sadmap / kelimebot Goto Github PK
View Code? Open in Web Editor NEWLicense: Mozilla Public License 2.0
License: Mozilla Public License 2.0
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.1.0.tgz
Path to dependency file: KelimeBot/package.json
Path to vulnerable library: KelimeBot/node_modules/sql/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 86709b15f05ff57015894d4b38375ddc4742f0eb
Found in base branch: main
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Publish Date: 2021-02-15
URL: CVE-2021-23337
Base Score Metrics:
Type: Upgrade version
Origin: lodash/lodash@3469357
Release Date: 2021-02-15
Fix Resolution: lodash - 4.17.21
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.1.0.tgz
Path to dependency file: KelimeBot/package.json
Path to vulnerable library: KelimeBot/node_modules/sql/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 86709b15f05ff57015894d4b38375ddc4742f0eb
Found in base branch: main
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Publish Date: 2019-07-26
URL: CVE-2019-10744
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-jf85-cpcp-j695
Release Date: 2019-07-08
Fix Resolution: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.1.0.tgz
Path to dependency file: KelimeBot/package.json
Path to vulnerable library: KelimeBot/node_modules/sql/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 86709b15f05ff57015894d4b38375ddc4742f0eb
Found in base branch: main
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
Publish Date: 2019-02-01
URL: CVE-2018-16487
Base Score Metrics:
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16487
Release Date: 2019-02-01
Fix Resolution: 4.17.11
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.1.0.tgz
Path to dependency file: KelimeBot/package.json
Path to vulnerable library: KelimeBot/node_modules/sql/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 86709b15f05ff57015894d4b38375ddc4742f0eb
Found in base branch: main
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.
Publish Date: 2019-07-17
URL: CVE-2019-1010266
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010266
Release Date: 2019-07-17
Fix Resolution: 4.17.11
Step up your Open Source Security Game with WhiteSource here
sql builder
Library home page: https://registry.npmjs.org/sql/-/sql-0.78.0.tgz
Path to dependency file: KelimeBot/package.json
Path to vulnerable library: KelimeBot/node_modules/sql/package.json
Dependency Hierarchy:
Found in HEAD commit: 86709b15f05ff57015894d4b38375ddc4742f0eb
Found in base branch: main
All versions of sql are vulnerable to sql injection as it does not properly escape parameters when building SQL queries.
Publish Date: 2018-05-16
URL: WS-2018-0108
Base Score Metrics:
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/662
Release Date: 2018-05-16
Fix Resolution: No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is available.
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.1.0.tgz
Path to dependency file: KelimeBot/package.json
Path to vulnerable library: KelimeBot/node_modules/sql/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 86709b15f05ff57015894d4b38375ddc4742f0eb
Found in base branch: main
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.
Publish Date: 2018-06-07
URL: CVE-2018-3721
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-3721
Release Date: 2018-06-07
Fix Resolution: 4.17.5
Step up your Open Source Security Game with WhiteSource here
CodeFactor found an issue: Trailing spaces
It's currently on:
.travis.yml:2
Commit ae64c04
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.1.0.tgz
Path to dependency file: KelimeBot/package.json
Path to vulnerable library: KelimeBot/node_modules/sql/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 86709b15f05ff57015894d4b38375ddc4742f0eb
Found in base branch: main
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
Publish Date: 2020-07-15
URL: CVE-2020-8203
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1523
Release Date: 2020-07-23
Fix Resolution: lodash - 4.17.19
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.1.0.tgz
Path to dependency file: KelimeBot/package.json
Path to vulnerable library: KelimeBot/node_modules/sql/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 86709b15f05ff57015894d4b38375ddc4742f0eb
Found in base branch: main
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Publish Date: 2021-02-15
URL: CVE-2020-28500
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500
Release Date: 2021-02-15
Fix Resolution: lodash-4.17.21
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.