Coder Social home page Coder Social logo

tachibana-shin / fcanvas-editor Goto Github PK

View Code? Open in Web Editor NEW
0.0 0.0 0.0 3.03 MB

An IDE that supports writing TypeScript code and importing npm packages and running directly in the browser

HTML 0.61% TypeScript 58.26% SCSS 0.65% JavaScript 5.72% Raku 0.02% Vue 34.74%
browser editor fcanvas ide-tools vscode

fcanvas-editor's Introduction

X   Stackoverflow

ko-fi

Hi there πŸ‘‹, Tachibana Shin (橘芯) です!...Thanks for visiting my Profile

  • πŸ”­ I’m currently working on open-source projects (Quasar framework and Capacitor.js, Ghostery, Adguard Extension, WCode, AnimeVsub, Manga Raiku, fCanvas...)
  • 🌱 Always learning new Technologies
  • πŸ— I’m developing free app, web app, chrome extensions...
  • πŸ’¬ Ask me about Quasar framework and Vue.js! And many more technologies like Python-flask framework, JavaScript, jQuery, AngularJS, Angular ...
  • πŸ“« How to reach me: [email protected]
  • πŸ’– Sponsor me to support my open source work. https://ko-fi.com/tachib_shin
  • 🌴 I Loves nature travel, anime, manga, cosplay
  • πŸ–ΌοΈ Like to help developers and community

πŸ† Github Profile Trophy

status languages-all

ko-fi

fcanvas-editor's People

Contributors

dependabot[bot] avatar mend-bolt-for-github[bot] avatar tachibana-shin avatar

Watchers

avatar

fcanvas-editor's Issues

firestore-3.4.15.tgz: 1 vulnerabilities (highest severity is: 5.5) - autoclosed

Vulnerable Library - firestore-3.4.15.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/protobufjs/package.json

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (firestore version) Remediation Available
CVE-2023-36665 Medium 5.5 detected in multiple dependencies Transitive N/A* ❌

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2023-36665

Vulnerable Libraries - protobufjs-7.1.0.tgz, protobufjs-6.11.3.tgz

protobufjs-7.1.0.tgz

Protocol Buffers for JavaScript (& TypeScript).

Library home page: https://registry.npmjs.org/protobufjs/-/protobufjs-7.1.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/@grpc/grpc-js/node_modules/protobufjs/package.json

Dependency Hierarchy:

  • firestore-3.4.15.tgz (Root Library)
    • grpc-js-1.6.12.tgz
      • proto-loader-0.7.2.tgz
        • ❌ protobufjs-7.1.0.tgz (Vulnerable Library)

protobufjs-6.11.3.tgz

Protocol Buffers for JavaScript (& TypeScript).

Library home page: https://registry.npmjs.org/protobufjs/-/protobufjs-6.11.3.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/protobufjs/package.json

Dependency Hierarchy:

  • firestore-3.4.15.tgz (Root Library)
    • proto-loader-0.6.13.tgz
      • ❌ protobufjs-6.11.3.tgz (Vulnerable Library)

Found in base branch: vue

Vulnerability Details

protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.4 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions. Exploitation can involve: (1) using the function parse to parse protobuf messages on the fly, (2) loading .proto files by using load/loadSync functions, or (3) providing untrusted input to the functions ReflectionObject.setParsedOption and util.setProperty. NOTE: this CVE Record is about "Object.constructor.prototype. = ...;" whereas CVE-2022-25878 was about "Object.proto. = ...;" instead.

Publish Date: 2023-07-05

URL: CVE-2023-36665

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.code-intelligence.com/blog/cve-protobufjs-prototype-pollution-cve-2023-36665

Release Date: 2023-07-05

Fix Resolution: protobufjs - 7.2.4

Step up your Open Source Security Game with Mend here

vue-3.2.38.tgz: 1 vulnerabilities (highest severity is: 5.3)

Vulnerable Library - vue-3.2.38.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (vue version) Remediation Possible**
CVE-2023-44270 Medium 5.3 postcss-8.4.24.tgz Transitive 3.3.5 ❌

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-44270

Vulnerable Library - postcss-8.4.24.tgz

Library home page: https://registry.npmjs.org/postcss/-/postcss-8.4.24.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

  • vue-3.2.38.tgz (Root Library)
    • compiler-sfc-3.2.38.tgz
      • ❌ postcss-8.4.24.tgz (Vulnerable Library)

Found in base branch: vue

Vulnerability Details

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.

Publish Date: 2023-09-29

URL: CVE-2023-44270

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-44270

Release Date: 2023-09-29

Fix Resolution (postcss): 8.4.31

Direct dependency fix Resolution (vue): 3.3.5

Step up your Open Source Security Game with Mend here

fcanvas-1.0.8.tgz: 1 vulnerabilities (highest severity is: 5.3)

Vulnerable Library - fcanvas-1.0.8.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (fcanvas version) Remediation Possible**
CVE-2023-0842 Medium 5.3 xml2js-0.4.23.tgz Transitive N/A* ❌

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-0842

Vulnerable Library - xml2js-0.4.23.tgz

Simple XML to JavaScript object converter.

Library home page: https://registry.npmjs.org/xml2js/-/xml2js-0.4.23.tgz

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

  • fcanvas-1.0.8.tgz (Root Library)
    • tmx-tiledmap-1.2.1.tgz
      • ❌ xml2js-0.4.23.tgz (Vulnerable Library)

Found in base branch: vue

Vulnerability Details

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited.

Publish Date: 2023-04-05

URL: CVE-2023-0842

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-0842

Release Date: 2023-04-05

Fix Resolution: xml2js - 0.5.0

Step up your Open Source Security Game with Mend here

auth-0.20.5.tgz: 1 vulnerabilities (highest severity is: 5.9) - autoclosed

Vulnerable Library - auth-0.20.5.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-fetch/package.json

Found in HEAD commit: d9c160fee4cf3b9e8d7660e2300ee513e33bec9c

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in Remediation Available
CVE-2022-2596 Medium 5.9 node-fetch-2.6.7.tgz Transitive N/A ❌

Details

CVE-2022-2596

Vulnerable Library - node-fetch-2.6.7.tgz

A light-weight module that brings window.fetch to node.js

Library home page: https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.7.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-fetch/package.json

Dependency Hierarchy:

  • auth-0.20.5.tgz (Root Library)
    • ❌ node-fetch-2.6.7.tgz (Vulnerable Library)

Found in HEAD commit: d9c160fee4cf3b9e8d7660e2300ee513e33bec9c

Found in base branch: vue

Vulnerability Details

Denial of Service in GitHub repository node-fetch/node-fetch prior to 3.2.10.

Publish Date: 2022-08-01

URL: CVE-2022-2596

CVSS 3 Score Details (5.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2596

Release Date: 2022-08-01

Fix Resolution: node-fetch - 3.2.10

Step up your Open Source Security Game with Mend here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.