Preparation for AZ-500, collection of usefull command to have more knowledge and pass your certification!
Home Page: https://bervproject.berviantoleo.my.id/az500-azure-cli-glossary/
License: Creative Commons Attribution 4.0 International
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "mend-bolt-for-github[bot]")
Vulnerable Libraries - css-what-2.1.3.tgz, css-what-3.4.2.tgz
a CSS selector parser
Library home page: https://registry.npmjs.org/css-what/-/css-what-2.1.3.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/css-what/package.json
Dependency Hierarchy:
a CSS selector parser
Library home page: https://registry.npmjs.org/css-what/-/css-what-3.4.2.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/css-what/package.json
Dependency Hierarchy:
Found in HEAD commit: 694c81314f6eccc84b3a0c360d03c74170f7f078
Found in base branch: master
Vulnerability Details
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
Publish Date: 2021-05-28
URL: CVE-2021-33587
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33587
Release Date: 2021-05-28
Fix Resolution: css-what - 5.0.1
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of q:1.5.1 results in the following vulnerability(s):
Occurrences
q:1.5.1 is a transitive dependency introduced by the following direct dependency(s):
• vuepress:1.7.1
└─ @vuepress/core:1.7.1
└─ optimize-css-assets-webpack-plugin:5.0.4
└─ cssnano:4.1.10
└─ cssnano-preset-default:4.0.7
└─ postcss-svgo:4.0.2
└─ svgo:1.3.2
└─ coa:2.0.2
└─ q:1.5.1
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerable Libraries - jquery-2.1.4.min.js, jquery-3.2.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: az500-azure-cli-glossary/node_modules/autocomplete.js/examples/basic_angular.html
Path to vulnerable library: az500-azure-cli-glossary/node_modules/autocomplete.js/examples/basic_angular.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Path to dependency file: az500-azure-cli-glossary/node_modules/autocomplete.js/examples/basic_jquery.html
Path to vulnerable library: az500-azure-cli-glossary/node_modules/autocomplete.js/examples/basic_jquery.html
Dependency Hierarchy:
Found in HEAD commit: c45e87731b3d95f4a2fb7711945ea3e188f7479f
Found in base branch: master
Vulnerability Details
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - angular-1.4.2.min.jsAngularJS is an MVC framework for building web applications. The core features include HTML enhanced with custom component and data-binding capabilities, dependency injection and strong focus on simplicity, testability, maintainability and boiler-plate reduction.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.4.2/angular.min.js
Path to dependency file: az500-azure-cli-glossary/node_modules/autocomplete.js/test/playground_angular.html
Path to vulnerable library: az500-azure-cli-glossary/node_modules/autocomplete.js/test/playground_angular.html,az500-azure-cli-glossary/node_modules/autocomplete.js/examples/basic_angular.html
Dependency Hierarchy:
Found in HEAD commit: c45e87731b3d95f4a2fb7711945ea3e188f7479f
Found in base branch: master
Vulnerability Details
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code. Publish Date: 2020-06-08 URL: CVE-2020-7676 CVSS 3 Score Details (5.4) Base Score Metrics: Exploitability Metrics: Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: Required Scope: Changed Impact Metrics: Confidentiality Impact: Low Integrity Impact: Low Availability Impact: None For more information on CVSS3 Scores, click here. Suggested Fix Type: Upgrade version Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7676 Release Date: 2020-06-08 Fix Resolution: 1.8.0 Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - ssri-6.0.1.tgzStandard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.
Library home page: https://registry.npmjs.org/ssri/-/ssri-6.0.1.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/ssri/package.json
Dependency Hierarchy:
Found in HEAD commit: c45e87731b3d95f4a2fb7711945ea3e188f7479f
Found in base branch: master
Vulnerability Details
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.
Publish Date: 2021-03-12
URL: CVE-2021-27290
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27290
Release Date: 2021-03-12
Fix Resolution: ssri - 6.0.2,8.0.1
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of express:4.17.1 results in the following vulnerability(s):
Occurrences
express:4.17.1 is a transitive dependency introduced by the following direct dependency(s):
• vuepress:1.7.1
└─ @vuepress/core:1.7.1
└─ webpack-dev-server:3.11.1
└─ express:4.17.1
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of http-proxy:1.18.1 results in the following vulnerability(s):
Occurrences
http-proxy:1.18.1 is a transitive dependency introduced by the following direct dependency(s):
• vuepress:1.7.1
└─ @vuepress/core:1.7.1
└─ webpack-dev-server:3.11.1
└─ http-proxy-middleware:0.19.1
└─ http-proxy:1.18.1
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of lodash.uniq:4.5.0 results in the following vulnerability(s):
Occurrences
lodash.uniq:4.5.0 is a transitive dependency introduced by the following direct dependency(s):
• vuepress:1.7.1
└─ @vuepress/core:1.7.1
└─ optimize-css-assets-webpack-plugin:5.0.4
└─ cssnano:4.1.10
└─ cssnano-preset-default:4.0.7
└─ postcss-merge-rules:4.0.3
└─ caniuse-api:3.0.0
└─ lodash.uniq:4.5.0
└─ vue-server-renderer:2.6.12
└─ lodash.uniq:4.5.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerable Libraries - glob-parent-3.1.0.tgz, glob-parent-5.1.1.tgz
Strips glob magic from a string to provide the parent directory path
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/glob-parent
Dependency Hierarchy:
Extract the non-magic parent path from a glob string.
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.1.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/glob-parent
Dependency Hierarchy:
Found in HEAD commit: adb2ad0b63b82b49d2c150a83a4f40e5798fd05e
Found in base branch: master
Vulnerability Details
Regular Expression Denial of Service (ReDoS) vulnerability was found in glob-parent before 5.1.2.
Publish Date: 2021-01-27
URL: WS-2021-0154
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2
Release Date: 2021-01-27
Fix Resolution: glob-parent - 5.1.2
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of debug:2.6.9 results in the following vulnerability(s):
Occurrences
debug:2.6.9 is a transitive dependency introduced by the following direct dependency(s):
• vuepress:1.7.1
└─ @vuepress/core:1.7.1
└─ chokidar:2.1.8
└─ braces:2.3.2
└─ snapdragon:0.8.2
└─ debug:2.6.9
└─ webpack:4.44.2
└─ micromatch:3.1.10
└─ extglob:2.0.4
└─ expand-brackets:2.1.4
└─ debug:2.6.9
└─ webpack-dev-server:3.11.1
└─ compression:1.7.4
└─ debug:2.6.9
└─ express:4.17.1
└─ body-parser:1.19.0
└─ debug:2.6.9
└─ debug:2.6.9
└─ finalhandler:1.1.2
└─ debug:2.6.9
└─ send:0.17.1
└─ debug:2.6.9
└─ serve-index:1.9.1
└─ debug:2.6.9
└─ @vuepress/theme-default:1.7.1
└─ docsearch.js:2.6.3
└─ algoliasearch:3.35.1
└─ debug:2.6.9
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerabilities
DepShield reports that this application's usage of lodash.clonedeep:4.5.0 results in the following vulnerability(s):
Occurrences
lodash.clonedeep:4.5.0 is a transitive dependency introduced by the following direct dependency(s):
• vuepress:1.7.1
└─ @vuepress/theme-default:1.7.1
└─ stylus-loader:3.0.2
└─ lodash.clonedeep:4.5.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerable Library - bootstrap-3.3.5.min.jsThe most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js
Path to dependency file: az500-azure-cli-glossary/node_modules/autocomplete.js/test/playground_jquery.html
Path to vulnerable library: az500-azure-cli-glossary/node_modules/autocomplete.js/test/playground_jquery.html
Dependency Hierarchy:
Found in HEAD commit: c45e87731b3d95f4a2fb7711945ea3e188f7479f
Found in base branch: master
Vulnerability Details
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
Publish Date: 2019-01-09
URL: CVE-2018-20676
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20676
Release Date: 2019-01-09
Fix Resolution: bootstrap - 3.4.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - path-parse-1.0.6.tgzNode.js path.parse() ponyfill
Library home page: https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/path-parse
Dependency Hierarchy:
Found in HEAD commit: 956e7c3c31625bc8fc0d1b2cf089a1e403b0c383
Found in base branch: master
Vulnerability Details
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
Publish Date: 2021-05-04
URL: CVE-2021-23343
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: jbgutierrez/path-parse#8
Release Date: 2021-05-04
Fix Resolution: path-parse - 1.0.7
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - color-string-1.5.4.tgzParser and generator for CSS color strings
Library home page: https://registry.npmjs.org/color-string/-/color-string-1.5.4.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/color-string/package.json
Dependency Hierarchy:
Found in HEAD commit: adb2ad0b63b82b49d2c150a83a4f40e5798fd05e
Found in base branch: master
Vulnerability Details
Regular Expression Denial of Service (ReDoS) was found in color-string before 1.5.5.
Publish Date: 2021-03-12
URL: WS-2021-0152
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://github.com/Qix-/color-string/releases/tag/1.5.5
Release Date: 2021-03-12
Fix Resolution: color-string - 1.5.5
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - color-string-1.5.4.tgzParser and generator for CSS color strings
Library home page: https://registry.npmjs.org/color-string/-/color-string-1.5.4.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/color-string/package.json
Dependency Hierarchy:
Found in HEAD commit: 85e9817aaa73a609d27aa7688048b7c77163c956
Found in base branch: master
Vulnerability Details
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB string.
Publish Date: 2021-06-21
URL: CVE-2021-29060
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-257v-vj4p-3w2h
Release Date: 2021-06-21
Fix Resolution: color-string - 1.5.5
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - bootstrap-3.3.5.min.jsThe most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js
Path to dependency file: az500-azure-cli-glossary/node_modules/autocomplete.js/test/playground_jquery.html
Path to vulnerable library: az500-azure-cli-glossary/node_modules/autocomplete.js/test/playground_jquery.html
Dependency Hierarchy:
Found in HEAD commit: c45e87731b3d95f4a2fb7711945ea3e188f7479f
Found in base branch: master
Vulnerability Details
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Publish Date: 2019-01-09
URL: CVE-2016-10735
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: twbs/bootstrap#20184
Release Date: 2019-01-09
Fix Resolution: 3.4.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Libraries - glob-parent-3.1.0.tgz, glob-parent-5.1.1.tgz
Strips glob magic from a string to provide the parent directory path
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/glob-parent/package.json
Dependency Hierarchy:
Extract the non-magic parent path from a glob string.
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.1.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/glob-parent/package.json
Dependency Hierarchy:
Found in HEAD commit: 694c81314f6eccc84b3a0c360d03c74170f7f078
Found in base branch: master
Vulnerability Details
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
Publish Date: 2021-06-03
URL: CVE-2020-28469
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28469
Release Date: 2021-06-03
Fix Resolution: glob-parent - 5.1.2
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - bootstrap-3.3.5.min.jsThe most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js
Path to dependency file: az500-azure-cli-glossary/node_modules/autocomplete.js/test/playground_jquery.html
Path to vulnerable library: az500-azure-cli-glossary/node_modules/autocomplete.js/test/playground_jquery.html
Dependency Hierarchy:
Found in HEAD commit: c45e87731b3d95f4a2fb7711945ea3e188f7479f
Found in base branch: master
Vulnerability Details
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
Publish Date: 2019-01-09
URL: CVE-2018-20677
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677
Release Date: 2019-01-09
Fix Resolution: Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - is-svg-3.0.0.tgzCheck if a string or buffer is SVG
Library home page: https://registry.npmjs.org/is-svg/-/is-svg-3.0.0.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/is-svg/package.json
Dependency Hierarchy:
Found in HEAD commit: 85e9817aaa73a609d27aa7688048b7c77163c956
Found in base branch: master
Vulnerability Details
A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string.
Publish Date: 2021-06-21
URL: CVE-2021-29059
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://github.com/sindresorhus/is-svg/releases/tag/v4.3.0
Release Date: 2021-06-21
Fix Resolution: is-svg - 4.3.0
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of kind-of:5.1.0 results in the following vulnerability(s):
Occurrences
kind-of:5.1.0 is a transitive dependency introduced by the following direct dependency(s):
• vuepress:1.7.1
└─ @vuepress/core:1.7.1
└─ chokidar:2.1.8
└─ braces:2.3.2
└─ snapdragon:0.8.2
└─ define-property:0.2.5
└─ is-descriptor:0.1.6
└─ kind-of:5.1.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerable Library - prismjs-1.24.0.tgzLightweight, robust, elegant syntax highlighting. A spin-off project from Dabblet.
Library home page: https://registry.npmjs.org/prismjs/-/prismjs-1.24.0.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/prismjs
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
prism is vulnerable to Inefficient Regular Expression Complexity
Publish Date: 2021-09-15
URL: CVE-2021-3801
CVSS 3 Score Details (5.5)
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - browserslist-4.16.0.tgzShare target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset
Library home page: https://registry.npmjs.org/browserslist/-/browserslist-4.16.0.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/browserslist
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
Publish Date: 2021-04-28
URL: CVE-2021-23364
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23364
Release Date: 2021-04-28
Fix Resolution: browserslist - 4.16.5
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - dns-packet-1.3.1.tgzAn abstract-encoding compliant module for encoding / decoding DNS packets
Library home page: https://registry.npmjs.org/dns-packet/-/dns-packet-1.3.1.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/dns-packet
Dependency Hierarchy:
Found in HEAD commit: 72b1c56b9dcd5ccb287d143180e53a180fb118e3
Found in base branch: master
Vulnerability Details
This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.
Publish Date: 2021-05-20
URL: CVE-2021-23386
CVSS 3 Score Details (7.7)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23386
Release Date: 2021-05-20
Fix Resolution: dns-packet - 5.2.2
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of kind-of:4.0.0 results in the following vulnerability(s):
Occurrences
kind-of:4.0.0 is a transitive dependency introduced by the following direct dependency(s):
• vuepress:1.7.1
└─ @vuepress/core:1.7.1
└─ chokidar:2.1.8
└─ braces:2.3.2
└─ snapdragon:0.8.2
└─ base:0.11.2
└─ cache-base:1.0.1
└─ has-value:1.0.0
└─ has-values:1.0.0
└─ kind-of:4.0.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerable Library - bootstrap-3.3.5.min.jsThe most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js
Path to dependency file: az500-azure-cli-glossary/node_modules/autocomplete.js/test/playground_jquery.html
Path to vulnerable library: az500-azure-cli-glossary/node_modules/autocomplete.js/test/playground_jquery.html
Dependency Hierarchy:
Found in HEAD commit: c45e87731b3d95f4a2fb7711945ea3e188f7479f
Found in base branch: master
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
Publish Date: 2018-07-13
URL: CVE-2018-14042
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: twbs/bootstrap#26630
Release Date: 2018-07-13
Fix Resolution: org.webjars.npm:bootstrap:4.1.2.org.webjars:bootstrap:3.4.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Libraries - ansi-regex-4.1.0.tgz, ansi-regex-2.1.1.tgz, ansi-regex-5.0.0.tgz
Regular expression for matching ANSI escape codes
Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/ansi-regex/package.json
Dependency Hierarchy:
Regular expression for matching ANSI escape codes
Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/ansi-regex/package.json
Dependency Hierarchy:
Regular expression for matching ANSI escape codes
Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/ansi-regex/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c36cea77d2b618b8149a66a5e34bc7108ae7311
Found in base branch: master
Vulnerability Details
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
Publish Date: 2021-09-17
URL: CVE-2021-3807
CVSS 3 Score Details (5.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994/
Release Date: 2021-09-17
Fix Resolution: ansi-regex - 5.0.1,6.0.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - url-parse-1.5.1.tgzSmall footprint URL parser that works seamlessly across Node.js and browser environments
Library home page: https://registry.npmjs.org/url-parse/-/url-parse-1.5.1.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/url-parse
Dependency Hierarchy:
Found in HEAD commit: b1893be8f672da3f94229ed437a40e3ec025e932
Found in base branch: master
Vulnerability Details
url-parse is vulnerable to URL Redirection to Untrusted Site
Publish Date: 2021-07-26
URL: CVE-2021-3664
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3664
Release Date: 2021-07-26
Fix Resolution: url-parse - 1.5.2
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - postcss-7.0.35.tgzTool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.35.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/postcss/package.json
Dependency Hierarchy:
Found in HEAD commit: 4c2d55255e0ea36ae93711a6bbb8e34b6f90c174
Found in base branch: master
Vulnerability Details
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
Publish Date: 2021-04-12
URL: CVE-2021-23368
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23368
Release Date: 2021-04-12
Fix Resolution: postcss -8.2.10
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of lodash.debounce:4.0.8 results in the following vulnerability(s):
Occurrences
lodash.debounce:4.0.8 is a transitive dependency introduced by the following direct dependency(s):
• @vuepress/plugin-active-header-links:1.7.1
└─ lodash.debounce:4.0.8
• @vuepress/plugin-back-to-top:1.7.1
└─ lodash.debounce:4.0.8
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerable Library - is-svg-3.0.0.tgzCheck if a string or buffer is SVG
Library home page: https://registry.npmjs.org/is-svg/-/is-svg-3.0.0.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/is-svg/package.json
Dependency Hierarchy:
Found in HEAD commit: c45e87731b3d95f4a2fb7711945ea3e188f7479f
Found in base branch: master
Vulnerability Details
The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time.
Publish Date: 2021-03-12
URL: CVE-2021-28092
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28092
Release Date: 2021-03-12
Fix Resolution: v4.2.2
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - lodash-4.17.20.tgzLodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/lodash
Dependency Hierarchy:
Found in HEAD commit: 956e7c3c31625bc8fc0d1b2cf089a1e403b0c383
Found in base branch: master
Vulnerability Details
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Publish Date: 2021-02-15
URL: CVE-2020-28500
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500
Release Date: 2021-02-15
Fix Resolution: lodash-4.17.21
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - lodash-4.17.20.tgzLodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/lodash
Dependency Hierarchy:
Found in HEAD commit: 956e7c3c31625bc8fc0d1b2cf089a1e403b0c383
Found in base branch: master
Vulnerability Details
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Publish Date: 2021-02-15
URL: CVE-2021-23337
CVSS 3 Score Details (7.2)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: lodash/lodash@3469357
Release Date: 2021-02-15
Fix Resolution: lodash - 4.17.21
Step up your Open Source Security Game with WhiteSource here
Vulnerable Libraries - jquery-2.1.4.min.js, jquery-3.2.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: az500-azure-cli-glossary/node_modules/autocomplete.js/examples/basic_angular.html
Path to vulnerable library: az500-azure-cli-glossary/node_modules/autocomplete.js/examples/basic_angular.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Path to dependency file: az500-azure-cli-glossary/node_modules/autocomplete.js/examples/basic_jquery.html
Path to vulnerable library: az500-azure-cli-glossary/node_modules/autocomplete.js/examples/basic_jquery.html
Dependency Hierarchy:
Found in HEAD commit: c45e87731b3d95f4a2fb7711945ea3e188f7479f
Found in base branch: master
Vulnerability Details
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of kind-of:3.2.2 results in the following vulnerability(s):
Occurrences
kind-of:3.2.2 is a transitive dependency introduced by the following direct dependency(s):
• vuepress:1.7.1
└─ @vuepress/core:1.7.1
└─ chokidar:2.1.8
└─ braces:2.3.2
└─ fill-range:4.0.0
└─ is-number:3.0.0
└─ kind-of:3.2.2
└─ snapdragon:0.8.2
└─ base:0.11.2
└─ cache-base:1.0.1
└─ to-object-path:0.3.0
└─ kind-of:3.2.2
└─ class-utils:0.3.6
└─ static-extend:0.1.2
└─ object-copy:0.1.0
└─ kind-of:3.2.2
└─ define-property:0.2.5
└─ is-descriptor:0.1.6
└─ is-accessor-descriptor:0.1.6
└─ kind-of:3.2.2
└─ is-data-descriptor:0.1.4
└─ kind-of:3.2.2
└─ snapdragon-node:2.1.1
└─ snapdragon-util:3.0.1
└─ kind-of:3.2.2
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerable Library - angular-1.4.2.min.jsAngularJS is an MVC framework for building web applications. The core features include HTML enhanced with custom component and data-binding capabilities, dependency injection and strong focus on simplicity, testability, maintainability and boiler-plate reduction.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.4.2/angular.min.js
Path to dependency file: az500-azure-cli-glossary/node_modules/autocomplete.js/test/playground_angular.html
Path to vulnerable library: az500-azure-cli-glossary/node_modules/autocomplete.js/test/playground_angular.html,az500-azure-cli-glossary/node_modules/autocomplete.js/examples/basic_angular.html
Dependency Hierarchy:
Found in HEAD commit: c45e87731b3d95f4a2fb7711945ea3e188f7479f
Found in base branch: master
Vulnerability Details
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
Publish Date: 2020-01-02
URL: CVE-2019-14863
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: angular/angular.js#12524
Release Date: 2020-01-02
Fix Resolution: angular - v1.5.0-beta.1;org.webjars:angularjs:1.5.0-rc.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - angular-1.4.2.min.jsAngularJS is an MVC framework for building web applications. The core features include HTML enhanced with custom component and data-binding capabilities, dependency injection and strong focus on simplicity, testability, maintainability and boiler-plate reduction.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.4.2/angular.min.js
Path to dependency file: az500-azure-cli-glossary/node_modules/autocomplete.js/test/playground_angular.html
Path to vulnerable library: az500-azure-cli-glossary/node_modules/autocomplete.js/test/playground_angular.html,az500-azure-cli-glossary/node_modules/autocomplete.js/examples/basic_angular.html
Dependency Hierarchy:
Found in HEAD commit: c45e87731b3d95f4a2fb7711945ea3e188f7479f
Found in base branch: master
Vulnerability Details
In AngularJS before 1.7.9 the function merge() could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
Publish Date: 2019-11-19
URL: CVE-2019-10768
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10768
Release Date: 2019-11-19
Fix Resolution: v1.7.9
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - postcss-7.0.35.tgzTool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.35.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/postcss/package.json
Dependency Hierarchy:
Found in HEAD commit: 4c2d55255e0ea36ae93711a6bbb8e34b6f90c174
Found in base branch: master
Vulnerability Details
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /*\s* sourceMappingURL=(.*).
Publish Date: 2021-04-26
URL: CVE-2021-23382
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23382
Release Date: 2021-04-26
Fix Resolution: postcss - 8.2.13
Step up your Open Source Security Game with WhiteSource here
Vulnerable Libraries - normalize-url-4.5.0.tgz, normalize-url-2.0.1.tgz, normalize-url-3.3.0.tgz
Normalize a URL
Library home page: https://registry.npmjs.org/normalize-url/-/normalize-url-4.5.0.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/normalize-url/package.json
Dependency Hierarchy:
Normalize a URL
Library home page: https://registry.npmjs.org/normalize-url/-/normalize-url-2.0.1.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/normalize-url/package.json
Dependency Hierarchy:
Normalize a URL
Library home page: https://registry.npmjs.org/normalize-url/-/normalize-url-3.3.0.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/normalize-url/package.json
Dependency Hierarchy:
Found in HEAD commit: 694c81314f6eccc84b3a0c360d03c74170f7f078
Found in base branch: master
Vulnerability Details
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.
Publish Date: 2021-05-24
URL: CVE-2021-33502
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33502
Release Date: 2021-05-24
Fix Resolution: normalize-url - 4.5.1, 5.3.1, 6.0.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - jquery-2.1.4.min.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: az500-azure-cli-glossary/node_modules/autocomplete.js/examples/basic_angular.html
Path to vulnerable library: az500-azure-cli-glossary/node_modules/autocomplete.js/examples/basic_angular.html
Dependency Hierarchy:
Found in HEAD commit: c45e87731b3d95f4a2fb7711945ea3e188f7479f
Found in base branch: master
Vulnerability Details
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - v3.0.0
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of lodash._reinterpolate:3.0.0 results in the following vulnerability(s):
Occurrences
lodash._reinterpolate:3.0.0 is a transitive dependency introduced by the following direct dependency(s):
• vuepress:1.7.1
└─ @vuepress/core:1.7.1
└─ vue-server-renderer:2.6.12
└─ lodash.template:4.5.0
└─ lodash._reinterpolate:3.0.0
└─ lodash.templatesettings:4.2.0
└─ lodash._reinterpolate:3.0.0
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerable Libraries - jquery-2.1.4.min.js, jquery-3.2.1.min.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: az500-azure-cli-glossary/node_modules/autocomplete.js/examples/basic_angular.html
Path to vulnerable library: az500-azure-cli-glossary/node_modules/autocomplete.js/examples/basic_angular.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
Path to dependency file: az500-azure-cli-glossary/node_modules/autocomplete.js/examples/basic_jquery.html
Path to vulnerable library: az500-azure-cli-glossary/node_modules/autocomplete.js/examples/basic_jquery.html
Dependency Hierarchy:
Found in HEAD commit: c45e87731b3d95f4a2fb7711945ea3e188f7479f
Found in base branch: master
Vulnerability Details
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: 3.4.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - ansi-html-0.0.7.tgzAn elegant lib that converts the chalked (ANSI) text to HTML.
Library home page: https://registry.npmjs.org/ansi-html/-/ansi-html-0.0.7.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/ansi-html/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c36cea77d2b618b8149a66a5e34bc7108ae7311
Found in base branch: master
Vulnerability Details
This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.
Publish Date: 2021-08-18
URL: CVE-2021-23424
CVSS 3 Score Details (7.5)
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - bootstrap-3.3.5.min.jsThe most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js
Path to dependency file: az500-azure-cli-glossary/node_modules/autocomplete.js/test/playground_jquery.html
Path to vulnerable library: az500-azure-cli-glossary/node_modules/autocomplete.js/test/playground_jquery.html
Dependency Hierarchy:
Found in HEAD commit: c45e87731b3d95f4a2fb7711945ea3e188f7479f
Found in base branch: master
Vulnerability Details
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Publish Date: 2019-02-20
URL: CVE-2019-8331
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: twbs/bootstrap#28236
Release Date: 2019-02-20
Fix Resolution: bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - nth-check-1.0.2.tgzperformant nth-check parser & compiler
Library home page: https://registry.npmjs.org/nth-check/-/nth-check-1.0.2.tgz
Path to dependency file: az500-azure-cli-glossary/package.json
Path to vulnerable library: az500-azure-cli-glossary/node_modules/nth-check/package.json
Dependency Hierarchy:
Found in HEAD commit: 3c36cea77d2b618b8149a66a5e34bc7108ae7311
Found in base branch: master
Vulnerability Details
nth-check is vulnerable to Inefficient Regular Expression Complexity
Publish Date: 2021-09-17
URL: CVE-2021-3803
CVSS 3 Score Details (5.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: fb55/nth-check@v2.0.0...v2.0.1
Release Date: 2021-09-17
Fix Resolution: nth-check - v2.0.1
Step up your Open Source Security Game with WhiteSource here
Vulnerabilities
DepShield reports that this application's usage of lodash.memoize:4.1.2 results in the following vulnerability(s):
Occurrences
lodash.memoize:4.1.2 is a transitive dependency introduced by the following direct dependency(s):
• vuepress:1.7.1
└─ @vuepress/core:1.7.1
└─ optimize-css-assets-webpack-plugin:5.0.4
└─ cssnano:4.1.10
└─ cssnano-preset-default:4.0.7
└─ postcss-merge-rules:4.0.3
└─ caniuse-api:3.0.0
└─ lodash.memoize:4.1.2
This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.
Vulnerable Library - bootstrap-3.3.5.min.jsThe most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js
Path to dependency file: az500-azure-cli-glossary/node_modules/autocomplete.js/test/playground_jquery.html
Path to vulnerable library: az500-azure-cli-glossary/node_modules/autocomplete.js/test/playground_jquery.html
Dependency Hierarchy:
Found in HEAD commit: c45e87731b3d95f4a2fb7711945ea3e188f7479f
Found in base branch: master
Vulnerability Details
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
Publish Date: 2018-07-13
URL: CVE-2018-14040
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: twbs/bootstrap#26630
Release Date: 2018-07-13
Fix Resolution: org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0
Step up your Open Source Security Game with WhiteSource here
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
