vlaship / book-catalog-go Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
Go Doc Dot Org
Library home page: https://proxy.golang.org/github.com/golang/gddo/@v/v0.0.0-20210115222349-20d68f94ee1f.zip
Path to dependency file: /go.mod
Path to vulnerable library: /go.mod
Found in HEAD commit: 18fa112eebad97410bdc25aa4a733de424d3494a
CVE | Severity | CVSS | Dependency | Type | Fixed in (github.com/golang/gddo-v0.0.0 version) | Remediation Possible** |
---|---|---|---|---|---|---|
CVE-2019-8331 | Medium | 6.1 | github.com/golang/gddo-v0.0.0-20210115222349-20d68f94ee1f | Direct | bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1 | ❌ |
CVE-2018-20677 | Medium | 6.1 | github.com/golang/gddo-v0.0.0-20210115222349-20d68f94ee1f | Direct | bootstrap - 3.4.0 | ❌ |
CVE-2018-20676 | Medium | 6.1 | github.com/golang/gddo-v0.0.0-20210115222349-20d68f94ee1f | Direct | bootstrap - 3.4.0 | ❌ |
CVE-2018-14042 | Medium | 6.1 | github.com/golang/gddo-v0.0.0-20210115222349-20d68f94ee1f | Direct | bootstrap - 3.4.0,4.1.2 | ❌ |
CVE-2016-10735 | Medium | 6.1 | github.com/golang/gddo-v0.0.0-20210115222349-20d68f94ee1f | Direct | bootstrap - 3.4.0, 4.0.0-beta.2 | ❌ |
CVE-2018-14040 | Low | 3.7 | github.com/golang/gddo-v0.0.0-20210115222349-20d68f94ee1f | Direct | org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Go Doc Dot Org
Library home page: https://proxy.golang.org/github.com/golang/gddo/@v/v0.0.0-20210115222349-20d68f94ee1f.zip
Path to dependency file: /go.mod
Path to vulnerable library: /go.mod
Dependency Hierarchy:
Found in HEAD commit: 18fa112eebad97410bdc25aa4a733de424d3494a
Found in base branch: main
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Publish Date: 2019-02-20
URL: CVE-2019-8331
Base Score Metrics:
Type: Upgrade version
Release Date: 2019-02-20
Fix Resolution: bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1
Step up your Open Source Security Game with Mend here
Go Doc Dot Org
Library home page: https://proxy.golang.org/github.com/golang/gddo/@v/v0.0.0-20210115222349-20d68f94ee1f.zip
Path to dependency file: /go.mod
Path to vulnerable library: /go.mod
Dependency Hierarchy:
Found in HEAD commit: 18fa112eebad97410bdc25aa4a733de424d3494a
Found in base branch: main
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
Publish Date: 2019-01-09
URL: CVE-2018-20677
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-20677
Release Date: 2019-01-09
Fix Resolution: bootstrap - 3.4.0
Step up your Open Source Security Game with Mend here
Go Doc Dot Org
Library home page: https://proxy.golang.org/github.com/golang/gddo/@v/v0.0.0-20210115222349-20d68f94ee1f.zip
Path to dependency file: /go.mod
Path to vulnerable library: /go.mod
Dependency Hierarchy:
Found in HEAD commit: 18fa112eebad97410bdc25aa4a733de424d3494a
Found in base branch: main
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
Publish Date: 2019-01-09
URL: CVE-2018-20676
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20676
Release Date: 2019-01-09
Fix Resolution: bootstrap - 3.4.0
Step up your Open Source Security Game with Mend here
Go Doc Dot Org
Library home page: https://proxy.golang.org/github.com/golang/gddo/@v/v0.0.0-20210115222349-20d68f94ee1f.zip
Path to dependency file: /go.mod
Path to vulnerable library: /go.mod
Dependency Hierarchy:
Found in HEAD commit: 18fa112eebad97410bdc25aa4a733de424d3494a
Found in base branch: main
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
Publish Date: 2018-07-13
URL: CVE-2018-14042
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-14042
Release Date: 2018-07-13
Fix Resolution: bootstrap - 3.4.0,4.1.2
Step up your Open Source Security Game with Mend here
Go Doc Dot Org
Library home page: https://proxy.golang.org/github.com/golang/gddo/@v/v0.0.0-20210115222349-20d68f94ee1f.zip
Path to dependency file: /go.mod
Path to vulnerable library: /go.mod
Dependency Hierarchy:
Found in HEAD commit: 18fa112eebad97410bdc25aa4a733de424d3494a
Found in base branch: main
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Mend Note: Converted from WS-2018-0021, on 2022-11-08.
Publish Date: 2019-01-09
URL: CVE-2016-10735
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10735
Release Date: 2019-01-09
Fix Resolution: bootstrap - 3.4.0, 4.0.0-beta.2
Step up your Open Source Security Game with Mend here
Go Doc Dot Org
Library home page: https://proxy.golang.org/github.com/golang/gddo/@v/v0.0.0-20210115222349-20d68f94ee1f.zip
Path to dependency file: /go.mod
Path to vulnerable library: /go.mod
Dependency Hierarchy:
Found in HEAD commit: 18fa112eebad97410bdc25aa4a733de424d3494a
Found in base branch: main
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
Publish Date: 2018-07-13
URL: CVE-2018-14040
Base Score Metrics:
Type: Upgrade version
Release Date: 2018-07-13
Fix Resolution: org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0
Step up your Open Source Security Game with Mend here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.