scriptex / calendar-widget Goto Github PK

View Code? Open in Web Editor NEW

2.0 3.0 0.0 1.09 MB

A super simple calendar widget written in TypeScript and SCSS

Home Page: https://calendar-widget.atanas.info/

License: MIT License

TypeScript 68.79% JavaScript 9.49% SCSS 21.72%

calendar calendar-widget typescript-widget scss-widget

calendar-widget's Introduction

Hi, I'm Atanas 👋

Javascript/Typescript engineer doing Web and Mobile front-end development since 2011
Lead front-end developer at dmarcian
Former senior software developer and mentor at Three11
Former lead front-end engineer in the E.ON Home project
Former senior web and desktop applications developer at Kinetik Automotive
Former senior front-end engineer and mentor at 2create
Former senior front-end developer at htmlBurger
Former senior front-end developer at htmlBoutique
Former front-end developer at HTML Lab
Part of "the top 3% in the world" at Toptal
Founding talent member at Braintrust
Senior front-end engineer at Andela
Freelance Javascript/Typescript Engineer at Upwork
Freelance Javascript/Typescript Engineer at Freelancer
Freelance front-end engineer at 9am
Freelance front-end developer at Wellfound
Senior front-end engineer at People Per Hour
Freelance front-end developer at FlexWork
Freelance front-end developer at Arc.dev
Freelance front-end developer at Codementor
Open source software maintainer - check my projects.
Author of web components at WebComponents.org
Author of browser extensions for Google Chrome and Mozilla Firefox
Google developer

My open source software is published on NPM and has been downloaded this many times in the past year:

Here is a bit more detailed graph showing my open source contributions in the past year:

Wondering how to pronounce my name? Not anymore!

Connect with me:

Support and sponsor my work:

calendar-widget's People

Contributors

Stargazers

Watchers

calendar-widget's Issues

CVE-2018-19839 (Medium) detected in node-sass-v4.12.0

CVE-2018-19839 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 24e4ca2a6ba0b0654eb67b8a5d68470c517109d0

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/calendar-widget/node_modules/node-sass/src/libsass/src/expand.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/output.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/base.h
/calendar-widget/node_modules/node-sass/src/libsass/src/position.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operation.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.hpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.cpp
/calendar-widget/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/output.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/paths.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_unification.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.h
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/json.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/checked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/string.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.h
/calendar-widget/node_modules/node-sass/src/libsass/include/sass2scss.h
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/expand.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/factory.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/value.h
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/calendar-widget/node_modules/node-sass/src/callback_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/functions.h
/calendar-widget/node_modules/node-sass/src/libsass/src/util.cpp
/calendar-widget/node_modules/node-sass/src/custom_function_bridge.cpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/bind.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/backtrace.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/debugger.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cencode.c
/calendar-widget/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/number.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.h
/calendar-widget/node_modules/node-sass/src/libsass/src/c99func.c
/calendar-widget/node_modules/node-sass/src/libsass/src/position.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/values.h
/calendar-widget/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/null.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/context.h
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.cpp
/calendar-widget/node_modules/node-sass/src/libsass/script/test-leaks.pl
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/b64/encode.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.hpp
/calendar-widget/node_modules/node-sass/src/binding.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.

Publish Date: 2018-12-04

URL: CVE-2018-19839

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19839

Fix Resolution: 3.5.5

Step up your Open Source Security Game with WhiteSource here

WS-2020-0070 (High) detected in lodash-4.17.15.tgz

WS-2020-0070 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.15.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz

Path to dependency file: /tmp/ws-scm/calendar-widget/package.json

Path to vulnerable library: /tmp/ws-scm/calendar-widget/node_modules/lodash/package.json

Dependency Hierarchy:

node-sass-4.14.1.tgz (Root Library)
- ❌ lodash-4.17.15.tgz (Vulnerable Library)

Found in HEAD commit: e8f8c0aed360f8f8058007ef7d9a7028ea4a1b8c

Vulnerability Details

a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype

Publish Date: 2020-04-28

URL: WS-2020-0070

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20822 (Medium) detected in node-sass-v4.12.0

CVE-2018-20822 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 24e4ca2a6ba0b0654eb67b8a5d68470c517109d0

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/calendar-widget/node_modules/node-sass/src/libsass/src/expand.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/output.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/base.h
/calendar-widget/node_modules/node-sass/src/libsass/src/position.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operation.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.hpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.cpp
/calendar-widget/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/output.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/paths.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_unification.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.h
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/json.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/checked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/string.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.h
/calendar-widget/node_modules/node-sass/src/libsass/include/sass2scss.h
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/expand.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/factory.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/value.h
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/calendar-widget/node_modules/node-sass/src/callback_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/functions.h
/calendar-widget/node_modules/node-sass/src/libsass/src/util.cpp
/calendar-widget/node_modules/node-sass/src/custom_function_bridge.cpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/bind.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/backtrace.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/debugger.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cencode.c
/calendar-widget/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/number.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.h
/calendar-widget/node_modules/node-sass/src/libsass/src/c99func.c
/calendar-widget/node_modules/node-sass/src/libsass/src/position.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/values.h
/calendar-widget/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/null.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/context.h
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.cpp
/calendar-widget/node_modules/node-sass/src/libsass/script/test-leaks.pl
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/b64/encode.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.hpp
/calendar-widget/node_modules/node-sass/src/binding.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20822

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20821 (Medium) detected in node-sass-v4.12.0

CVE-2018-20821 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 24e4ca2a6ba0b0654eb67b8a5d68470c517109d0

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/calendar-widget/node_modules/node-sass/src/libsass/src/expand.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/output.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/base.h
/calendar-widget/node_modules/node-sass/src/libsass/src/position.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operation.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.hpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.cpp
/calendar-widget/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/output.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/paths.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_unification.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.h
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/json.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/checked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/string.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.h
/calendar-widget/node_modules/node-sass/src/libsass/include/sass2scss.h
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/expand.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/factory.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/value.h
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/calendar-widget/node_modules/node-sass/src/callback_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/functions.h
/calendar-widget/node_modules/node-sass/src/libsass/src/util.cpp
/calendar-widget/node_modules/node-sass/src/custom_function_bridge.cpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/bind.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/backtrace.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/debugger.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cencode.c
/calendar-widget/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/number.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.h
/calendar-widget/node_modules/node-sass/src/libsass/src/c99func.c
/calendar-widget/node_modules/node-sass/src/libsass/src/position.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/values.h
/calendar-widget/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/null.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/context.h
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.cpp
/calendar-widget/node_modules/node-sass/src/libsass/script/test-leaks.pl
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/b64/encode.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.hpp
/calendar-widget/node_modules/node-sass/src/binding.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20821

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19827 (High) detected in node-sass-v4.12.0

CVE-2018-19827 - High Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 24e4ca2a6ba0b0654eb67b8a5d68470c517109d0

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/calendar-widget/node_modules/node-sass/src/libsass/src/expand.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/output.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/base.h
/calendar-widget/node_modules/node-sass/src/libsass/src/position.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operation.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.hpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.cpp
/calendar-widget/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/output.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/paths.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_unification.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.h
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/json.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/checked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/string.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.h
/calendar-widget/node_modules/node-sass/src/libsass/include/sass2scss.h
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/expand.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/factory.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/value.h
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/calendar-widget/node_modules/node-sass/src/callback_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/functions.h
/calendar-widget/node_modules/node-sass/src/libsass/src/util.cpp
/calendar-widget/node_modules/node-sass/src/custom_function_bridge.cpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/bind.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/backtrace.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/debugger.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cencode.c
/calendar-widget/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/number.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.h
/calendar-widget/node_modules/node-sass/src/libsass/src/c99func.c
/calendar-widget/node_modules/node-sass/src/libsass/src/position.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/values.h
/calendar-widget/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/null.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/context.h
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.cpp
/calendar-widget/node_modules/node-sass/src/libsass/script/test-leaks.pl
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/b64/encode.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.hpp
/calendar-widget/node_modules/node-sass/src/binding.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-12-03

URL: CVE-2018-19827

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2020-11022 (Medium) detected in jquery-3.4.0.min.js, jquery-2.1.4.min.js

CVE-2020-11022 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-3.4.0.min.js, jquery-2.1.4.min.js

jquery-3.4.0.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.0/jquery.min.js

Path to dependency file: /tmp/ws-scm/calendar-widget/node_modules/js-base64/test/index.html

Path to vulnerable library: /calendar-widget/node_modules/js-base64/test/index.html

Dependency Hierarchy:

❌ jquery-3.4.0.min.js (Vulnerable Library)

jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/calendar-widget/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /calendar-widget/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: 3cb0f41b6c13781b81f5c0b7fb747a91751cd47b

Vulnerability Details

In jQuery before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

CVSS 3 Score Details (5.0)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

Step up your Open Source Security Game with WhiteSource here

WS-2016-0090 (Medium) detected in jquery-2.1.4.min.js

WS-2016-0090 - Medium Severity Vulnerability

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/calendar-widget/node_modules/js-base64/test/index.html

Path to vulnerable library: /calendar-widget/node_modules/js-base64/test/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: cf6ee1a9c018a6aa104ae0626e7b15880226e517

Vulnerability Details

JQuery, before 2.2.0, is vulnerable to Cross-site Scripting (XSS) attacks via text/javascript response with arbitrary code execution.

Publish Date: 2016-11-27

URL: WS-2016-0090

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: jquery/jquery@b078a62

Release Date: 2019-04-08

Fix Resolution: 2.2.0

Step up your Open Source Security Game with WhiteSource here

CVE-2021-44907 (Low) detected in qs-6.5.2.tgz

CVE-2021-44907 - Low Severity Vulnerability

Vulnerable Library - qs-6.5.2.tgz

A querystring parser that supports nesting and arrays, with a depth limit

Library home page: https://registry.npmjs.org/qs/-/qs-6.5.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/qs/package.json

Dependency Hierarchy:

node-sass-7.0.1.tgz (Root Library)
- request-2.88.2.tgz
  - ❌ qs-6.5.2.tgz (Vulnerable Library)

Found in HEAD commit: 9826047897c26dff04f8407fa3c9f283c3c4dc31

Found in base branch: master

Vulnerability Details

A Denial of Service vulnerability exists in qs up to 6.8.0 due to insufficient sanitization of property in the gs.parse function. The merge() function allows the assignment of properties on an array in the query. For any property being assigned, a value in the array is converted to an object containing these properties. Essentially, this means that the property whose expected type is Array always has to be checked with Array.isArray() by the user. This may not be obvious to the user and can cause unexpected behavior.

Publish Date: 2022-03-17

URL: CVE-2021-44907

CVSS 3 Score Details (3.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44907

Release Date: 2022-03-17

Fix Resolution: qs - 6.8.1

Step up your Open Source Security Game with WhiteSource here

WS-2020-0068 (Medium) detected in yargs-parser-13.1.2.tgz

WS-2020-0068 - Medium Severity Vulnerability

Vulnerable Library - yargs-parser-13.1.2.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-13.1.2.tgz

Path to dependency file: /tmp/ws-scm/calendar-widget/package.json

Path to vulnerable library: /tmp/ws-scm/calendar-widget/node_modules/yargs-parser/package.json

Dependency Hierarchy:

node-sass-4.14.1.tgz (Root Library)
- sass-graph-2.2.5.tgz
  - yargs-13.3.2.tgz
    - ❌ yargs-parser-13.1.2.tgz (Vulnerable Library)

Found in HEAD commit: 3cb0f41b6c13781b81f5c0b7fb747a91751cd47b

Vulnerability Details

Affected versions of yargs-parser are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument --foo.proto.bar baz' adds a bar property with value baz to all objects. This is only exploitable if attackers have control over the arguments being passed to yargs-parser.

Publish Date: 2020-05-01

URL: WS-2020-0068

CVSS 3 Score Details (5.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/package/yargs-parser

Release Date: 2020-05-04

Fix Resolution: https://www.npmjs.com/package/yargs-parser/v/18.1.2,https://www.npmjs.com/package/yargs-parser/v/15.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19838 (Medium) detected in node-sass-v4.12.0

CVE-2018-19838 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 24e4ca2a6ba0b0654eb67b8a5d68470c517109d0

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/calendar-widget/node_modules/node-sass/src/libsass/src/expand.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/output.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/base.h
/calendar-widget/node_modules/node-sass/src/libsass/src/position.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operation.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.hpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.cpp
/calendar-widget/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/output.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/paths.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_unification.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.h
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/json.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/checked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/string.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.h
/calendar-widget/node_modules/node-sass/src/libsass/include/sass2scss.h
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/expand.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/factory.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/value.h
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/calendar-widget/node_modules/node-sass/src/callback_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/functions.h
/calendar-widget/node_modules/node-sass/src/libsass/src/util.cpp
/calendar-widget/node_modules/node-sass/src/custom_function_bridge.cpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/bind.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/backtrace.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/debugger.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cencode.c
/calendar-widget/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/number.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.h
/calendar-widget/node_modules/node-sass/src/libsass/src/c99func.c
/calendar-widget/node_modules/node-sass/src/libsass/src/position.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/values.h
/calendar-widget/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/null.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/context.h
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.cpp
/calendar-widget/node_modules/node-sass/src/libsass/script/test-leaks.pl
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/b64/encode.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.hpp
/calendar-widget/node_modules/node-sass/src/binding.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().

Publish Date: 2018-12-04

URL: CVE-2018-19838

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19838

Fix Resolution: 3.5.5

Step up your Open Source Security Game with WhiteSource here

Migrate to ESLint

https://github.com/typescript-eslint/tslint-to-eslint-config

CVE-2021-3918 (High) detected in json-schema-0.2.3.tgz

CVE-2021-3918 - High Severity Vulnerability

Vulnerable Library - json-schema-0.2.3.tgz

JSON Schema validation and specifications

Library home page: https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz

Path to dependency file: calendar-widget/package.json

Path to vulnerable library: calendar-widget/node_modules/json-schema/package.json

Dependency Hierarchy:

node-sass-6.0.1.tgz (Root Library)
- request-2.88.2.tgz
  - http-signature-1.2.0.tgz
    - jsprim-1.4.1.tgz
      - ❌ json-schema-0.2.3.tgz (Vulnerable Library)

Found in HEAD commit: 0f3e890750252c3af79c8392448f91414d27bb0b

Vulnerability Details

json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Publish Date: 2021-11-13

URL: CVE-2021-3918

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-3918

Release Date: 2021-11-13

Fix Resolution: json-schema - 0.4.0

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7608 (Medium) detected in yargs-parser-5.0.0.tgz

CVE-2020-7608 - Medium Severity Vulnerability

Vulnerable Library - yargs-parser-5.0.0.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-5.0.0.tgz

Path to dependency file: /tmp/ws-scm/calendar-widget/package.json

Path to vulnerable library: /tmp/ws-scm/calendar-widget/node_modules/yargs-parser/package.json

Dependency Hierarchy:

node-sass-4.13.1.tgz (Root Library)
- sass-graph-2.2.4.tgz
  - yargs-7.1.0.tgz
    - ❌ yargs-parser-5.0.0.tgz (Vulnerable Library)

Found in HEAD commit: 15e95f1b3170e7cd4efc88f4a9f8339f4ae62547

Vulnerability Details

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.

Publish Date: 2020-03-16

URL: CVE-2020-7608

CVSS 3 Score Details (5.0)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608

Release Date: 2020-03-16

Fix Resolution: v18.1.1;13.1.2;15.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2020-11023 (Medium) detected in jquery-2.1.4.min.js

CVE-2020-11023 - Medium Severity Vulnerability

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/calendar-widget/node_modules/js-base64/.attic/test-moment/index.html

Path to vulnerable library: /calendar-widget/node_modules/js-base64/.attic/test-moment/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: a685f1e17ec5289a2c5b13277160c5ac17ed3b78

Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11023

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023

Release Date: 2020-04-29

Fix Resolution: jquery - 3.5.0

Step up your Open Source Security Game with WhiteSource here

let => const

Convert the three let assignments to const

CVE-2019-6286 (Medium) detected in node-sass-v4.12.0

CVE-2019-6286 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 24e4ca2a6ba0b0654eb67b8a5d68470c517109d0

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/calendar-widget/node_modules/node-sass/src/libsass/src/expand.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/output.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/base.h
/calendar-widget/node_modules/node-sass/src/libsass/src/position.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operation.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.hpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.cpp
/calendar-widget/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/output.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/paths.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_unification.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.h
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/json.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/checked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/string.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.h
/calendar-widget/node_modules/node-sass/src/libsass/include/sass2scss.h
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/expand.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/factory.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/value.h
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/calendar-widget/node_modules/node-sass/src/callback_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/functions.h
/calendar-widget/node_modules/node-sass/src/libsass/src/util.cpp
/calendar-widget/node_modules/node-sass/src/custom_function_bridge.cpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/bind.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/backtrace.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/debugger.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cencode.c
/calendar-widget/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/number.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.h
/calendar-widget/node_modules/node-sass/src/libsass/src/c99func.c
/calendar-widget/node_modules/node-sass/src/libsass/src/position.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/values.h
/calendar-widget/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/null.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/context.h
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.cpp
/calendar-widget/node_modules/node-sass/src/libsass/script/test-leaks.pl
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/b64/encode.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.hpp
/calendar-widget/node_modules/node-sass/src/binding.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.

Publish Date: 2019-01-14

URL: CVE-2019-6286

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Dependency Dashboard

This issue provides visibility into Renovate updates and their statuses. Learn more

This repository currently has no open or pending branches.

Check this box to trigger a request for Renovate to run again on this repository

CVE-2018-11693 (High) detected in node-sass-v4.12.0

CVE-2018-11693 - High Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 24e4ca2a6ba0b0654eb67b8a5d68470c517109d0

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/calendar-widget/node_modules/node-sass/src/libsass/src/expand.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/output.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/base.h
/calendar-widget/node_modules/node-sass/src/libsass/src/position.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operation.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.hpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.cpp
/calendar-widget/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/output.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/paths.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_unification.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.h
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/json.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/checked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/string.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.h
/calendar-widget/node_modules/node-sass/src/libsass/include/sass2scss.h
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/expand.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/factory.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/value.h
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/calendar-widget/node_modules/node-sass/src/callback_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/functions.h
/calendar-widget/node_modules/node-sass/src/libsass/src/util.cpp
/calendar-widget/node_modules/node-sass/src/custom_function_bridge.cpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/bind.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/backtrace.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/debugger.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cencode.c
/calendar-widget/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/number.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.h
/calendar-widget/node_modules/node-sass/src/libsass/src/c99func.c
/calendar-widget/node_modules/node-sass/src/libsass/src/position.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/values.h
/calendar-widget/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/null.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/context.h
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.cpp
/calendar-widget/node_modules/node-sass/src/libsass/script/test-leaks.pl
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/b64/encode.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.hpp
/calendar-widget/node_modules/node-sass/src/binding.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11693

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6284 (Medium) detected in node-sass-v4.12.0

CVE-2019-6284 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 24e4ca2a6ba0b0654eb67b8a5d68470c517109d0

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/calendar-widget/node_modules/node-sass/src/libsass/src/expand.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/output.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/base.h
/calendar-widget/node_modules/node-sass/src/libsass/src/position.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operation.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.hpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.cpp
/calendar-widget/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/output.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/paths.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_unification.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.h
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/json.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/checked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/string.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.h
/calendar-widget/node_modules/node-sass/src/libsass/include/sass2scss.h
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/expand.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/factory.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/value.h
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/calendar-widget/node_modules/node-sass/src/callback_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/functions.h
/calendar-widget/node_modules/node-sass/src/libsass/src/util.cpp
/calendar-widget/node_modules/node-sass/src/custom_function_bridge.cpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/bind.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/backtrace.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/debugger.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cencode.c
/calendar-widget/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/number.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.h
/calendar-widget/node_modules/node-sass/src/libsass/src/c99func.c
/calendar-widget/node_modules/node-sass/src/libsass/src/position.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/values.h
/calendar-widget/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/null.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/context.h
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.cpp
/calendar-widget/node_modules/node-sass/src/libsass/script/test-leaks.pl
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/b64/encode.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.hpp
/calendar-widget/node_modules/node-sass/src/binding.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6284

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2019-10744 (High) detected in lodash-4.17.11.tgz

CVE-2019-10744 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.11.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz

Path to dependency file: /calendar-widget/package.json

Path to vulnerable library: /tmp/git/calendar-widget/node_modules/lodash/package.json

Dependency Hierarchy:

node-sass-4.12.0.tgz (Root Library)
- ❌ lodash-4.17.11.tgz (Vulnerable Library)

Found in HEAD commit: 826bf3d3ce125ed490d010679f084f7b097e879c

Vulnerability Details

A Prototype Pollution vulnerability was found in lodash through version 4.17.11.

Publish Date: 2019-07-08

URL: CVE-2019-10744

CVSS 2 Score Details (7.4)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: lodash/lodash@a01e4fa

Release Date: 2019-07-08

Fix Resolution: 4.17.12

Step up your Open Source Security Game with WhiteSource here

CVE-2019-6283 (Medium) detected in node-sass-v4.12.0

CVE-2019-6283 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 24e4ca2a6ba0b0654eb67b8a5d68470c517109d0

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/calendar-widget/node_modules/node-sass/src/libsass/src/expand.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/output.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/base.h
/calendar-widget/node_modules/node-sass/src/libsass/src/position.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operation.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.hpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.cpp
/calendar-widget/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/output.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/paths.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_unification.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.h
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/json.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/checked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/string.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.h
/calendar-widget/node_modules/node-sass/src/libsass/include/sass2scss.h
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/expand.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/factory.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/value.h
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/calendar-widget/node_modules/node-sass/src/callback_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/functions.h
/calendar-widget/node_modules/node-sass/src/libsass/src/util.cpp
/calendar-widget/node_modules/node-sass/src/custom_function_bridge.cpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/bind.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/backtrace.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/debugger.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cencode.c
/calendar-widget/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/number.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.h
/calendar-widget/node_modules/node-sass/src/libsass/src/c99func.c
/calendar-widget/node_modules/node-sass/src/libsass/src/position.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/values.h
/calendar-widget/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/null.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/context.h
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.cpp
/calendar-widget/node_modules/node-sass/src/libsass/script/test-leaks.pl
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/b64/encode.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.hpp
/calendar-widget/node_modules/node-sass/src/binding.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6283

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2021-44906 (High) detected in minimist-1.2.5.tgz

CVE-2021-44906 - High Severity Vulnerability

Vulnerable Library - minimist-1.2.5.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/minimist/package.json

Dependency Hierarchy:

tslint-6.1.3.tgz (Root Library)
- mkdirp-0.5.5.tgz
  - ❌ minimist-1.2.5.tgz (Vulnerable Library)

Found in HEAD commit: 9826047897c26dff04f8407fa3c9f283c3c4dc31

Found in base branch: master

Vulnerability Details

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

Publish Date: 2022-03-17

URL: CVE-2021-44906

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-44906

Release Date: 2022-03-17

Fix Resolution: BumperLane.Public.Service.Contracts - 0.23.35.214-prerelease;cloudscribe.templates - 5.2.0;Virteom.Tenant.Mobile.Bluetooth - 0.21.29.159-prerelease;ShowingVault.DotNet.Sdk - 0.13.41.190-prerelease;Envisia.DotNet.Templates - 3.0.1;Yarnpkg.Yarn - 0.26.1;Virteom.Tenant.Mobile.Framework.UWP - 0.20.41.103-prerelease;Virteom.Tenant.Mobile.Framework.iOS - 0.20.41.103-prerelease;BumperLane.Public.Api.V2.ClientModule - 0.23.35.214-prerelease;VueJS.NetCore - 1.1.1;Dianoga - 4.0.0,3.0.0-RC02;Virteom.Tenant.Mobile.Bluetooth.iOS - 0.20.41.103-prerelease;Virteom.Public.Utilities - 0.23.37.212-prerelease;Indianadavy.VueJsWebAPITemplate.CSharp - 1.0.1;NorDroN.AngularTemplate - 0.1.6;Virteom.Tenant.Mobile.Framework - 0.21.29.159-prerelease;Virteom.Tenant.Mobile.Bluetooth.Android - 0.20.41.103-prerelease;z4a-dotnet-scaffold - 1.0.0.2;Raml.Parser - 1.0.7;CoreVueWebTest - 3.0.101;dotnetng.template - 1.0.0.4;SitecoreMaster.TrueDynamicPlaceholders - 1.0.3;Virteom.Tenant.Mobile.Framework.Android - 0.20.41.103-prerelease;Fable.Template.Elmish.React - 0.1.6;BlazorPolyfill.Build - 6.0.100.2;Fable.Snowpack.Template - 2.1.0;BumperLane.Public.Api.Client - 0.23.35.214-prerelease;Yarn.MSBuild - 0.22.0,0.24.6;Blazor.TailwindCSS.BUnit - 1.0.2;Bridge.AWS - 0.3.30.36;tslint - 5.6.0;SAFE.Template - 3.0.1;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105

Step up your Open Source Security Game with WhiteSource here

Action Required: Fix Renovate Configuration

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: undefined. Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.

CVE-2018-19797 (Medium) detected in node-sass-v4.12.0

CVE-2018-19797 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 24e4ca2a6ba0b0654eb67b8a5d68470c517109d0

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/calendar-widget/node_modules/node-sass/src/libsass/src/expand.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/output.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/base.h
/calendar-widget/node_modules/node-sass/src/libsass/src/position.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operation.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.hpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.cpp
/calendar-widget/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/output.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/paths.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_unification.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.h
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/json.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/checked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/string.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.h
/calendar-widget/node_modules/node-sass/src/libsass/include/sass2scss.h
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/expand.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/factory.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/value.h
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/calendar-widget/node_modules/node-sass/src/callback_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/functions.h
/calendar-widget/node_modules/node-sass/src/libsass/src/util.cpp
/calendar-widget/node_modules/node-sass/src/custom_function_bridge.cpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/bind.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/backtrace.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/debugger.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cencode.c
/calendar-widget/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/number.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.h
/calendar-widget/node_modules/node-sass/src/libsass/src/c99func.c
/calendar-widget/node_modules/node-sass/src/libsass/src/position.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/values.h
/calendar-widget/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/null.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/context.h
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.cpp
/calendar-widget/node_modules/node-sass/src/libsass/script/test-leaks.pl
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/b64/encode.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.hpp
/calendar-widget/node_modules/node-sass/src/binding.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-03

URL: CVE-2018-19797

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20834 (High) detected in tar-2.2.2.tgz

CVE-2018-20834 - High Severity Vulnerability

Vulnerable Library - tar-2.2.2.tgz

tar for node

Library home page: https://registry.npmjs.org/tar/-/tar-2.2.2.tgz

Path to dependency file: /tmp/ws-scm/calendar-widget/package.json

Path to vulnerable library: /tmp/ws-scm/calendar-widget/node_modules/tar/package.json

Dependency Hierarchy:

node-sass-4.12.0.tgz (Root Library)
- node-gyp-3.8.0.tgz
  - ❌ tar-2.2.2.tgz (Vulnerable Library)

Found in HEAD commit: 8a85fe9243d8ffd400c3e23e8fa4e9c7cabf957e

Vulnerability Details

A vulnerability was found in node-tar before version 4.4.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content.

Publish Date: 2019-04-30

URL: CVE-2018-20834

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://hackerone.com/reports/344595

Release Date: 2019-04-30

Fix Resolution: v4.4.2

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11698 (High) detected in node-sass-v4.12.0

CVE-2018-11698 - High Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 24e4ca2a6ba0b0654eb67b8a5d68470c517109d0

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/calendar-widget/node_modules/node-sass/src/libsass/src/expand.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/output.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/base.h
/calendar-widget/node_modules/node-sass/src/libsass/src/position.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operation.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.hpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.cpp
/calendar-widget/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/output.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/paths.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_unification.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.h
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/json.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/checked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/string.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.h
/calendar-widget/node_modules/node-sass/src/libsass/include/sass2scss.h
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/expand.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/factory.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/value.h
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/calendar-widget/node_modules/node-sass/src/callback_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/functions.h
/calendar-widget/node_modules/node-sass/src/libsass/src/util.cpp
/calendar-widget/node_modules/node-sass/src/custom_function_bridge.cpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/bind.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/backtrace.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/debugger.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cencode.c
/calendar-widget/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/number.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.h
/calendar-widget/node_modules/node-sass/src/libsass/src/c99func.c
/calendar-widget/node_modules/node-sass/src/libsass/src/position.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/values.h
/calendar-widget/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/null.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/context.h
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.cpp
/calendar-widget/node_modules/node-sass/src/libsass/script/test-leaks.pl
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/b64/encode.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.hpp
/calendar-widget/node_modules/node-sass/src/binding.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11698

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2021-3807 (Medium) detected in multiple libraries

CVE-2021-3807 - Medium Severity Vulnerability

Vulnerable Libraries - ansi-regex-4.1.0.tgz, ansi-regex-2.1.1.tgz, ansi-regex-3.0.0.tgz, ansi-regex-5.0.0.tgz

ansi-regex-4.1.0.tgz

Regular expression for matching ANSI escape codes

Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz

Path to dependency file: calendar-widget/package.json

Path to vulnerable library: calendar-widget/node_modules/ansi-regex/package.json

Dependency Hierarchy:

node-sass-6.0.1.tgz (Root Library)
- sass-graph-2.2.5.tgz
  - yargs-13.3.2.tgz
    - cliui-5.0.0.tgz
      - strip-ansi-5.2.0.tgz
        
        ❌ ansi-regex-4.1.0.tgz (Vulnerable Library)

ansi-regex-2.1.1.tgz

Regular expression for matching ANSI escape codes

Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz

Path to dependency file: calendar-widget/package.json

Path to vulnerable library: calendar-widget/node_modules/ansi-regex/package.json

Dependency Hierarchy:

node-sass-6.0.1.tgz (Root Library)
- npmlog-4.1.2.tgz
  - gauge-2.7.4.tgz
    - strip-ansi-3.0.1.tgz
      - ❌ ansi-regex-2.1.1.tgz (Vulnerable Library)

ansi-regex-3.0.0.tgz

Regular expression for matching ANSI escape codes

Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz

Path to dependency file: calendar-widget/package.json

Path to vulnerable library: calendar-widget/node_modules/ansi-regex/package.json

Dependency Hierarchy:

node-sass-6.0.1.tgz (Root Library)
- npmlog-4.1.2.tgz
  - gauge-2.7.4.tgz
    - wide-align-1.1.3.tgz
      - string-width-2.1.1.tgz
        
        strip-ansi-4.0.0.tgz
        
        ❌ ansi-regex-3.0.0.tgz (Vulnerable Library)

ansi-regex-5.0.0.tgz

Regular expression for matching ANSI escape codes

Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz

Path to dependency file: calendar-widget/package.json

Path to vulnerable library: calendar-widget/node_modules/ansi-regex/package.json

Dependency Hierarchy:

postcss-cli-8.3.1.tgz (Root Library)
- yargs-16.2.0.tgz
  - cliui-7.0.4.tgz
    - strip-ansi-6.0.0.tgz
      - ❌ ansi-regex-5.0.0.tgz (Vulnerable Library)

Found in HEAD commit: 90a2304e9cebbd1fe0f065687fb0c100895db228

Found in base branch: master

Vulnerability Details

ansi-regex is vulnerable to Inefficient Regular Expression Complexity

Publish Date: 2021-09-17

URL: CVE-2021-3807

CVSS 3 Score Details (5.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994/

Release Date: 2021-09-17

Fix Resolution: ansi-regex - 5.0.1,6.0.1

Step up your Open Source Security Game with WhiteSource here

Don't export translations

The defaultTranslations should not be exported.

CVE-2018-11499 (High) detected in node-sass-v4.12.0

CVE-2018-11499 - High Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 24e4ca2a6ba0b0654eb67b8a5d68470c517109d0

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/calendar-widget/node_modules/node-sass/src/libsass/src/expand.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/output.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/base.h
/calendar-widget/node_modules/node-sass/src/libsass/src/position.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operation.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.hpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.cpp
/calendar-widget/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/output.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/paths.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_unification.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.h
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/json.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/checked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/string.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.h
/calendar-widget/node_modules/node-sass/src/libsass/include/sass2scss.h
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/expand.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/factory.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/value.h
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/calendar-widget/node_modules/node-sass/src/callback_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/functions.h
/calendar-widget/node_modules/node-sass/src/libsass/src/util.cpp
/calendar-widget/node_modules/node-sass/src/custom_function_bridge.cpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/bind.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/backtrace.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/debugger.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cencode.c
/calendar-widget/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/number.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.h
/calendar-widget/node_modules/node-sass/src/libsass/src/c99func.c
/calendar-widget/node_modules/node-sass/src/libsass/src/position.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/values.h
/calendar-widget/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/null.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/context.h
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.cpp
/calendar-widget/node_modules/node-sass/src/libsass/script/test-leaks.pl
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/b64/encode.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.hpp
/calendar-widget/node_modules/node-sass/src/binding.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.

Publish Date: 2018-05-26

URL: CVE-2018-11499

CVSS 3 Score Details (9.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2019-18797 (Medium) detected in node-sass-v4.11.0

CVE-2019-18797 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.11.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: e1d4a60e910a7d528b17d2ec917be9044b5f3ac1

Library Source Files (66)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/calendar-widget/node_modules/node-sass/src/libsass/src/expand.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/expand.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/factory.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/util.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/value.h
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.hpp
/calendar-widget/node_modules/node-sass/src/callback_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operation.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.hpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/util.cpp
/calendar-widget/node_modules/node-sass/src/custom_function_bridge.cpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/bind.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/backtrace.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.cpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.h
/calendar-widget/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/debugger.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/number.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.h
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/output.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/null.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/values.cpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.h
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.cpp
/calendar-widget/node_modules/node-sass/src/binding.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/string.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.h
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.cpp

Vulnerability Details

LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.

Publish Date: 2019-11-06

URL: CVE-2019-18797

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18797

Release Date: 2019-11-06

Fix Resolution: 3.6.3

Step up your Open Source Security Game with WhiteSource here

CVE-2020-7774 (High) detected in y18n-4.0.0.tgz

CVE-2020-7774 - High Severity Vulnerability

Vulnerable Library - y18n-4.0.0.tgz

the bare-bones internationalization library used by yargs

Library home page: https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz

Path to dependency file: calendar-widget/package.json

Path to vulnerable library: calendar-widget/node_modules/y18n/package.json

Dependency Hierarchy:

node-sass-5.0.0.tgz (Root Library)
- sass-graph-2.2.5.tgz
  - yargs-13.3.2.tgz
    - ❌ y18n-4.0.0.tgz (Vulnerable Library)

Found in HEAD commit: e3f1353f92a1fd4362fcc5d8818e5d5484517829

Vulnerability Details

This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('proto'); y18n.updateLocale({polluted: true}); console.log(polluted); // true

Publish Date: 2020-11-17

URL: CVE-2020-7774

CVSS 3 Score Details (7.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7774

Release Date: 2020-11-17

Fix Resolution: 5.0.5

Step up your Open Source Security Game with WhiteSource here

CVE-2019-11358 (Medium) detected in jquery-2.1.4.min.js

CVE-2019-11358 - Medium Severity Vulnerability

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/calendar-widget/node_modules/js-base64/test/index.html

Path to vulnerable library: /calendar-widget/node_modules/js-base64/test/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: cf6ee1a9c018a6aa104ae0626e7b15880226e517

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-20

URL: CVE-2019-11358

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Change files

Origin: jquery/jquery@753d591

Release Date: 2019-03-25

Fix Resolution: Replace or update the following files: core.js, core.js

Step up your Open Source Security Game with WhiteSource here

CVE-2015-9521 (Medium) detected in jquery-2.1.4.min.js

CVE-2015-9521 - Medium Severity Vulnerability

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/calendar-widget/node_modules/js-base64/test/index.html

Path to vulnerable library: /calendar-widget/node_modules/js-base64/test/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: 5827685d6890691bec5928c5330f6572f3d3b871

Vulnerability Details

The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.

Publish Date: 2019-10-23

URL: CVE-2015-9521

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: jquery/jquery@b078a62

Release Date: 2019-10-23

Fix Resolution: 2.2.0

Step up your Open Source Security Game with WhiteSource here

CVE-2021-23362 (Medium) detected in hosted-git-info-2.8.8.tgz

CVE-2021-23362 - Medium Severity Vulnerability

Vulnerable Library - hosted-git-info-2.8.8.tgz

Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab

Library home page: https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.8.tgz

Path to dependency file: calendar-widget/package.json

Path to vulnerable library: calendar-widget/node_modules/hosted-git-info/package.json

Dependency Hierarchy:

node-sass-5.0.0.tgz (Root Library)
- meow-3.7.0.tgz
  - normalize-package-data-2.5.0.tgz
    - ❌ hosted-git-info-2.8.8.tgz (Vulnerable Library)

Found in HEAD commit: 5c0cdd44731fea9bc1289ee1a8277b51561b05dc

Found in base branch: master

Vulnerability Details

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via shortcutMatch in fromUrl().

Publish Date: 2021-03-23

URL: CVE-2021-23362

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/npm/hosted-git-info/releases/tag/v3.0.8

Release Date: 2021-03-23

Fix Resolution: hosted-git-info - 3.0.8

Step up your Open Source Security Game with WhiteSource here

CVE-2018-19826 (Medium) detected in node-sass-v4.12.0

CVE-2018-19826 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 24e4ca2a6ba0b0654eb67b8a5d68470c517109d0

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/calendar-widget/node_modules/node-sass/src/libsass/src/expand.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/output.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/base.h
/calendar-widget/node_modules/node-sass/src/libsass/src/position.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operation.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.hpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.cpp
/calendar-widget/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/output.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/paths.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_unification.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.h
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/json.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/checked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/string.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.h
/calendar-widget/node_modules/node-sass/src/libsass/include/sass2scss.h
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/expand.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/factory.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/value.h
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/calendar-widget/node_modules/node-sass/src/callback_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/functions.h
/calendar-widget/node_modules/node-sass/src/libsass/src/util.cpp
/calendar-widget/node_modules/node-sass/src/custom_function_bridge.cpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/bind.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/backtrace.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/debugger.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cencode.c
/calendar-widget/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/number.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.h
/calendar-widget/node_modules/node-sass/src/libsass/src/c99func.c
/calendar-widget/node_modules/node-sass/src/libsass/src/position.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/values.h
/calendar-widget/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/null.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/context.h
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.cpp
/calendar-widget/node_modules/node-sass/src/libsass/script/test-leaks.pl
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/b64/encode.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.hpp
/calendar-widget/node_modules/node-sass/src/binding.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

** DISPUTED ** In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. NOTE: Upstream comments indicate this issue is closed as "won't fix" and "works as intended" by design.

Publish Date: 2018-12-03

URL: CVE-2018-19826

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2018-20190 (Medium) detected in node-sass-v4.12.0

CVE-2018-20190 - Medium Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 24e4ca2a6ba0b0654eb67b8a5d68470c517109d0

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/calendar-widget/node_modules/node-sass/src/libsass/src/expand.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/output.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/base.h
/calendar-widget/node_modules/node-sass/src/libsass/src/position.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operation.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.hpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.cpp
/calendar-widget/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/output.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/paths.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_unification.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.h
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/json.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/checked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/string.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.h
/calendar-widget/node_modules/node-sass/src/libsass/include/sass2scss.h
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/expand.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/factory.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/value.h
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/calendar-widget/node_modules/node-sass/src/callback_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/functions.h
/calendar-widget/node_modules/node-sass/src/libsass/src/util.cpp
/calendar-widget/node_modules/node-sass/src/custom_function_bridge.cpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/bind.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/backtrace.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/debugger.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cencode.c
/calendar-widget/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/number.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.h
/calendar-widget/node_modules/node-sass/src/libsass/src/c99func.c
/calendar-widget/node_modules/node-sass/src/libsass/src/position.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/values.h
/calendar-widget/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/null.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/context.h
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.cpp
/calendar-widget/node_modules/node-sass/src/libsass/script/test-leaks.pl
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/b64/encode.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.hpp
/calendar-widget/node_modules/node-sass/src/binding.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-17

URL: CVE-2018-20190

CVSS 3 Score Details (6.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Add a default export

Add ability to use default export. Use the same as the named export.

CVE-2021-23343 (Medium) detected in path-parse-1.0.6.tgz

CVE-2021-23343 - Medium Severity Vulnerability

Vulnerable Library - path-parse-1.0.6.tgz

Node.js path.parse() ponyfill

Library home page: https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz

Path to dependency file: calendar-widget/package.json

Path to vulnerable library: calendar-widget/node_modules/path-parse/package.json

Dependency Hierarchy:

tslint-6.1.3.tgz (Root Library)
- resolve-1.20.0.tgz
  - ❌ path-parse-1.0.6.tgz (Vulnerable Library)

Found in HEAD commit: 03845592f6b76cdd18d69ca62f9ede884b19ead3

Found in base branch: master

Vulnerability Details

All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.

Publish Date: 2021-05-04

URL: CVE-2021-23343

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2015-9251 (Medium) detected in jquery-2.1.4.min.js

CVE-2015-9251 - Medium Severity Vulnerability

Vulnerable Library - jquery-2.1.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js

Path to dependency file: /tmp/ws-scm/calendar-widget/node_modules/js-base64/test/index.html

Path to vulnerable library: /calendar-widget/node_modules/js-base64/test/index.html

Dependency Hierarchy:

❌ jquery-2.1.4.min.js (Vulnerable Library)

Found in HEAD commit: cf6ee1a9c018a6aa104ae0626e7b15880226e517

Vulnerability Details

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Publish Date: 2018-01-18

URL: CVE-2015-9251

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251

Release Date: 2018-01-18

Fix Resolution: jQuery - v3.0.0

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11695 (High) detected in node-sass-v4.12.0

CVE-2018-11695 - High Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 24e4ca2a6ba0b0654eb67b8a5d68470c517109d0

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/calendar-widget/node_modules/node-sass/src/libsass/src/expand.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/output.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/base.h
/calendar-widget/node_modules/node-sass/src/libsass/src/position.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operation.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.hpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.cpp
/calendar-widget/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/output.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/paths.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_unification.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.h
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/json.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/checked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/string.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.h
/calendar-widget/node_modules/node-sass/src/libsass/include/sass2scss.h
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/expand.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/factory.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/value.h
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/calendar-widget/node_modules/node-sass/src/callback_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/functions.h
/calendar-widget/node_modules/node-sass/src/libsass/src/util.cpp
/calendar-widget/node_modules/node-sass/src/custom_function_bridge.cpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/bind.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/backtrace.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/debugger.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cencode.c
/calendar-widget/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/number.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.h
/calendar-widget/node_modules/node-sass/src/libsass/src/c99func.c
/calendar-widget/node_modules/node-sass/src/libsass/src/position.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/values.h
/calendar-widget/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/null.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/context.h
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.cpp
/calendar-widget/node_modules/node-sass/src/libsass/script/test-leaks.pl
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/b64/encode.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.hpp
/calendar-widget/node_modules/node-sass/src/binding.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11695

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2021-35065 (High) detected in glob-parent-5.1.2.tgz

CVE-2021-35065 - High Severity Vulnerability

Vulnerable Library - glob-parent-5.1.2.tgz

Extract the non-magic parent path from a glob string.

Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/glob-parent/package.json

Dependency Hierarchy:

postcss-cli-9.1.0.tgz (Root Library)
- globby-12.0.2.tgz
  - fast-glob-3.2.7.tgz
    - ❌ glob-parent-5.1.2.tgz (Vulnerable Library)

Found in HEAD commit: 7474548847bedd98316686faa54d31a22c405cbb

Vulnerability Details

The package glob-parent before 6.0.1 are vulnerable to Regular Expression Denial of Service (ReDoS)

Publish Date: 2021-06-22

URL: CVE-2021-35065

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: gulpjs/glob-parent#49

Release Date: 2021-06-22

Fix Resolution: glob-parent - 6.0.1

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11694 (High) detected in node-sass-v4.12.0

CVE-2018-11694 - High Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 24e4ca2a6ba0b0654eb67b8a5d68470c517109d0

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/calendar-widget/node_modules/node-sass/src/libsass/src/expand.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/output.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/base.h
/calendar-widget/node_modules/node-sass/src/libsass/src/position.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operation.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.hpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.cpp
/calendar-widget/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/output.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/paths.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_unification.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.h
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/json.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/checked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/string.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.h
/calendar-widget/node_modules/node-sass/src/libsass/include/sass2scss.h
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/expand.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/factory.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/value.h
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/calendar-widget/node_modules/node-sass/src/callback_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/functions.h
/calendar-widget/node_modules/node-sass/src/libsass/src/util.cpp
/calendar-widget/node_modules/node-sass/src/custom_function_bridge.cpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/bind.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/backtrace.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/debugger.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cencode.c
/calendar-widget/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/number.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.h
/calendar-widget/node_modules/node-sass/src/libsass/src/c99func.c
/calendar-widget/node_modules/node-sass/src/libsass/src/position.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/values.h
/calendar-widget/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/null.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/context.h
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.cpp
/calendar-widget/node_modules/node-sass/src/libsass/script/test-leaks.pl
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/b64/encode.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.hpp
/calendar-widget/node_modules/node-sass/src/binding.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11694

CVSS 3 Score Details (8.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2021-23364 (Medium) detected in browserslist-4.16.3.tgz

CVE-2021-23364 - Medium Severity Vulnerability

Vulnerable Library - browserslist-4.16.3.tgz

Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset

Library home page: https://registry.npmjs.org/browserslist/-/browserslist-4.16.3.tgz

Path to dependency file: calendar-widget/package.json

Path to vulnerable library: calendar-widget/node_modules/browserslist/package.json

Dependency Hierarchy:

autoprefixer-10.2.5.tgz (Root Library)
- ❌ browserslist-4.16.3.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.

Publish Date: 2021-04-28

URL: CVE-2021-23364

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23364

Release Date: 2021-04-28

Fix Resolution: browserslist - 4.16.5

Step up your Open Source Security Game with WhiteSource here

CVE-2018-11697 (High) detected in node-sass-v4.12.0

CVE-2018-11697 - High Severity Vulnerability

Vulnerable Library - node-sassv4.12.0

🌈 Node.js bindings to libsass

Library home page: https://github.com/sass/node-sass.git

Found in HEAD commit: 24e4ca2a6ba0b0654eb67b8a5d68470c517109d0

Library Source Files (125)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

/calendar-widget/node_modules/node-sass/src/libsass/src/expand.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/unchecked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/output.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/util.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/base.h
/calendar-widget/node_modules/node-sass/src/libsass/src/position.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operation.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.hpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.cpp
/calendar-widget/node_modules/node-sass/src/libsass/contrib/plugin.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_superselector.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/error_handling.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/emitter.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/output.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_def_macros.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/paths.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.cpp
/calendar-widget/node_modules/node-sass/src/libsass/test/test_unification.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_util.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.h
/calendar-widget/node_modules/node-sass/src/libsass/src/check_nesting.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/json.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/units.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8/checked.h
/calendar-widget/node_modules/node-sass/src/libsass/src/listize.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/string.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/prelexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/context.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.h
/calendar-widget/node_modules/node-sass/src/libsass/include/sass2scss.h
/calendar-widget/node_modules/node-sass/src/libsass/src/eval.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/expand.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/factory.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/boolean.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/source_map.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/value.h
/calendar-widget/node_modules/node-sass/src/libsass/src/utf8_string.cpp
/calendar-widget/node_modules/node-sass/src/callback_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/node.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/operators.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast_fwd_decl.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/parser.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/constants.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/list.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cssize.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/functions.h
/calendar-widget/node_modules/node-sass/src/libsass/src/util.cpp
/calendar-widget/node_modules/node-sass/src/custom_function_bridge.cpp
/calendar-widget/node_modules/node-sass/src/custom_importer_bridge.h
/calendar-widget/node_modules/node-sass/src/libsass/src/bind.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/inspect.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_functions.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/backtrace.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/extend.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/sass_value_wrapper.h
/calendar-widget/node_modules/node-sass/src/libsass/src/debugger.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/cencode.c
/calendar-widget/node_modules/node-sass/src/libsass/src/base64vlq.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/number.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/color.h
/calendar-widget/node_modules/node-sass/src/libsass/src/c99func.c
/calendar-widget/node_modules/node-sass/src/libsass/src/position.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/remove_placeholders.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_values.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/values.h
/calendar-widget/node_modules/node-sass/src/libsass/test/test_subset_map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass2scss.cpp
/calendar-widget/node_modules/node-sass/src/sass_types/null.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/ast.cpp
/calendar-widget/node_modules/node-sass/src/libsass/include/sass/context.h
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/color_maps.hpp
/calendar-widget/node_modules/node-sass/src/sass_context_wrapper.cpp
/calendar-widget/node_modules/node-sass/src/libsass/script/test-leaks.pl
/calendar-widget/node_modules/node-sass/src/libsass/src/lexer.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/memory/SharedPtr.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_c.hpp
/calendar-widget/node_modules/node-sass/src/sass_types/map.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/to_value.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/b64/encode.h
/calendar-widget/node_modules/node-sass/src/libsass/src/file.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/environment.hpp
/calendar-widget/node_modules/node-sass/src/libsass/src/plugins.hpp
/calendar-widget/node_modules/node-sass/src/binding.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/sass_context.cpp
/calendar-widget/node_modules/node-sass/src/libsass/src/debug.hpp

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11697

CVSS 3 Score Details (8.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

CVE-2021-33623 (High) detected in trim-newlines-1.0.0.tgz

CVE-2021-33623 - High Severity Vulnerability

Vulnerable Library - trim-newlines-1.0.0.tgz

Trim newlines from the start and/or end of a string

Library home page: https://registry.npmjs.org/trim-newlines/-/trim-newlines-1.0.0.tgz

Path to dependency file: calendar-widget/package.json

Path to vulnerable library: calendar-widget/node_modules/trim-newlines

Dependency Hierarchy:

node-sass-6.0.0.tgz (Root Library)
- meow-3.7.0.tgz
  - ❌ trim-newlines-1.0.0.tgz (Vulnerable Library)

Found in HEAD commit: f6f0e670227cbae6c5693e8ec80a834091eeeb0c

Found in base branch: master

Vulnerability Details

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.

Publish Date: 2021-05-28

URL: CVE-2021-33623

CVSS 3 Score Details (7.5)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33623

Release Date: 2021-05-28

Fix Resolution: trim-newlines - 3.0.1, 4.0.1

Step up your Open Source Security Game with WhiteSource here

scriptex / calendar-widget Goto Github PK

calendar-widget's Introduction

Hi, I'm Atanas 👋

calendar-widget's People

Contributors

Stargazers

Watchers

calendar-widget's Issues

CVE-2018-19839 - Medium Severity Vulnerability

WS-2020-0070 - High Severity Vulnerability

CVE-2018-20822 - Medium Severity Vulnerability

CVE-2018-20821 - Medium Severity Vulnerability

CVE-2018-19827 - High Severity Vulnerability

CVE-2020-11022 - Medium Severity Vulnerability

WS-2016-0090 - Medium Severity Vulnerability

CVE-2021-44907 - Low Severity Vulnerability

WS-2020-0068 - Medium Severity Vulnerability

CVE-2018-19838 - Medium Severity Vulnerability

CVE-2021-3918 - High Severity Vulnerability

CVE-2020-7608 - Medium Severity Vulnerability

CVE-2020-11023 - Medium Severity Vulnerability

CVE-2019-6286 - Medium Severity Vulnerability

CVE-2018-11693 - High Severity Vulnerability

CVE-2019-6284 - Medium Severity Vulnerability

CVE-2019-10744 - High Severity Vulnerability

CVE-2019-6283 - Medium Severity Vulnerability

CVE-2021-44906 - High Severity Vulnerability

CVE-2018-19797 - Medium Severity Vulnerability

CVE-2018-20834 - High Severity Vulnerability

CVE-2018-11698 - High Severity Vulnerability

CVE-2021-3807 - Medium Severity Vulnerability

CVE-2018-11499 - High Severity Vulnerability

CVE-2019-18797 - Medium Severity Vulnerability

CVE-2020-7774 - High Severity Vulnerability

CVE-2019-11358 - Medium Severity Vulnerability

CVE-2015-9521 - Medium Severity Vulnerability

CVE-2021-23362 - Medium Severity Vulnerability

CVE-2018-19826 - Medium Severity Vulnerability

CVE-2018-20190 - Medium Severity Vulnerability

CVE-2021-23343 - Medium Severity Vulnerability

CVE-2015-9251 - Medium Severity Vulnerability

CVE-2018-11695 - High Severity Vulnerability

CVE-2021-35065 - High Severity Vulnerability

CVE-2018-11694 - High Severity Vulnerability

CVE-2021-23364 - Medium Severity Vulnerability

CVE-2018-11697 - High Severity Vulnerability

CVE-2021-33623 - High Severity Vulnerability

Recommend Projects

Recommend Topics

Recommend Org