motor-control-test's People
motor-control-test's Issues
CVE-2016-10518 (High) detected in ws-0.4.32.tgz
CVE-2016-10518 - High Severity Vulnerability
Vulnerable Library - ws-0.4.32.tgz
simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455
Library home page: https://registry.npmjs.org/ws/-/ws-0.4.32.tgz
Path to dependency file: /motor-control-test/package.json
Path to vulnerable library: /motor-control-test/node_modules/ws/package.json
Dependency Hierarchy:
- ❌ ws-0.4.32.tgz (Vulnerable Library)
Found in HEAD commit: 72b723c157eec5a678f27835d5d1da90d1734715
Vulnerability Details
A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but internally ws always transforms all data that we need to send to a Buffer instance and that is where the vulnerability existed. ws didn't do any checks for the type of data it was sending. With buffers in node when you allocate it when a number instead of a string it will allocate the amount of bytes.
Publish Date: 2018-05-31
URL: CVE-2016-10518
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-10518
Release Date: 2018-05-31
Fix Resolution: 1.0.0
Step up your Open Source Security Game with WhiteSource here
WS-2017-0107 (Medium) detected in ws-0.4.32.tgz
WS-2017-0107 - Medium Severity Vulnerability
Vulnerable Library - ws-0.4.32.tgz
simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455
Library home page: https://registry.npmjs.org/ws/-/ws-0.4.32.tgz
Path to dependency file: /motor-control-test/package.json
Path to vulnerable library: /motor-control-test/node_modules/ws/package.json
Dependency Hierarchy:
- ❌ ws-0.4.32.tgz (Vulnerable Library)
Found in HEAD commit: 72b723c157eec5a678f27835d5d1da90d1734715
Vulnerability Details
Depending on the JavaScript engine, Math.random can be anywhere between extremely insecure and cryptographically pseudo-random.
Versions which use Math.random can produce predictable values, thus shall not be used.
Publish Date: 2016-09-20
URL: WS-2017-0107
Suggested Fix
Type: Change files
Origin: websockets/ws@7253f06
Release Date: 2016-11-25
Fix Resolution: Replace or update the following file: Sender.js
Step up your Open Source Security Game with WhiteSource here
WS-2016-0040 (High) detected in ws-0.4.32.tgz
WS-2016-0040 - High Severity Vulnerability
Vulnerable Library - ws-0.4.32.tgz
simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455
Library home page: https://registry.npmjs.org/ws/-/ws-0.4.32.tgz
Path to dependency file: /motor-control-test/package.json
Path to vulnerable library: /motor-control-test/node_modules/ws/package.json
Dependency Hierarchy:
- ❌ ws-0.4.32.tgz (Vulnerable Library)
Found in HEAD commit: 72b723c157eec5a678f27835d5d1da90d1734715
Vulnerability Details
By sending an overly long websocket payload to a ws server, it is possible to crash the node process.
Publish Date: 2016-06-24
URL: WS-2016-0040
Suggested Fix
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/120
Release Date: 2016-06-24
Fix Resolution: Update to version 1.1.1 of ws, or if that is not possible, set the `maxpayload` option for the `ws` server - make sure the value is less than 256MB.
Step up your Open Source Security Game with WhiteSource here
CVE-2016-10542 (High) detected in ws-0.4.32.tgz
CVE-2016-10542 - High Severity Vulnerability
Vulnerable Library - ws-0.4.32.tgz
simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455
Library home page: https://registry.npmjs.org/ws/-/ws-0.4.32.tgz
Path to dependency file: /motor-control-test/package.json
Path to vulnerable library: /motor-control-test/node_modules/ws/package.json
Dependency Hierarchy:
- ❌ ws-0.4.32.tgz (Vulnerable Library)
Found in HEAD commit: 72b723c157eec5a678f27835d5d1da90d1734715
Vulnerability Details
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a ws
server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.
Publish Date: 2018-05-31
URL: CVE-2016-10542
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8858
Release Date: 2018-12-15
Fix Resolution: v2.4.24
Step up your Open Source Security Game with WhiteSource here
WS-2017-0247 (Low) detected in ms-0.7.1.tgz, ms-0.7.2.tgz
WS-2017-0247 - Low Severity Vulnerability
Vulnerable Libraries - ms-0.7.1.tgz, ms-0.7.2.tgz
ms-0.7.1.tgz
Tiny ms conversion utility
Library home page: https://registry.npmjs.org/ms/-/ms-0.7.1.tgz
Path to dependency file: /motor-control-test/package.json
Path to vulnerable library: /tmp/git/motor-control-test/node_modules/socket.io-parser/node_modules/ms/package.json
Dependency Hierarchy:
- socket.io-1.7.4.tgz (Root Library)
- socket.io-parser-2.3.1.tgz
- debug-2.2.0.tgz
- ❌ ms-0.7.1.tgz (Vulnerable Library)
- debug-2.2.0.tgz
- socket.io-parser-2.3.1.tgz
ms-0.7.2.tgz
Tiny milisecond conversion utility
Library home page: https://registry.npmjs.org/ms/-/ms-0.7.2.tgz
Path to dependency file: /motor-control-test/package.json
Path to vulnerable library: /tmp/git/motor-control-test/node_modules/ms/package.json
Dependency Hierarchy:
- socket.io-1.7.4.tgz (Root Library)
- debug-2.3.3.tgz
- ❌ ms-0.7.2.tgz (Vulnerable Library)
- debug-2.3.3.tgz
Found in HEAD commit: 72b723c157eec5a678f27835d5d1da90d1734715
Vulnerability Details
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS).
Publish Date: 2017-05-15
URL: WS-2017-0247
Suggested Fix
Type: Change files
Origin: vercel/ms@305f2dd
Release Date: 2017-04-12
Fix Resolution: Replace or update the following file: index.js
Step up your Open Source Security Game with WhiteSource here
CVE-2017-16113 (High) detected in parsejson-0.0.3.tgz
CVE-2017-16113 - High Severity Vulnerability
Vulnerable Library - parsejson-0.0.3.tgz
Method that parses a JSON string and returns a JSON object
Library home page: https://registry.npmjs.org/parsejson/-/parsejson-0.0.3.tgz
Path to dependency file: /motor-control-test/package.json
Path to vulnerable library: /tmp/git/motor-control-test/node_modules/parsejson/package.json
Dependency Hierarchy:
- socket.io-1.7.4.tgz (Root Library)
- socket.io-client-1.7.4.tgz
- engine.io-client-1.8.5.tgz
- ❌ parsejson-0.0.3.tgz (Vulnerable Library)
- engine.io-client-1.8.5.tgz
- socket.io-client-1.7.4.tgz
Found in HEAD commit: 72b723c157eec5a678f27835d5d1da90d1734715
Vulnerability Details
The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.
Publish Date: 2018-06-07
URL: CVE-2017-16113
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Step up your Open Source Security Game with WhiteSource here
WS-2017-0421 (High) detected in ws-0.4.32.tgz, ws-1.1.5.tgz
WS-2017-0421 - High Severity Vulnerability
Vulnerable Libraries - ws-0.4.32.tgz, ws-1.1.5.tgz
ws-0.4.32.tgz
simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455
Library home page: https://registry.npmjs.org/ws/-/ws-0.4.32.tgz
Path to dependency file: /motor-control-test/package.json
Path to vulnerable library: /motor-control-test/node_modules/ws/package.json
Dependency Hierarchy:
- ❌ ws-0.4.32.tgz (Vulnerable Library)
ws-1.1.5.tgz
Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js
Library home page: https://registry.npmjs.org/ws/-/ws-1.1.5.tgz
Path to dependency file: /motor-control-test/package.json
Path to vulnerable library: /tmp/git/motor-control-test/node_modules/engine.io/node_modules/ws/package.json
Dependency Hierarchy:
- socket.io-1.7.4.tgz (Root Library)
- socket.io-client-1.7.4.tgz
- engine.io-client-1.8.5.tgz
- ❌ ws-1.1.5.tgz (Vulnerable Library)
- engine.io-client-1.8.5.tgz
- socket.io-client-1.7.4.tgz
Found in HEAD commit: 72b723c157eec5a678f27835d5d1da90d1734715
Vulnerability Details
Affected version of ws (0.2.6--3.3.0) are vulnerable to A specially crafted value of the Sec-WebSocket-Extensions header that used Object.prototype property names as extension or parameter names could be used to make a ws server crash.
Publish Date: 2017-11-08
URL: WS-2017-0421
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/550/versions
Release Date: 2019-01-24
Fix Resolution: 3.3.1
Step up your Open Source Security Game with WhiteSource here
CVE-2017-16137 (Medium) detected in debug-2.3.3.tgz, debug-2.2.0.tgz
CVE-2017-16137 - Medium Severity Vulnerability
Vulnerable Libraries - debug-2.3.3.tgz, debug-2.2.0.tgz
debug-2.3.3.tgz
small debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-2.3.3.tgz
Path to dependency file: /motor-control-test/package.json
Path to vulnerable library: /tmp/git/motor-control-test/node_modules/debug/package.json
Dependency Hierarchy:
- socket.io-1.7.4.tgz (Root Library)
- ❌ debug-2.3.3.tgz (Vulnerable Library)
debug-2.2.0.tgz
small debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-2.2.0.tgz
Path to dependency file: /motor-control-test/package.json
Path to vulnerable library: /tmp/git/motor-control-test/node_modules/socket.io-parser/node_modules/debug/package.json
Dependency Hierarchy:
- socket.io-1.7.4.tgz (Root Library)
- socket.io-parser-2.3.1.tgz
- ❌ debug-2.2.0.tgz (Vulnerable Library)
- socket.io-parser-2.3.1.tgz
Found in HEAD commit: 72b723c157eec5a678f27835d5d1da90d1734715
Vulnerability Details
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.
Publish Date: 2018-06-07
URL: CVE-2017-16137
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
Suggested Fix
Type: Change files
Origin: debug-js/debug@42a6ae0
Release Date: 2017-09-21
Fix Resolution: Replace or update the following file: node.js
Step up your Open Source Security Game with WhiteSource here
WS-2016-0031 (High) detected in ws-0.4.32.tgz
WS-2016-0031 - High Severity Vulnerability
Vulnerable Library - ws-0.4.32.tgz
simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455
Library home page: https://registry.npmjs.org/ws/-/ws-0.4.32.tgz
Path to dependency file: /motor-control-test/package.json
Path to vulnerable library: /motor-control-test/node_modules/ws/package.json
Dependency Hierarchy:
- ❌ ws-0.4.32.tgz (Vulnerable Library)
Found in HEAD commit: 72b723c157eec5a678f27835d5d1da90d1734715
Vulnerability Details
DoS in ws module due to excessively large websocket message.
Publish Date: 2016-06-24
URL: WS-2016-0031
Suggested Fix
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/120
Release Date: 2016-06-24
Fix Resolution: Update to version 1.1.1 of ws, or if that is not possible, set the `maxpayload` option for the `ws` server - make sure the value is less than 256MB.
Step up your Open Source Security Game with WhiteSource here
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.