opensutd / discoversutd-microsite Goto Github PK

View Code? Open in Web Editor NEW

3.0 3.0 2.0 6.75 MB

A micro-site containing the various landing pages for DiscoverSUTD 2019

Home Page: https://discover.opensutd.org/

License: Other

CSS 7.33% JavaScript 78.51% HTML 14.15%

discoversutd-microsite's Introduction

OpenSUTD/course-materials

17/01/19 - This repository has officially moved under the OpenSUTD organization, and will host academic materials. Please do not submit personal projects here - existing ones will eventually be reallocated to other spaces.

Hello there, welcome to OpenSUTD! We believe knowledge should be available for everyone who wants to access it. MIT set up OpenCourseWare in the spirit of sharing knowledge with everybody - this is our take on it, and it'll be interesting to see what this evolves into!

Important note The endgame for this project is simply to be a platform to share information. If you are the creator or owner of any of the materials on this repository and would not like it to be here, we will take it down.

What is this repository for?

This should be a space to encourage self-improvement and share knowledge, not spoon-feed it. What's fair game for contribution:

Past lecture materials
Past quiz, assignment, and homework questions
Posters
Project reports
Personal notes

What shouldn't be here:

Personal projects, quiz, examination, and homework answers (Tips and notes are fine)

Contributing to OpenSUTD

Anyone can contribute material by submitting a issue or pull request! This prototype is still in its infancy, so we're looking for collaborators to act as content curators, who help to manage what's in the repository. In the case of legacy course materials, curators should have taken the course before.

Repository Structure

As the repository grows, optimizing its structure lets people find what they want easily. An example would be:

/Courses
	/10.001 Advanced Math I
		/Summer 2017
		/Projects
		...
	...
	/50.002 Computation Structures
		/Fall 2017
		/Projects
		...
	...

File naming should be consistent across the repository. In general, stuff should be organized and easy to find:

Courses with their code and canonical name, e.g. 10.001 Advanced Math I
Lecture slides should have the week number and a descriptive filename, e.g. Week 10 - James Scott - Commentary on Jacob's work.pdf
Subdirectories as needed, e.g. /Additional Readings or /src

discoversutd-microsite's People

Contributors

Stargazers

Watchers

Forkers

dominiclkj caramelmelmel

discoversutd-microsite's Issues

CVE-2019-11358 (Medium) detected in jquery-2.2.4.min.js, jquery-3.3.1.min.js

CVE-2019-11358 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-2.2.4.min.js, jquery-3.3.1.min.js

jquery-2.2.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js

Path to dependency file: /DiscoverSUTD-microsite/calendar/index.html

Path to vulnerable library: /calendar/index.html

Dependency Hierarchy:

❌ jquery-2.2.4.min.js (Vulnerable Library)

jquery-3.3.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js

Path to vulnerable library: /assets/js/jquery.min.js

Dependency Hierarchy:

❌ jquery-3.3.1.min.js (Vulnerable Library)

Found in HEAD commit: 3e6aad3b0d3b2de323ef281d31c14c7a7dc60f73

Vulnerability Details

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

Publish Date: 2019-04-20

URL: CVE-2019-11358

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358

Release Date: 2019-04-20

Fix Resolution: 3.4.0

Step up your Open Source Security Game with Mend here

CVE-2015-9251 (Medium) detected in jquery-2.2.4.min.js

CVE-2015-9251 - Medium Severity Vulnerability

Vulnerable Library - jquery-2.2.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js

Path to dependency file: /DiscoverSUTD-microsite/calendar/index.html

Path to vulnerable library: /calendar/index.html

Dependency Hierarchy:

❌ jquery-2.2.4.min.js (Vulnerable Library)

Found in HEAD commit: c4e06235dd89649515c35f1bcc7abcbbc1b86b91

Vulnerability Details

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Publish Date: 2018-01-18

URL: CVE-2015-9251

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251

Release Date: 2018-01-18

Fix Resolution: jQuery - v3.0.0

Step up your Open Source Security Game with Mend here

CVE-2020-11022 (Medium) detected in jquery-2.2.4.min.js, jquery-3.3.1.min.js

CVE-2020-11022 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-2.2.4.min.js, jquery-3.3.1.min.js

jquery-2.2.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js

Path to dependency file: /DiscoverSUTD-microsite/calendar/index.html

Path to vulnerable library: /calendar/index.html

Dependency Hierarchy:

❌ jquery-2.2.4.min.js (Vulnerable Library)

jquery-3.3.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js

Path to vulnerable library: /assets/js/jquery.min.js

Dependency Hierarchy:

❌ jquery-3.3.1.min.js (Vulnerable Library)

Vulnerability Details

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11022

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

Release Date: 2020-04-29

Fix Resolution: jQuery - 3.5.0

Step up your Open Source Security Game with Mend here

CVE-2020-11023 (Medium) detected in jquery-2.2.4.min.js, jquery-3.3.1.min.js

CVE-2020-11023 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-2.2.4.min.js, jquery-3.3.1.min.js

jquery-2.2.4.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js

Path to dependency file: /DiscoverSUTD-microsite/calendar/index.html

Path to vulnerable library: /calendar/index.html

Dependency Hierarchy:

❌ jquery-2.2.4.min.js (Vulnerable Library)

jquery-3.3.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js

Path to vulnerable library: /assets/js/jquery.min.js

Dependency Hierarchy:

❌ jquery-3.3.1.min.js (Vulnerable Library)

Vulnerability Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL: CVE-2020-11023

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6,https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#440

Release Date: 2020-04-29

Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0

Step up your Open Source Security Game with Mend here

opensutd / discoversutd-microsite Goto Github PK

discoversutd-microsite's Introduction

OpenSUTD/course-materials

17/01/19 - This repository has officially moved under the OpenSUTD organization, and will host academic materials. Please do not submit personal projects here - existing ones will eventually be reallocated to other spaces.

What is this repository for?

Contributing to OpenSUTD

Repository Structure

discoversutd-microsite's People

Contributors

Stargazers

Watchers

Forkers

discoversutd-microsite's Issues

CVE-2019-11358 - Medium Severity Vulnerability

CVE-2015-9251 - Medium Severity Vulnerability

CVE-2020-11022 - Medium Severity Vulnerability

CVE-2020-11023 - Medium Severity Vulnerability

Recommend Projects

Recommend Topics

Recommend Org