Home Page: https://drnieves.vercel.app
License: GNU General Public License v3.0
My GitHub Stats
![tina-cloud-app[bot] avatar](https://avatars.githubusercontent.com/in/47631?v=4 "tina-cloud-app[bot]")
| CVE | Severity |  CVSS |
Dependency | Type | Fixed in (astro version) | Remediation Available |
|---|---|---|---|---|---|---|
| CVE-2023-24807 |  High |
7.5 | undici-5.16.0.tgz | Transitive | 2.0.4 | โ |
| CVE-2023-23936 |  Medium |
5.4 | undici-5.16.0.tgz | Transitive | 2.0.4 | โ |
CVE-2023-24807Library home page: https://registry.npmjs.org/undici/-/undici-5.16.0.tgz
Dependency Hierarchy:
Found in HEAD commit: 495a68c7bf8ca014fddfa838e7caaa59c2290ad6
Found in base branch: master
Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set() and Headers.append() methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the headerValueNormalize() utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.
Publish Date: 2023-02-16
URL: CVE-2023-24807
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-r6ch-mqf9-qc9w
Release Date: 2023-02-16
Fix Resolution (undici): 5.19.1
Direct dependency fix Resolution (astro): 2.0.4
Step up your Open Source Security Game with Mend here
CVE-2023-23936Library home page: https://registry.npmjs.org/undici/-/undici-5.16.0.tgz
Dependency Hierarchy:
Found in HEAD commit: 495a68c7bf8ca014fddfa838e7caaa59c2290ad6
Found in base branch: master
Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect host HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the headers.host string before passing to undici.
Publish Date: 2023-02-16
URL: CVE-2023-23936
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-5r9g-qh6m-jxff
Release Date: 2023-02-16
Fix Resolution (undici): 5.19.1
Direct dependency fix Resolution (astro): 2.0.4
Step up your Open Source Security Game with Mend here
Vulnerable Library - image-0.13.0.tgz
Found in HEAD commit: 495a68c7bf8ca014fddfa838e7caaa59c2290ad6
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (image version) | Remediation Available |
|---|---|---|---|---|---|---|
| CVE-2022-25881 | High |
7.5 | http-cache-semantics-4.1.0.tgz | Transitive | N/A* | โ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
CVE-2022-25881Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies
Library home page: https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.0.tgz
Dependency Hierarchy:
Found in HEAD commit: 495a68c7bf8ca014fddfa838e7caaa59c2290ad6
Found in base branch: master
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
Publish Date: 2023-01-31
URL: CVE-2022-25881
Base Score Metrics:
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2022-25881
Release Date: 2023-01-31
Fix Resolution: http-cache-semantics - 4.1.1
Step up your Open Source Security Game with Mend here
Vulnerable Library - image-0.13.0.tgz
Found in HEAD commit: 495a68c7bf8ca014fddfa838e7caaa59c2290ad6
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (image version) | Remediation Available |
|---|---|---|---|---|---|---|
| CVE-2022-25881 | High |
7.5 | http-cache-semantics-4.1.0.tgz | Transitive | N/A* | โ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
CVE-2022-25881Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies
Library home page: https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.0.tgz
Dependency Hierarchy:
Found in HEAD commit: 495a68c7bf8ca014fddfa838e7caaa59c2290ad6
Found in base branch: master
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
Publish Date: 2023-01-31
URL: CVE-2022-25881
Base Score Metrics:
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2022-25881
Release Date: 2023-01-31
Fix Resolution: http-cache-semantics - 4.1.1
Step up your Open Source Security Game with Mend here
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (astro version) | Remediation Available |
|---|---|---|---|---|---|---|
| CVE-2023-24807 | High |
7.5 | undici-5.16.0.tgz | Transitive | 2.0.4 | โ |
| CVE-2023-23936 | Medium |
5.4 | undici-5.16.0.tgz | Transitive | 2.0.4 | โ |
CVE-2023-24807Library home page: https://registry.npmjs.org/undici/-/undici-5.16.0.tgz
Dependency Hierarchy:
Found in HEAD commit: 495a68c7bf8ca014fddfa838e7caaa59c2290ad6
Found in base branch: master
Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set() and Headers.append() methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the headerValueNormalize() utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.
Publish Date: 2023-02-16
URL: CVE-2023-24807
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-r6ch-mqf9-qc9w
Release Date: 2023-02-16
Fix Resolution (undici): 5.19.1
Direct dependency fix Resolution (astro): 2.0.4
Step up your Open Source Security Game with Mend here
CVE-2023-23936Library home page: https://registry.npmjs.org/undici/-/undici-5.16.0.tgz
Dependency Hierarchy:
Found in HEAD commit: 495a68c7bf8ca014fddfa838e7caaa59c2290ad6
Found in base branch: master
Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect host HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the headers.host string before passing to undici.
Publish Date: 2023-02-16
URL: CVE-2023-23936
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-5r9g-qh6m-jxff
Release Date: 2023-02-16
Fix Resolution (undici): 5.19.1
Direct dependency fix Resolution (astro): 2.0.4
Step up your Open Source Security Game with Mend here
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
