Accelerator Core provides a simple way to integrate real-time audio/video into your web application using the OpenTok Platform
Home Page: https://www.vonage.com/communications-apis/video/
License: MIT License
Feature request:
Can this feature be supported where in annotation done by a subscriber who is viewing the screen sharing of a publisher can be embedded in the live stream ?
Is this possible currently?
READMEThe link to the sdkWrapper doc is wrong on the README.md file
show the doc
nothing
clink the link
...
...
Hi,
I am using video chat embed and according to documentation, I'm using the following code.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
<div id="otEmbedContainer" style="width:800px; height:640px"></div>
<script
src="https://tokbox.com/embed/embed/ot-embed.js?embedId=<embed-id>&room=DEFAULT_ROOM"></script>
</body>
</html>
It's working fine but the stylesheet is not loading and I'm unable to see a small screen when video chat starts at the top right.
I am getting the following error:
OpenTok:StylableComponent:warn Calling setStyle() has no effect because theshowControls option was set to false +0ms
OpenTok:processPubOptions:warn OT.Publisher: Setting video constraint to false, there are no video sources +0ms
OpenTok:StylableComponent:warn Calling setStyle() has no effect because theshowControls option was set to false +14s
The screen is showing like below:
Please share your feedback.
Thanks
README...
...
...
...
...
READMEWhen generate a publisher without a DOM element, never receive the videoElementCreated event
Receive the DOM element on the event
The event never fire
import { OpenTokSDK } from 'opentok-accelerator-core'
const cfg = {
api_key: "XXX",
session: "XXXXX",
token: "XXXXX"
}
const properties = { insertDefaultUI: false }
const events = {
'videoElementCreated': (event) => { console.warn('videoElementCreated', event)}
}
const sdk = new OpenTokSDK({
apiKey: cfg.api_key,
sessionId: cfg.session,
token: cfg.token
})
const startCall = () => { sdk.publish(null, properties, events, true) }
sdk.connect().then(() => { startCall() } )
If use plain OT library work as advertised
const session = OT.initSession(cfg.api_key, cfg.session)
const properties = { insertDefaultUI: false }
session.connect(cfg.token, (error) => {
if (error) {
console.error('connection error', error)
} else {
let publisher = OT.initPublisher(null, properties);
publisher.on('videoElementCreated', (event) => console.warn('videoElementCreated', event) )
session.publish(publisher);
}
})
Opentok 2.19 recently introduced a setVideoSource that lets users change devices without having to rejoin the call. Can this be added to accelerator core?
I'm looking into adding ipWhitelist support for my app, but I can't see how it can be done with accelerator-core-js. Is there a way to do that?
This documentation has instructions on how to add it without accelerator-core-js: https://tokbox.com/developer/enterprise/content/ip-addresses/
Vulnerable Library - opentok-solutions-logging-1.1.1.tgzPath to dependency file: /package.json
Path to vulnerable library: /node_modules/axios/package.json
| CVE | Severity |  CVSS |
Exploit Maturity | EPSS | Dependency | Type | Fixed in (opentok-solutions-logging version) | Remediation Possible** | Reachability |
|---|---|---|---|---|---|---|---|---|---|
| CVE-2023-45857 |  Medium |
6.5 | Not Defined | 0.1% | axios-0.21.4.tgz | Transitive | N/A* | ❌ | |
| CVE-2023-26159 | Medium |
6.1 | Not Defined | 0.1% | follow-redirects-1.15.1.tgz | Transitive | N/A* | ❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2023-45857Promise based HTTP client for the browser and node.js
Library home page: https://registry.npmjs.org/axios/-/axios-0.21.4.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/axios/package.json
Dependency Hierarchy:
Found in base branch: main
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
Publish Date: 2023-11-08
URL: CVE-2023-45857
Exploit Maturity: Not Defined
EPSS: 0.1%
Base Score Metrics:
Type: Upgrade version
Release Date: 2023-11-08
Fix Resolution: axios - 1.6.0
CVE-2023-26159HTTP and HTTPS modules that follow redirects.
Library home page: https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/axios/node_modules/follow-redirects/package.json
Dependency Hierarchy:
Found in base branch: main
Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.
Publish Date: 2024-01-02
URL: CVE-2023-26159
Exploit Maturity: Not Defined
EPSS: 0.1%
Base Score Metrics:
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2023-26159
Release Date: 2024-01-02
Fix Resolution: follow-redirects - 1.15.4
It would be nice if this library had TypeScript declarations.
while connecting get this error
otCore.connect().then(() =>
this.setState({ connected: true }, () => {})
);
Library version(s):
"opentok-accelerator-core": "^2.0.15",
Reproducible in the demo project? (Yes/No):
yes
...
READMEShould be https://github.com/opentok/accelerator-sample-apps-js/tree/master/react-sample-app
Link to https://github.com/opentok/accelerator-core-js/tree/master/react-sample-app
READMEcamera subscriber DOM elements should be unmounted when their corresponding streams are destroyed.
I’m noticing that 2 out of 3 stale camera subscriber DOM elements are stale, i.e. still mounted when a valid stream only exists for one of the three.
Seems to happen sporadically in my prototype
Could this issue be caused by a bug in my application code? My understanding is that the accelerator-core is responsible for handling DOM updates behind the scenes.
When I .publish with "videoSource: application" to trigger the screen share prompt, whether I disallowed permission in my system preferences and try to screenshare (first screenshot), or press cancel on the prompt (second screenshot), they both throw the same error.
{"code":1500,"message":"OT.Publisher Access Denied: Permission Denied: End-user denied permission to hardware devices (getUserMedia error: NotAllowedError)","name":"OT_USER_MEDIA_ACCESS_DENIED","stack":"Error: End-user denied permission to hardware devices (getUserMedia error: NotAllowedError)
This makes it hard to give the user a warning and instructions on how to enable screenshare system permissions it could potentially be just them opening and closing the screenshare dialog. Are there other ways to detect whether there is system permissions or not to screenshare?
Using the underlying OT.checkScreenSharingCapability() method, it always returns "supported: true" even without system permissions enabled. It seems like that method just checks the browser version instead of if it can actually access the screen?
READMELibrary version(s):
opentok.js: 2.16.1,
opentok-accelerator-core: 2.0.15
opentok-annotation: 2.0.59
opentok-archiving: 1.0.19,
opentok-screen-sharing: 1.0.33
opentok-text-chat: 1.0.30
iOS/Android/Browser version(s): Google Chrome 73
Devices/Simulators/Machine affected:
Reproducible in the demo project? (Yes/No):
Related issues:
No warnings in console.
Warnings from opentok.
console.js:35 OpenTok:StylableComponent:warn Calling setStyle() has no effect because theshowControls option was set to false +0ms
e.(anonymous function) @ console.js:35
o @ common.js:118
e.setStyle @ stylable_component.js:268
publish @ index.js:1123
(anonymous) @ init.js:529
(anonymous) @ communication.js:211
value @ communication.js:205
(anonymous) @ communication.js:262
value @ communication.js:237
(anonymous) @ communication.js:438
value @ communication.js:389
value @ core.js:762
(anonymous) @ index.js:formatted:3845
(anonymous) @ react-dom.production.min.js:14
f @ react-dom.production.min.js:15
(anonymous) @ react-dom.production.min.js:15
L @ react-dom.production.min.js:17
T @ react-dom.production.min.js:18
S @ react-dom.production.min.js:18
j @ react-dom.production.min.js:21
kn @ react-dom.production.min.js:84
is @ react-dom.production.min.js:241
Re @ react-dom.production.min.js:39
Tn @ react-dom.production.min.js:86
ss @ react-dom.production.min.js:241
On @ react-dom.production.min.js:85
o @ raven.js:376
...
...
...
READMECONNECTION ERROR TypeError: p.post is not a function
at analytics.js:36
at e (QueueRunner.js:22)
at e.t.run (QueueRunner.js:26)
at e.t.add (QueueRunner.js:9)
at analytics.js:34
at e.exports.logEvent (analytics.js:150)
at analytics.js:110
at guid_storage.js:118
at Object.get (guid_storage.js:138)
at guid_storage.js:30
#### Expected behavior
> ...
#### Actual behavior
> ...
#### Steps to reproduce
> ...
#### Crash log? Screenshots? Videos? Sample project?
>...
## Question or Feature Request
> ...READMEthe enableSubscriberAudio/enableSubscriberVideo methods on sdkWrapper mismatch the call to the same method on the subscriber
https://github.com/opentok/accelerator-core-js/blob/master/src/sdk-wrapper/sdkWrapper.js#L183
https://github.com/opentok/accelerator-core-js/blob/master/src/sdk-wrapper/sdkWrapper.js#L195
call the correct methods
Video call Audio and vice versa
use the methods on the sdkWrapper
...
...
Adding a name for a published stream and using the communication.callProperties.name while init app, it is updating to all publishers stream. Please find the screenshot below, please help on this.
Thanks
Parsetty
Vulnerable Library - opentok-solutions-logging-1.0.15.tgzPath to dependency file: /package.json
Path to vulnerable library: /node_modules/follow-redirects/package.json
Found in HEAD commit: 1e3986b7eccfbc9e60aaec7e7ee963381e7bf286
| CVE | Severity | CVSS |
Dependency | Type | Fixed in | Remediation Available |
|---|---|---|---|---|---|---|
| CVE-2021-3749 |  High |
7.5 | axios-0.19.2.tgz | Transitive | 1.1.1 | ✅ |
| CVE-2022-0155 |  Medium |
6.5 | follow-redirects-1.5.10.tgz | Transitive | 1.1.1 | ✅ |
| CVE-2022-0536 | Medium |
5.9 | follow-redirects-1.5.10.tgz | Transitive | 1.1.1 | ✅ |
| CVE-2020-28168 | Medium |
5.9 | axios-0.19.2.tgz | Transitive | 1.1.1 | ✅ |
CVE-2021-3749Promise based HTTP client for the browser and node.js
Library home page: https://registry.npmjs.org/axios/-/axios-0.19.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/axios/package.json
Dependency Hierarchy:
Found in HEAD commit: 1e3986b7eccfbc9e60aaec7e7ee963381e7bf286
Found in base branch: main
axios is vulnerable to Inefficient Regular Expression Complexity
Publish Date: 2021-08-31
URL: CVE-2021-3749
Base Score Metrics:
Type: Upgrade version
Origin: https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31/
Release Date: 2021-08-31
Fix Resolution (axios): 0.20.0
Direct dependency fix Resolution (opentok-solutions-logging): 1.1.1
⛑️ Automatic Remediation is available for this issue
CVE-2022-0155HTTP and HTTPS modules that follow redirects.
Library home page: https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.5.10.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/follow-redirects/package.json
Dependency Hierarchy:
Found in HEAD commit: 1e3986b7eccfbc9e60aaec7e7ee963381e7bf286
Found in base branch: main
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
Publish Date: 2022-01-10
URL: CVE-2022-0155
Base Score Metrics:
Type: Upgrade version
Origin: https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406/
Release Date: 2022-01-10
Fix Resolution (follow-redirects): 1.14.7
Direct dependency fix Resolution (opentok-solutions-logging): 1.1.1
⛑️ Automatic Remediation is available for this issue
CVE-2022-0536HTTP and HTTPS modules that follow redirects.
Library home page: https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.5.10.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/follow-redirects/package.json
Dependency Hierarchy:
Found in HEAD commit: 1e3986b7eccfbc9e60aaec7e7ee963381e7bf286
Found in base branch: main
Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8.
Publish Date: 2022-02-09
URL: CVE-2022-0536
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0536
Release Date: 2022-02-09
Fix Resolution (follow-redirects): 1.14.8
Direct dependency fix Resolution (opentok-solutions-logging): 1.1.1
⛑️ Automatic Remediation is available for this issue
CVE-2020-28168Promise based HTTP client for the browser and node.js
Library home page: https://registry.npmjs.org/axios/-/axios-0.19.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/axios/package.json
Dependency Hierarchy:
Found in HEAD commit: 1e3986b7eccfbc9e60aaec7e7ee963381e7bf286
Found in base branch: main
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
Publish Date: 2020-11-06
URL: CVE-2020-28168
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-11-06
Fix Resolution (axios): 0.21.1
Direct dependency fix Resolution (opentok-solutions-logging): 1.1.1
⛑️ Automatic Remediation is available for this issue
⛑️ Automatic Remediation is available for this issue.
READMEthe signal sender always stringifys the signal data, but the core library and servers are able to take Objects as is. This means that for signals send using the accelerator, an extra parse is needed that isn't necessarily when sending identical signals from non-accelerator client, or from the server.
https://github.com/opentok/accelerator-core-js/blob/master/src/core.js#L590
data is passed through as isdata is passed through as a stringdatadata fieldIs this by design? It doesn't appear to be a documented difference. feels like it shouldn't be happening, but maybe users of this library are used to this by now?
READMEHi everyone, I'm using accelerator-core in order to easily setup one-to-one calls, but one of the requirements is being able to choose from a select list the device from which I want to stream video and audio, audio is not much of an issue, since I can just setAudioSource from the publisher, but setting a different video source is giving me trouble, normally I would kill the old publisher and unpublish it from the session, and publish the new one with the desired video source.
const session = this.otCore.getSession();
const otState = this.otCore.state();
const activePublisher = otState.publishers.camera[Object.keys(otState.publishers.camera)[0]];
console.log({ session, otState });
session.unpublish(activePublisher);
session.publish(publisher);
console.log({ session, otState });I'm feeling there must be a better way to do this using opentok-core since if I just use the method described above, the new publisher won't be a part of opentok-core global state, thus loosing track of it and not being able to repeat that action.
is there a way I can replace the camera publisher in opentok-core's state? I wouldn't want to recur to the cycleVideo method of the publisher as some users might have more than two cameras.
Also, thank you for building this wrapper, it has been really useful in more than one project, it's really easy to use.
Sample react app to run.
Crash displayed on console and browser.
Instructions here: https://github.com/opentok/accelerator-core-js/blob/master/react-sample-app/README.md
Failed to compile.
The browser also displays the same error
Error in ./src/ot-core/core.js
Module not found: 'babel-polyfill' in /home/martin/Dropbox/current/accelerator-core-js/react-sample-app/src/ot-core
@ ./src/ot-core/core.js 15:0-25
Need to add "babel-polyfill" to dependence list. Running npm install babel-polyfill solved the issue.
READMEWhen you publish a stream with a custom videoSource (startCall({videoSource:MediaStreamTrack})), the library doesn't send the subscribeToCustom and unsubscribeFromCustom events because they are not handled by the events.js file
it should trigger the subscribe and unsubscribe events for the custom source
it doesn't trigger the events.
Run the sample app with
otCore .startCall({ videoSource: MediaStreamTrack })
README@kascote @robjperez @willyaranda @jaoo @martinvol
I need to change session in the app without refreshing the page and stuff which means when I do:
otCore = new AccCore(options) where options has credentials I am unable to change the session unless I basically do otCore = new AccCore(options) however that causes the screen sharing to be created/initialized again which means there is an additional icon button and it causes the chrome to prompt screenshare twice WHILST not actually working even if I press "screenshare" twice on two different popups.
How can I either remove the old AccCore or destroy it or something and remake it or just change the session the AccCore is pointing to?
I have tried to do otCore.internalState.setSession but that returns an error. I also do otCore.disconnect and otCore.endCall but that does not do anything.
The session changes succesfully and everything else seems to work fine. The only issue seems to be the additional packages such as screen share which get increased linearly with the number of times I jump sessions.
Everytime I create AccCore I need the old screenshare package to remain so that I can screen share normally instead of loading it in everytime I jump sessions.
...
Seeing a duplicate screen sharing package which causes the icon button to duplicate each time I remake new AccCore(options) object and when I click it causes multiple prompts and does not work in the end.
...
Recreate otCore in componentDidMount (or anywhere). You can just duplicate these two lines:
otCore = new AccCore(options);
otCore = new AccCore(options);
...
This gets duplicated when I make a new AccCore object to jump sessions and so it also causes the pop up to trigger multiple times depending on how many times I duplicated AccCore object.
...
Is it possible for me to change sessions without remaking AccCore? Or is it possible to override certain things such as the screen sharing package duplication?
...
Here is the code below for the main logic:
Vulnerable Library - jquery-3.1.1.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.js
Path to dependency file: /test/index.html
Path to vulnerable library: /test/index.html
Found in HEAD commit: 1e3986b7eccfbc9e60aaec7e7ee963381e7bf286
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (jquery version) | Remediation Available |
|---|---|---|---|---|---|---|
| CVE-2020-11023 | Medium |
6.1 | jquery-3.1.1.js | Direct | jquery - 3.5.0;jquery-rails - 4.4.0 | ❌ |
| CVE-2020-11022 | Medium |
6.1 | jquery-3.1.1.js | Direct | jQuery - 3.5.0 | ❌ |
| CVE-2019-11358 | Medium |
6.1 | jquery-3.1.1.js | Direct | jquery - 3.4.0 | ❌ |
CVE-2020-11023JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.js
Path to dependency file: /test/index.html
Path to vulnerable library: /test/index.html
Dependency Hierarchy:
Found in HEAD commit: 1e3986b7eccfbc9e60aaec7e7ee963381e7bf286
Found in base branch: main
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0
CVE-2020-11022JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.js
Path to dependency file: /test/index.html
Path to vulnerable library: /test/index.html
Dependency Hierarchy:
Found in HEAD commit: 1e3986b7eccfbc9e60aaec7e7ee963381e7bf286
Found in base branch: main
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
CVE-2019-11358JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.js
Path to dependency file: /test/index.html
Path to vulnerable library: /test/index.html
Dependency Hierarchy:
Found in HEAD commit: 1e3986b7eccfbc9e60aaec7e7ee963381e7bf286
Found in base branch: main
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: jquery - 3.4.0
Auto-subscribe works unreliably in group chats. It results in some people not seeing each other in certain cases.
Apparently the problem is in communication.js. It happens during startCall() method processing, when subscribeToInitialStreams() method is already running, but active flag is still false, and in such moment a new remote stream is created (streamCreated event). subscribe() is not called as active is still false, but subscribeToInitialStreams() also ignores this new stream as enumeration of streams was already started and it didn't include the new stream.
Create a group video call with 4 members. All members should join approximately at the same time.
"subscribeToCamera" event should be fired for each remote stream (3 times). On each client, otCore.state().subscribers must contain 3 streams.
In some cases, "subscribeToCamera" event is fired less than 3 times. otCore.state().subscribers contains less than 3 streams.
Create a group video call with 4 members. All members should join approximately at the same time.
Hi, i added the extension ID in app.js file and loaded an unpacked extension but when clicking on screen sharing button it is not detecting that extension and shows install extension dialogue
if (streamMap[streamId]) {
// Are we already subscribing to the stream?
var _state$all = state.all(),
subscribers = _state$all.subscribers;
resolve(subscribers[type][streamMap[streamId]]);
} else {
....
}const container = dom.query(streamContainers('subscriber', type, connectionData, stream));When attempting to unsubscribe from a destroyed stream the action is attempted and an error is thrown.
This is an incorrect action, however I suggest either:
state.js:160 Uncaught (in promise) TypeError: Cannot convert undefined or null to object at State.removeSubscriber (webpack:///./~/opentok-accelerator-core/dist/sdk-wrapper/state.js?:160:47) at eval (webpack:///./~/opentok-accelerator-core/dist/sdk-wrapper/sdkWrapper.js?:375:15) at OpenTokSDK.unsubscribe (webpack:///./~/opentok-accelerator-core/dist/sdk-wrapper/sdkWrapper.js?:373:14) at eval (webpack:///./src/services/video/manager.js?:831:37) at Array.forEach (native) at eval (webpack:///./src/services/video/manager.js?:830:47)
READMEStarting video call in react-sample-app
Crashing page and reloading
Click to start call button
Please help with a temporary solution to fix this problem
READMEToggle Local Video when clicking the camera icon in react-sample-app
Crashing page and reloading
Click to start call button -> Click to button toggle video cam
Please help with a temporary solution to fix this problem
Hello,
I want to implement a virtual background filter on video visit, Like what google meet, zoom app does.
Found the few examples with pure Vonage JS code but not able to merge that code using our AccCore method.
So is there any way to do that with your Acccore plugin method?
Reference link of virtual background: https://github.com/nexmo-se/opentok-filters-bodypix
Just let me know is there any method or reference code that i can implement this feature using accelerator-core-js plugin.
Thanks,
Vulnerable Library - underscore-min-1.8.3.jsJavaScript's functional programming helper library.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js
Path to dependency file: /test/index.html
Path to vulnerable library: /test/index.html
Found in HEAD commit: 1e3986b7eccfbc9e60aaec7e7ee963381e7bf286
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (underscore-min version) | Remediation Available |
|---|---|---|---|---|---|---|
| CVE-2021-23358 | High |
7.2 | underscore-min-1.8.3.js | Direct | underscore - 1.12.1,1.13.0-2 | ❌ |
CVE-2021-23358JavaScript's functional programming helper library.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js
Path to dependency file: /test/index.html
Path to vulnerable library: /test/index.html
Dependency Hierarchy:
Found in HEAD commit: 1e3986b7eccfbc9e60aaec7e7ee963381e7bf286
Found in base branch: main
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
Publish Date: 2021-03-29
URL: CVE-2021-23358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358
Release Date: 2021-03-29
Fix Resolution: underscore - 1.12.1,1.13.0-2
Chrome Extension created & Added from webStore, but always when start Screen share it shows install extension ,if i click accept it installs again but screen share not started
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.