.tgz

Path to dependency file: /tmp/ws-scm/splitterino/package.json

Path to vulnerable library: /tmp/ws-scm/splitterino/node_modules/copy-webpack-plugin/node_modules/serialize-javascript/package.json

Dependency Hierarchy:

  • cli-service-4.4.1.tgz (Root Library)
    • copy-webpack-plugin-5.1.1.tgz
      • serialize-javascript-2.1.2.tgz (Vulnerable Library)

Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121

Vulnerability Details

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".

Publish Date: 2020-06-01

URL: CVE-2020-7660

CVSS 3 Score Details (5.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: N/A
    • Attack Complexity: N/A
    • Privileges Required: N/A
    • User Interaction: N/A
    • Scope: N/A
  • Impact Metrics:
    • Confidentiality Impact: N/A
    • Integrity Impact: N/A
    • Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7660

Release Date: 2020-06-01

Fix Resolution: serialize-javascript - 3.1.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20190 (Medium) detected in proyector-movil-proyector-movil-windows, opennms-opennms-source-24.1.2-1

CVE-2018-20190 - Medium Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-17

URL: CVE-2018-20190

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20190

Release Date: 2018-12-17

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6286 (Medium) detected in node-sass-4.14.1.tgz, opennms-opennms-source-22.0.1-1

CVE-2019-6286 - Medium Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/splitterino/package.json

Path to vulnerable library: /splitterino/node_modules/node-sass/package.json

Dependency Hierarchy:

  • node-sass-4.14.1.tgz (Vulnerable Library)

Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.

Publish Date: 2019-01-14

URL: CVE-2019-6286

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6286

Release Date: 2019-08-06

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2019-18797 (Medium) detected in opennms-opennms-source-24.1.2-1

CVE-2019-18797 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-24.1.2-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121

Library Source Files (12)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /splitterino/node_modules/node-sass/src/libsass/src/util.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/cssize.cpp
  • /splitterino/node_modules/node-sass/src/sass_context_wrapper.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/functions.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/expand.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/prelexer.cpp
  • /splitterino/node_modules/node-sass/src/callback_bridge.h
  • /splitterino/node_modules/node-sass/src/libsass/src/sass.cpp
  • /splitterino/node_modules/node-sass/src/sass_context_wrapper.h
  • /splitterino/node_modules/node-sass/src/libsass/src/parser.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/eval.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/debugger.hpp

Vulnerability Details

LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.

Publish Date: 2019-11-06

URL: CVE-2019-18797

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18797

Release Date: 2019-11-06

Fix Resolution: LibSass - 3.6.3

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20822 (Medium) detected in opennms-opennms-source-22.0.1-1

CVE-2018-20822 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-22.0.1-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121

Library Source Files (64)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /splitterino/node_modules/console-browserify/test/static/test-adapter.js
  • /splitterino/node_modules/nan/nan_callbacks_pre_12_inl.h
  • /splitterino/node_modules/node-sass/src/libsass/src/expand.hpp
  • /splitterino/node_modules/node-sass/src/sass_types/factory.cpp
  • /splitterino/node_modules/js-base64/.attic/test-moment/./yoshinoya.js
  • /splitterino/node_modules/node-sass/src/sass_types/boolean.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/value.h
  • /splitterino/node_modules/node-sass/src/libsass/src/emitter.hpp
  • /splitterino/node_modules/nan/nan_converters_pre_43_inl.h
  • /splitterino/node_modules/node-sass/src/libsass/src/file.cpp
  • /splitterino/node_modules/nan/nan_persistent_12_inl.h
  • /splitterino/node_modules/node-sass/src/libsass/src/operation.hpp
  • /splitterino/node_modules/nan/nan_persistent_pre_12_inl.h
  • /splitterino/node_modules/node-sass/src/libsass/src/operators.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/constants.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/error_handling.hpp
  • /splitterino/node_modules/nan/nan_implementation_pre_12_inl.h
  • /splitterino/node_modules/js-base64/.attic/test-moment/./dankogai.js
  • /splitterino/node_modules/node-sass/src/libsass/src/constants.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/list.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/functions.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/util.cpp
  • /splitterino/node_modules/node-sass/src/custom_function_bridge.cpp
  • /splitterino/node_modules/node-sass/src/custom_importer_bridge.h
  • /splitterino/node_modules/node-sass/src/libsass/src/bind.cpp
  • /splitterino/node_modules/nan/nan_json.h
  • /splitterino/node_modules/node-sass/src/libsass/src/eval.hpp
  • /splitterino/node_modules/nan/nan_converters.h
  • /splitterino/node_modules/node-sass/src/libsass/src/backtrace.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/extend.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
  • /splitterino/node_modules/node-sass/src/libsass/src/error_handling.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/emitter.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/number.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/color.h
  • /splitterino/node_modules/nan/nan_new.h
  • /splitterino/node_modules/node-sass/src/libsass/src/sass_values.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/ast.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/output.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/check_nesting.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/null.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/cssize.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/ast.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/to_c.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/to_value.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
  • /splitterino/node_modules/nan/nan_callbacks.h
  • /splitterino/node_modules/node-sass/src/libsass/src/inspect.hpp
  • /splitterino/node_modules/node-sass/src/sass_types/color.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/values.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/list.h
  • /splitterino/node_modules/node-sass/src/libsass/src/check_nesting.hpp
  • /splitterino/node_modules/nan/nan_define_own_property_helper.h
  • /splitterino/node_modules/js-base64/test/./es5.js
  • /splitterino/node_modules/node-sass/src/sass_types/map.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/to_value.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/context.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/string.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/sass_context.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/prelexer.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/context.hpp
  • /splitterino/node_modules/node-sass/src/sass_types/boolean.h
  • /splitterino/node_modules/nan/nan_private.h

Vulnerability Details

LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20822

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20822

Release Date: 2019-08-06

Fix Resolution: LibSass - 3.6.0;node-sass - 4.13.1

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11697 (High) detected in proyector-movil-proyector-movil-windows, CSS::Sass-v3.4.11

CVE-2018-11697 - High Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11697

CVSS 3 Score Details (8.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11697

Release Date: 2019-09-01

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11698 (High) detected in opennms-opennms-source-22.0.1-1

CVE-2018-11698 - High Severity Vulnerability

Vulnerable Library - opennmsopennms-source-22.0.1-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121

Library Source Files (64)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /splitterino/node_modules/console-browserify/test/static/test-adapter.js
  • /splitterino/node_modules/nan/nan_callbacks_pre_12_inl.h
  • /splitterino/node_modules/node-sass/src/libsass/src/expand.hpp
  • /splitterino/node_modules/node-sass/src/sass_types/factory.cpp
  • /splitterino/node_modules/js-base64/.attic/test-moment/./yoshinoya.js
  • /splitterino/node_modules/node-sass/src/sass_types/boolean.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/value.h
  • /splitterino/node_modules/node-sass/src/libsass/src/emitter.hpp
  • /splitterino/node_modules/nan/nan_converters_pre_43_inl.h
  • /splitterino/node_modules/node-sass/src/libsass/src/file.cpp
  • /splitterino/node_modules/nan/nan_persistent_12_inl.h
  • /splitterino/node_modules/node-sass/src/libsass/src/operation.hpp
  • /splitterino/node_modules/nan/nan_persistent_pre_12_inl.h
  • /splitterino/node_modules/node-sass/src/libsass/src/operators.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/constants.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/error_handling.hpp
  • /splitterino/node_modules/nan/nan_implementation_pre_12_inl.h
  • /splitterino/node_modules/js-base64/.attic/test-moment/./dankogai.js
  • /splitterino/node_modules/node-sass/src/libsass/src/constants.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/list.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/functions.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/util.cpp
  • /splitterino/node_modules/node-sass/src/custom_function_bridge.cpp
  • /splitterino/node_modules/node-sass/src/custom_importer_bridge.h
  • /splitterino/node_modules/node-sass/src/libsass/src/bind.cpp
  • /splitterino/node_modules/nan/nan_json.h
  • /splitterino/node_modules/node-sass/src/libsass/src/eval.hpp
  • /splitterino/node_modules/nan/nan_converters.h
  • /splitterino/node_modules/node-sass/src/libsass/src/backtrace.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/extend.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
  • /splitterino/node_modules/node-sass/src/libsass/src/error_handling.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/emitter.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/number.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/color.h
  • /splitterino/node_modules/nan/nan_new.h
  • /splitterino/node_modules/node-sass/src/libsass/src/sass_values.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/ast.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/output.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/check_nesting.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/null.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/cssize.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/ast.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/to_c.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/to_value.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
  • /splitterino/node_modules/nan/nan_callbacks.h
  • /splitterino/node_modules/node-sass/src/libsass/src/inspect.hpp
  • /splitterino/node_modules/node-sass/src/sass_types/color.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/values.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/list.h
  • /splitterino/node_modules/node-sass/src/libsass/src/check_nesting.hpp
  • /splitterino/node_modules/nan/nan_define_own_property_helper.h
  • /splitterino/node_modules/js-base64/test/./es5.js
  • /splitterino/node_modules/node-sass/src/sass_types/map.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/to_value.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/context.cpp
  • /splitterino/node_modules/node-sass/src/sass_types/string.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/sass_context.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/prelexer.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/context.hpp
  • /splitterino/node_modules/node-sass/src/sass_types/boolean.h
  • /splitterino/node_modules/nan/nan_private.h

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11698

CVSS 3 Score Details (8.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11698

Release Date: 2019-08-06

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

Transition from Electron to nwjs

Move away from Electron as the app is getting too complicated with electron while it can be easily solved via nwjs.
Should save up a lot of issues and clear some of the current one.

CVE-2018-11695 (High) detected in opennms-opennms-source-24.1.2-1

CVE-2018-11695 - High Severity Vulnerability

Vulnerable Library - opennmsopennms-source-24.1.2-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121

Library Source Files (12)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /splitterino/node_modules/node-sass/src/libsass/src/util.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/cssize.cpp
  • /splitterino/node_modules/node-sass/src/sass_context_wrapper.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/functions.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/expand.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/prelexer.cpp
  • /splitterino/node_modules/node-sass/src/callback_bridge.h
  • /splitterino/node_modules/node-sass/src/libsass/src/sass.cpp
  • /splitterino/node_modules/node-sass/src/sass_context_wrapper.h
  • /splitterino/node_modules/node-sass/src/libsass/src/parser.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/eval.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/debugger.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11695

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11695

Release Date: 2018-06-04

Fix Resolution: LibSass - 3.6.0;node-sass - 4.13.1

Step up your Open Source Security Game with WhiteSource here

CVE-2020-8116 (High) detected in dot-prop-4.2.0.tgz

CVE-2020-8116 - High Severity Vulnerability

Vulnerable Library - dot-prop-4.2.0.tgz

Get, set, or delete a property from a nested object using a dot path

Library home page: https://registry.npmjs.org/dot-prop/-/dot-prop-4.2.0.tgz

Path to dependency file: /tmp/ws-scm/splitterino/package.json

Path to vulnerable library: /tmp/ws-scm/splitterino/node_modules/configstore/node_modules/dot-prop/package.json

Dependency Hierarchy:

  • vue-cli-plugin-electron-builder-1.4.6.tgz (Root Library)
    • electron-builder-21.2.0.tgz
      • update-notifier-3.0.1.tgz
        • configstore-4.0.0.tgz
          • dot-prop-4.2.0.tgz (Vulnerable Library)

Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121

Vulnerability Details

Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

Publish Date: 2020-02-04

URL: CVE-2020-8116

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8116

Release Date: 2020-02-04

Fix Resolution: dot-prop - 5.1.1

Step up your Open Source Security Game with WhiteSource here

WS-2020-0070 (High) detected in lodash-4.17.15.tgz

WS-2020-0070 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.15.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz

Path to dependency file: /tmp/ws-scm/splitterino/package.json

Path to vulnerable library: /splitterino/node_modules/lodash/package.json

Dependency Hierarchy:

  • lodash-4.17.15.tgz (Vulnerable Library)

Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121

Vulnerability Details

a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype

Publish Date: 2020-04-28

URL: WS-2020-0070

CVSS 3 Score Details (8.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19797 (Medium) detected in opennms-opennms-source-24.1.2-1, CSS::Sass-v3.4.11

CVE-2018-19797 - Medium Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-03

URL: CVE-2018-19797

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19797

Release Date: 2019-09-01

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2012-6708 (Medium) detected in jquery-1.7.2.min.js

CVE-2012-6708 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.7.2.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js

Path to dependency file: /tmp/ws-scm/splitterino/node_modules/jmespath/index.html

Path to vulnerable library: /splitterino/node_modules/jmespath/index.html

Dependency Hierarchy:

  • jquery-1.7.2.min.js (Vulnerable Library)

Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121

Vulnerability Details

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

Publish Date: 2018-01-18

URL: CVE-2012-6708

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6708

Release Date: 2018-01-18

Fix Resolution: jQuery - v1.9.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20821 (Medium) detected in multiple libraries

CVE-2018-20821 - Medium Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/splitterino/package.json

Path to vulnerable library: /splitterino/node_modules/node-sass/package.json

Dependency Hierarchy:

  • node-sass-4.14.1.tgz (Vulnerable Library)

Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121

Vulnerability Details

The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20821

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20821

Release Date: 2019-04-23

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19827 (High) detected in opennms-opennms-source-24.1.2-1, CSS::Sass-v3.4.11

CVE-2018-19827 - High Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-12-03

URL: CVE-2018-19827

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: sass/libsass#2784

Release Date: 2019-08-29

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11499 (High) detected in opennms-opennms-source-22.0.1-1, proyector-movil-proyector-movil-windows

CVE-2018-11499 - High Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.

Publish Date: 2018-05-26

URL: CVE-2018-11499

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11499

Release Date: 2018-05-26

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7598 (Medium) detected in minimist-0.0.10.tgz

CVE-2020-7598 - Medium Severity Vulnerability

Vulnerable Library - minimist-0.0.10.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.10.tgz

Path to dependency file: /tmp/ws-scm/splitterino/package.json

Path to vulnerable library: /tmp/ws-scm/splitterino/node_modules/optimist/node_modules/minimist/package.json

Dependency Hierarchy:

  • optimist-0.6.1.tgz (Root Library)
    • minimist-0.0.10.tgz (Vulnerable Library)

Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121

Vulnerability Details

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.

Publish Date: 2020-03-11

URL: CVE-2020-7598

CVSS 3 Score Details (5.6)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94

Release Date: 2020-03-11

Fix Resolution: minimist - 0.2.1,1.2.3

Step up your Open Source Security Game with WhiteSource here

CVE-2015-9251 (Medium) detected in jquery-1.7.2.min.js, jquery-2.1.4.min.js

CVE-2015-9251 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-1.7.2.min.js, jquery-2.1.4.min.js

jquery-1.7.2.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js

Path to dependency file: /tmp/ws-scm/splitterino/node_modules/jmespath/index.html

Path to vulnerable library: /splitterino/node_modules/jmespath/index.html

Dependency Hierarchy:

  • jquery-1.7.2.min.js (Vulnerable Library)
jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/splitterino/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /splitterino/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

  • jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121

Vulnerability Details

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Publish Date: 2018-01-18

URL: CVE-2015-9251

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251

Release Date: 2018-01-18

Fix Resolution: jQuery - v3.0.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11694 (High) detected in opennms-opennms-source-24.1.2-1

CVE-2018-11694 - High Severity Vulnerability

Vulnerable Library - opennmsopennms-source-24.1.2-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121

Library Source Files (12)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /splitterino/node_modules/node-sass/src/libsass/src/util.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/cssize.cpp
  • /splitterino/node_modules/node-sass/src/sass_context_wrapper.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/functions.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/expand.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/prelexer.cpp
  • /splitterino/node_modules/node-sass/src/callback_bridge.h
  • /splitterino/node_modules/node-sass/src/libsass/src/sass.cpp
  • /splitterino/node_modules/node-sass/src/sass_context_wrapper.h
  • /splitterino/node_modules/node-sass/src/libsass/src/parser.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/eval.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/debugger.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11694

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11694

Release Date: 2018-06-04

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

Styles

General Styles for everything

CVE-2018-19839 (Medium) detected in CSS::Sass-v3.4.11

CVE-2018-19839 - Medium Severity Vulnerability

Vulnerable Library - CSS::Sassv3.4.11

Library home page: https://metacpan.org/pod/CSS::Sass

Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121

Library Source Files (60)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /splitterino/node_modules/node-sass/src/libsass/src/color_maps.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/sass_util.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
  • /splitterino/node_modules/node-sass/src/libsass/src/output.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/b64/cencode.h
  • /splitterino/node_modules/node-sass/src/libsass/src/source_map.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/lexer.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/utf8.h
  • /splitterino/node_modules/node-sass/src/libsass/test/test_node.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/utf8_string.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/plugins.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/node.hpp
  • /splitterino/node_modules/node-sass/src/libsass/include/sass/base.h
  • /splitterino/node_modules/node-sass/src/libsass/src/json.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/environment.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/position.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/extend.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/subset_map.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/sass_context.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/sass.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
  • /splitterino/node_modules/node-sass/src/libsass/contrib/plugin.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/utf8/core.h
  • /splitterino/node_modules/node-sass/src/libsass/include/sass/functions.h
  • /splitterino/node_modules/node-sass/src/libsass/test/test_superselector.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/sass_functions.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/utf8_string.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/node.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/subset_map.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/base64vlq.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/listize.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/c99func.c
  • /splitterino/node_modules/node-sass/src/libsass/src/position.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/sass_functions.hpp
  • /splitterino/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/sass2scss.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/paths.hpp
  • /splitterino/node_modules/node-sass/src/libsass/include/sass/context.h
  • /splitterino/node_modules/node-sass/src/libsass/src/color_maps.hpp
  • /splitterino/node_modules/node-sass/src/libsass/test/test_unification.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/sass_util.cpp
  • /splitterino/node_modules/node-sass/src/libsass/script/test-leaks.pl
  • /splitterino/node_modules/node-sass/src/libsass/src/source_map.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/lexer.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/json.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/units.cpp
  • /splitterino/node_modules/node-sass/src/libsass/src/to_c.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/units.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/b64/encode.h
  • /splitterino/node_modules/node-sass/src/libsass/src/file.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/environment.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/utf8/checked.h
  • /splitterino/node_modules/node-sass/src/libsass/src/plugins.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/listize.hpp
  • /splitterino/node_modules/node-sass/src/libsass/src/debug.hpp
  • /splitterino/node_modules/node-sass/src/libsass/include/sass2scss.h

Vulnerability Details

In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.

Publish Date: 2018-12-04

URL: CVE-2018-19839

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19839

Release Date: 2020-03-20

Fix Resolution: LibSass - 3.5.5

Step up your Open Source Security Game with WhiteSource here

CVE-2020-11022 (Medium) detected in multiple libraries

CVE-2020-11022 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-3.4.0.min.js, jquery-1.7.2.min.js, jquery-2.1.4.min.js

jquery-3.4.0.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.0/jquery.min.js

Path to dependency file: /tmp/ws-scm/splitterino/node_modules/js-base64/test/index.html

Path to vulnerable library: /splitterino/node_modules/js-base64/test/index.html

Dependency Hierarchy:

  • jquery-3.4.0.min.js (Vulnerable Library)
jquery-1.7.2.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js

Path to dependency file: /tmp/ws-scm/splitterino/node_modules/jmespath/index.html

Path to vulnerable library: /splitterino/node_modules/jmespath/index.html

Dependency Hierarchy:

  • jquery-1.7.2.min.js (Vulnerable Library)
jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/splitterino/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /splitterino/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

  • jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121

Vulnerability Details

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7656 (Medium) detected in jquery-1.7.2.min.js

CVE-2020-7656 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.7.2.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js

Path to dependency file: /tmp/ws-scm/splitterino/node_modules/jmespath/index.html

Path to vulnerable library: /splitterino/node_modules/jmespath/index.html

Dependency Hierarchy:

  • jquery-1.7.2.min.js (Vulnerable Library)

Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121

Vulnerability Details

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.

Publish Date: 2020-05-19

URL: CVE-2020-7656

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7656

Release Date: 2020-05-19

Fix Resolution: 1.9.0b1

Step up your Open Source Security Game with WhiteSource here

Splits

Fix current Splitting
Fix Split pausing and timing issues

CVE-2019-6284 (Medium) detected in node-sass-4.14.1.tgz, opennms-opennms-source-22.0.1-1

CVE-2019-6284 - Medium Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/splitterino/package.json

Path to vulnerable library: /splitterino/node_modules/node-sass/package.json

Dependency Hierarchy:

  • node-sass-4.14.1.tgz (Vulnerable Library)

Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6284

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6284

Release Date: 2019-08-06

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

WS-2019-0424 (Medium) detected in elliptic-6.5.2.tgz

WS-2019-0424 - Medium Severity Vulnerability

Vulnerable Library - elliptic-6.5.2.tgz

EC cryptography

Library home page: https://registry.npmjs.org/elliptic/-/elliptic-6.5.2.tgz

Path to dependency file: /tmp/ws-scm/splitterino/package.json

Path to vulnerable library: /tmp/ws-scm/splitterino/node_modules/elliptic/package.json

Dependency Hierarchy:

  • cli-plugin-babel-4.4.1.tgz (Root Library)
    • webpack-4.43.0.tgz
      • node-libs-browser-2.2.1.tgz
        • crypto-browserify-3.12.0.tgz
          • browserify-sign-4.2.0.tgz
            • elliptic-6.5.2.tgz (Vulnerable Library)

Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121

Vulnerability Details

all versions of elliptic are vulnerable to Timing Attack through side-channels.

Publish Date: 2019-11-13

URL: WS-2019-0424

CVSS 3 Score Details (5.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Adjacent
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2019-11358 (Medium) detected in jquery-2.1.4.min.js

CVE-2019-11358 - Medium Severity Vulnerability

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/splitterino/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /splitterino/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

  • jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-20

URL: CVE-2019-11358

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

Release Date: 2019-04-20

Fix Resolution: 3.4.0

Step up your Open Source Security Game with WhiteSource here

splitterino-core

Extract the Vue-Part and put it into own repository.
This repository will then be used for the desktop-wrapper.

CVE-2019-6283 (Medium) detected in node-sass-4.14.1.tgz, opennms-opennms-source-22.0.1-1

CVE-2019-6283 - Medium Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/splitterino/package.json

Path to vulnerable library: /splitterino/node_modules/node-sass/package.json

Dependency Hierarchy:

  • node-sass-4.14.1.tgz (Vulnerable Library)

Found in HEAD commit: 1440518eabee55e1fd196e62e38ff387e4980121

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6283

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6284

Release Date: 2019-08-06

Fix Resolution: LibSass - 3.6.0

Step up your Open Source Security Game with WhiteSource here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.