Coder Social home page Coder Social logo

operationscenterapi-oauth2-nodejs-example's People

Contributors

jconner0623 avatar mend-bolt-for-github[bot] avatar renovate[bot] avatar ryber avatar sambodino avatar

Stargazers

avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

sambodino uandzleonel

operationscenterapi-oauth2-nodejs-example's Issues

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

npm
package.json
  • axios ^0.20.0
  • cookie-parser ~1.4.4
  • debug ~2.6.9
  • express ~4.16.1
  • http-errors ~1.6.3
  • morgan ~1.9.1
  • mustache-express ^1.3.0
  • Check this box to trigger a request for Renovate to run again on this repository

CVE-2021-43138 (High) detected in async-3.1.1.tgz

CVE-2021-43138 - High Severity Vulnerability

Vulnerable Library - async-3.1.1.tgz

Higher-order functions and common patterns for asynchronous code

Library home page: https://registry.npmjs.org/async/-/async-3.1.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/async/package.json

Dependency Hierarchy:

  • mustache-express-1.3.0.tgz (Root Library)
    • โŒ async-3.1.1.tgz (Vulnerable Library)

Found in base branch: main

Vulnerability Details

In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.

Publish Date: 2022-04-06

URL: CVE-2021-43138

CVSS 3 Score Details (7.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-43138

Release Date: 2022-04-06

Fix Resolution (async): 3.2.2

Direct dependency fix Resolution (mustache-express): 1.3.1

Step up your Open Source Security Game with Mend here

CVE-2020-28168 (Medium) detected in axios-0.20.0.tgz

CVE-2020-28168 - Medium Severity Vulnerability

Vulnerable Library - axios-0.20.0.tgz

Promise based HTTP client for the browser and node.js

Library home page: https://registry.npmjs.org/axios/-/axios-0.20.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/axios/package.json

Dependency Hierarchy:

  • โŒ axios-0.20.0.tgz (Vulnerable Library)

Found in base branch: main

Vulnerability Details

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

Publish Date: 2020-11-06

URL: CVE-2020-28168

CVSS 3 Score Details (5.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2020-11-06

Fix Resolution: 0.21.1

Step up your Open Source Security Game with Mend here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.