Git First Timers

There are lots of people that need help and want to make our community of software development open and inclusive.

This list displays the top 100 Open Issues with the 'first-timers-only' tag on Github.com.

That means this is a curated list of some of the best, most open, open source projects on the internet!

1 [sec] check if symlink points outside of destination directory

Find it on GitHub

I was able to confirm that os.Create() will happily follow symlinks.

Although standard tools like tar will not likely allow you to add two files with the same name to an archive file, it's certainly easy enough to do in code. This means that we need to add an additional check before writing to a destination to make sure that it's not a symlink outside of the destination.

The vulnerability only exists if OverwriteExisting is also turned on.

What file is affected?

filecompressor.go: ```go // DecompressFile reads the source file and decompresses it to destination. func (fc FileCompressor) DecompressFile(source, destination string) error { if fc.Decompressor == nil { return fmt.Errorf("no decompressor specified") }

if !fc.OverwriteExisting && fileExists(destination) {
    return fmt.Errorf("file exists: %s", destination)
}

// TODO needs check here

in, err := os.Open(source)
if err != nil {
    return err
}
defer in.Close()

out, err := os.Create(destination)
if err != nil {
    return err
}
defer out.Close()

return fc.Decompress(in, out)

} ```

Possible solution

If the destination exists we should always check if it's a symlink first:

```go if fileExists(destination) { // TODO check if destination is a symlink with an outside target // should be a simple os.Lstat()

    if !fc.OverwriteExisting {
        return fmt.Errorf("file exists: %s", destination)
    }
}

```

Also, we could block ALL symilnks that have a target outside of the destination directory.

I think the former approach is the best for now, as some archives may link outside of the destination directory for legitimate reasons.

Please link to any related issues, pull requests, and/or discussion

This is related to

  • https://github.com/mholt/archiver/pull/203
  • https://github.com/mholt/archiver/pull/169
  • https://github.com/mholt/archiver/pull/70
  • https://github.com/snyk/zip-slip-vulnerability/issues/41

2 [style] Use error instance rather than an error string

Find it on GitHub

Recently we had a PR that was necessary, but had some code style issues that we'd like to fix:

The PR in question: https://github.com/mholt/archiver/pull/231/files

What would you like to have changed?

There are a few ways I think could work really well:

  1. Follow the style of os.IsNotFound
    • Let's add function something like IsIllegalPath in archiver.go
    • Let's replace lines like strings.Contains(err.Error(), "illegal file path") with IsIllegalPath
  2. Follow the style of csv.ParseError
    • Let's add a struct IllegalPathError to archiver.go
    • Let's replace things like fmt.Errorf("illegal file path: %s", filename) with the use of that error
  3. Let's do both!

Why is this feature a useful, necessary, and/or important addition to this project?

We just want to make the code more durable and maintainable.

3 [Site] Create a difference in color on either side of the blog posts

Find it on GitHub

Current Behavior A lack of formatting on the individual blog pages has them not looking as much like articles as they could be.

Desired Behavior Add color to the left and right margins or some other styling to the blog post page layout to offset the text from the page.

Screenshot

4 Add a how to contribute file

Find it on GitHub

See How to create a contribution file

Move the instructions to this file from the README file;

5 Update the README file

Find it on GitHub

Follow this format:

  • Project name: Your project’s name is the first thing people will see upon scrolling down to your README, and is included upon creation of your README file.

  • Description: A description of your project follows. A good description is clear, short, and to the point. Describe the importance of your project, and what it does.

  • Table of Contents: Optionally, include a table of contents in order to allow other people to quickly navigate especially long or detailed READMEs.

  • Installation: Installation is the next section in an effective README. Tell other users how to install your project locally. Optionally, include a gif to make the process even more clear for other people.

  • Usage: The next section is usage, in which you instruct other people on how to use your project after they’ve installed it. This would also be a good place to include screenshots of your project in action.

Contributing: Link to a file in project root called CONTRIBUTING.md

Credits: Include a section for credits in order to highlight and link to the authors of your project.

Document the process of the web service flow in the readme as well.

6 Update Readme

Find it on GitHub

  • [ ] Create CONTRIBUTING.md file in the root folder
  • [ ] Add How to Contribute instructions to the file

Please use markdown!

7 Delete duplicate Service Mesh Interface Page

Find it on GitHub

Description Just a small update in the issue, as we already have a same project page so I am redefining the issue as deleting the service mesh page. Hope its okay with the change @bartkalanski . You will have to just delete the smi page from the pages folder.

Enviroment: - OS: [e.g. Ubuntu] - Browser: [e.g. Chrome, Safari] - Version: [e.g. 22] - Device: [e.g. laptop, iPhone 8]


[Optional] To Reproduce

Steps to reproduce the behavior: 1. Go to '...' 2. Click on '....' 3. Scroll down to '....' 4. See error

[Optional] Additional Context <!-- Add any other context about the problem here. -->


Contributor Resources The layer5 repo contains two websites. The current generation and the next-generation of the layer5.io site.

If the layer5-ng label is absent on this issue, then this issue pertains to the current generation of the layer5.io website, which uses Jekyll and GitHub Pages. Site content is found under the master branch. - See layer5 contributing instructions

If the layer5-ng label is present on this issue, then this issue pertains to the next-generation of the layer5.io website, which uses Gatsby, Strapi, and GitHub Pages. Site content is found under the layer5-ng branch. - See layer5-ng contributing instructions

8 Update Readme

Find it on GitHub

  • [ ] Create CONTRIBUTING.md file in the root folder
  • [ ] Add How to Contribute instructions to the file

Please use markdown!

9 Update Readme

Find it on GitHub

  • [ ] Add Install and Run instructions to run this React-Native project generated with expo-cli

10 Update article: Package management

Find it on GitHub

  • [x] Link to practice: "https://developerexperience.io/practices/package-management"

  • [x] What is this about: "Add Java Specifying dependencies (Maven or Gradle)"

How to contribute:

11 Feature request: Add `getPhoneCodeForWilaya` and `getPhoneCodesForWilaya `

Find it on GitHub

⚠️⚠️⚠️
This issue is for first-timers only, we'd like you to start your open-source journey from here 😄 ⚠️⚠️⚠️

As a library consumer, I would like to have a method that returns phone codes for each wilaya.
One of the use cases for this feature is with forms; in order to have a better user experience, we would like to set the phone code initials when the user select their wilaya. For example: if I fill the address block and set my city to Oran (code: 31) I would like if the phone number block is set automatically to 041.

What we want to add: - A getPhoneCodeForWilaya function that takes one parameter (wilayaCode: number) and returns the first phone code (as a wilaya, like Algiers have two phone codes: 21, 23). - A getPhoneCodesForWilaya function that takes one parameter (wilayaCode: number) and returns an array of all phoneCodes of that wilaya.

NB:

  • Please read our contributing guidelines and our code of conduct
  • Comment here so we know that you're on it 🐝 .
  • Clone this repository, read the code and try to understand how we structured it.
  • Start hacking (PS: You can check the PRs we merged and see how our smart contributors added this kind of features)
  • Update documentation in the readme file
  • Ask for help, here or in Slack.

Happy Hacking !

12 Feature request: Add a getWilayaByPhoneCode method

Find it on GitHub

As a user, I would like to have a method which it returns a wilaya code for a given phone code.
Example: - getWilayaByPhoneCode(41) return WilayaObject{ name: 'Oran'.. }

It would be great if the method accepts full phone numbers, truncate the phone code and then return the wilaya, example:
- getWilayaByPhoneCode('0412345678')

N.B:

  • Please read our contributing guidelines and our code of conduct
  • Comment here so we know that you're on it 🐝 .
  • Please keep it simple and clean, KISS 🥰 .
  • Write tests
  • Update documentation in the readme file
  • It's okay to submit a PR with a function that only take a phone code (not a complete phone number).
  • Keep functions small, and pure. We may reuse your code in the future ♻️ .
  • Ask for help, here or in Slack.

Happy Hacking !

13 Integrate domain check feature [Hacktoberfest]

Find it on GitHub

Clicking on a proposed name takes the user to another screen where the user can see availability of that domain

To keep things simple, as of now we can probably open some website like https://namechk.com/ and pre-fill the domain name

14 Improve text in Donation section on landing page

Find it on GitHub

Donation section on landing page currently contains lorem ipsum text. Write something else in place of that.

15 Add prettierrc to project to have consistency of code tab/spaces etc above using tslint

Find it on GitHub

16 [ENHANCEMENT] Removal of TODO comment

Find it on GitHub

Hi, I forgot to remove the TODO comment while sending in PR #21

Maybe a first-timers-only issue?

17 Redesign the CONTRIBUTING.md file

Find it on GitHub

If you are a first-time contributor you can contribute to this project by re-designing the CONTRIBUTING.md file. Use your imagination and make it more beautiful. However, please do not remove important information from the CONTRIBUTING.md file. Feel free to add more information as you see fit.

18 update readme for first timers so they can get started quickly

Find it on GitHub

19 Update readme

Find it on GitHub

update read me so that first timers know how to setup the pre requisites and run the docker command in order to start serving site on localhost;

20 Improve UI of the QuoteCard component

Find it on GitHub

Find the component under components/QuoteCard.tsx

21 Fill in the tags for empty quotes or add extra tags to completed quotes

Find it on GitHub

  • [ ] Take a look at https://github.com/devcer/captions-for-ig/blob/master/captions.csv to see for captions without tags or mood
  • [ ] Use your common sense and think of the tags and mood to fill up those columns in the sheet.

Please take a look at the README.md for the list of moods

22 Redesign the README.md file

Find it on GitHub

If you are a first-time contributor you can contribute to this project by re-designing the README.md file. Use your imagination and make it more beautiful. However, please do not remove important information from the README.md file. Feel free to add more information as you see fit.

23 [Docs] Add traefikmesh to service mesh table

Find it on GitHub

Current State:

Maesh service mesh has officially changed its name to traefikmesh and has a new logo. The name and logo can be sourced from their site: traefikmesh

Desired State:

Swap out the name and logo with the new ones in the Service Mesh table on:


Contributor Resources - Meshery documentation site - Meshery documentation source - Instructions for contributing to documentation

24 Bug: Update Contents Section in the Readme

Find it on GitHub

Describe the bug

The Contents section in the Readme is currently incomplete

To Reproduce

Visible from the main repository page and [here]](https://github.com/dotnetnotts/dotnetnotts-web/blob/main/README.md)

Reproduces how often:

Always

Expected behaviour

There should be a link per section of the Readme in the contents

Screenshots

N/A

25 HACKTOBERFEST 2020

Find it on GitHub

Hacktoberfest 2020

Hacktoberfest 2020 🎉

So, the festive season for OPEN SOURCE is back guys and we are here to help you contribute (and grab the swags :tada: ).

🗣 Hacktoberfest encourages participation in the open source community, which grows bigger every year. Complete the 2020 challenge and earn a limited edition T-shirt.

📢 Register here for Hacktoberfest and make four pull requests (PRs) between October 1st-31st to grab free SWAGS 🔥.



GOAL

To help you contribute to OPEN SOURCE REALM.

WHAT YOU NEED TO DO

  • Go and open README.
  • Follow the steps there :rocket: :tada:.



![Hacktoberfest2020](https://raw.githubusercontent.com/adityaarakeri/super-scripts/master/hacktoberfest2020.png)


26 HACKTOBERFEST 2020

Find it on GitHub

Hacktoberfest 2020

Hacktoberfest 2020 🎉

So, the festive season for OPEN SOURCE is back guys and we are here to help you contribute (and grab the swags 🔥 :tada: ).

🗣 Hacktoberfest encourages participation in the open source community, which grows bigger every year. Hacktoberfest is a good way to start your journey into open source.

As per the ethics of first-bit, you have to abide by just one RULE:

  • This project is for contributors who have never contributed before or are still starting out in Open Source. This project is committed to help first timers get started (not for people finding ways to complete their 4 PRs as formality), and people contributing should respect this commitment while they're here. Thanks.

📢 Register here for Hacktoberfest.



GOAL

To help you contribute to OPEN SOURCE REALM.

WHAT YOU NEED TO DO

  • Go and open README.
  • Follow the steps there :rocket: :tada:.



![Hacktoberfest2020](https://raw.githubusercontent.com/adityaarakeri/super-scripts/master/hacktoberfest2020.png)


27 Feature/frontend/website content

Find it on GitHub

Styled it as close as I could to the XD file specifications; for some reason the fonts in the XD file notes don't look the way the fonts look actually; the social media icons weren't provided


This change is  <!-- Reviewable:end -->

28 Add a query to get particular state data

Find it on GitHub

Add a query to fetch total confirmed, deceased and active COVID-19 cases for a given a state code.

Please check the API here.

29 Add a query to latest data for COVID-19 cases

Find it on GitHub

There is not any query for getting latest data, add a query to get data for current date.

js { latest { active confirmed deaths recovered } }

30 Responsive UI

Find it on GitHub

Current UI is not responsive.

![image](https://user-images.githubusercontent.com/42978414/94316649-64413000-ffa2-11ea-8818-15e37e0e04e0.png)

In the mobile view the tab shifts to the right, so margins on both sides becomes unequal.

31 UI improvisation

Find it on GitHub

I think once the details of a faculty are displayed, The suggestions tab can be hidden. And can be displayed again once the user starts searching. What is your suggestion @vinitshahdeo ?

![image](https://user-images.githubusercontent.com/42978414/94316296-b766b300-ffa1-11ea-98c9-7c0f06017558.png)

32 List content overflows from the container

Find it on GitHub

The list of names displayed is not fitting in the container.

![image](https://user-images.githubusercontent.com/42978414/94315718-b6815180-ffa0-11ea-81e8-ab5013568a7e.png)

33 Some Mistakes in README.md

Find it on GitHub

Read the text and correct some misspelling and grammar mistakes.

Some errors identified:

Current: like a product of you e-commerce Correction: like a product of your e-commerce

Current: There are 3 projects you can contribute to: Correction: There are 2 projects you can contribute to:

34 Add organisations where you can donate money to plant trees

Find it on GitHub

Map organizations in your country where you can donate money to plant trees and save the world 🌳

35 I want to contribute

Find it on GitHub

Hey, I am quite a newbie to programming and this is the first time I am trying to contribute to an open-source project. I have experience with working on operational tasks for 6 months in a cloud telephony company.

36 Better document error handling in hooks

Find it on GitHub

Environment (please complete the following information): - WebdriverIO version: [e.g. 4.13.2] - Mode: testrunner - If WDIO Testrunner, running sync/async: sync & async - Node.js version: 12 - Browser name and version: Chrome 85 - Platform name and version: Windows 10

Describe the bug I was having trouble with some tests when I realized, that my onPrepare hook was throwing an error. The test still ran as usual but since my backend wasn't running, I was getting misleading errors.

To Reproduce Add this hook to your config.

``` onPrepare: async function (config, capabilities) { throw new Error("error") }

// or

onPrepare: function (config, capabilities) { throw new Error("error") } ```

Log

... 2020-09-25T10:57:13.724Z ERROR @wdio/cli:utils: Error in hook: Error: error at Object.onPrepare (C:\Development\anvajo datalab\test\config\wdio.conf.ts:251:13) at C:\Development\anvajo datalab\node_modules\@wdio\cli\build\utils.js:95:14 at Array.map (<anonymous>) at runLauncherHook (C:\Development\anvajo datalab\node_modules\@wdio\cli\build\utils.js:93:27) at Launcher.run (C:\Development\anvajo datalab\node_modules\@wdio\cli\build\launcher.js:78:41) at processTicksAndRejections (internal/process/task_queues.js:97:5) Starting ChromeDriver 85.0.4183.87 (cd6713ebf92fa1cacc0f1a598df280093af0c5d7-refs/branch-heads/4183@{#1689}) on port 9515 ...

Expected behavior An error in onPrepare hook should abort the test.

37 Fix restaurant card mobile view

Find it on GitHub

In mobile view, the text inside the restaurant card overlaps.

38 Hacktoberfest 2020: Add some Awesome automation scripts

Find it on GitHub

Hackotoberfest 2020 🎉 🎉 🎉

https://hacktoberfest.digitalocean.com/

![Hacktoberfest2020](https://raw.githubusercontent.com/adityaarakeri/super-scripts/master/hacktoberfest2020.png)

GOAL

The goal of this issue is to submit as many 😎 Awesome 🎉automation scripts you can which has made your life easier

RULES

  • The scripts should be placed inside its own folder
  • Each script can have a readme
  • Script related files can be stored inside its folder
  • Please name your scripts appropriately
  • Scripts can be in any language
  • Any level of scripts are welcome
  • Please do not add binary files, PR will be rejected

39 Hacktoberfest2020: add interview questions that you have solved

Find it on GitHub

Hacktoberfest 2020 🎉🎉🎉

Its that time of the year, make PR's in here for your HacktoberFest Contributions

https://hacktoberfest.digitalocean.com/ ![Hacktoberfest2020](https://raw.githubusercontent.com/adityaarakeri/super-scripts/master/hacktoberfest2020.png)

Goal

The entire goal of this issue is to get contributions from the open source community to curate a list of interview questions which are solved in Python(3.7 preferred)

Note

  • The interview questions can be of any level
  • Please do not submit duplicate questions(go through the code base and see if the problem you are submitting exists)
  • All questions should have solutions written in python 3.8
  • Add tests to test your algorithm inside the root test folder
  • View the existing tests for implementation
  • PR will be rejected if it does not follow the above rules

40 update site logo. clicking on it should take user back to home page;

Find it on GitHub

take updated logo from neha;

41 Add /choice endpoint description to README.md

Find it on GitHub

Following this issue comment https://github.com/bancodobrasil/stop-analyzing-api/issues/16#issuecomment-667519483, document the endpoint to get the next choice in the README.md

42 CVE-2020-15168 (Medium) detected in node-fetch-1.7.3.tgz

Find it on GitHub

CVE-2020-15168 - Medium Severity Vulnerability

Vulnerable Library - node-fetch-1.7.3.tgz

A light-weight module that brings window.fetch to node.js and io.js

Library home page: https://registry.npmjs.org/node-fetch/-/node-fetch-1.7.3.tgz

Path to dependency file: mycovidconnect/package.json

Path to vulnerable library: mycovidconnect/node_modules/node-fetch/package.json

Dependency Hierarchy: - react-google-maps-9.4.5.tgz (Root Library) - recompose-0.26.0.tgz - fbjs-0.8.17.tgz - isomorphic-fetch-2.2.1.tgz - :x: **node-fetch-1.7.3.tgz** (Vulnerable Library)

Found in HEAD commit: 3dacf50349ac32a7152cbf1b2f833e52e653fc42

Found in base branch: master

Vulnerability Details

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after fetch() has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing.

Publish Date: 2020-09-10

URL: CVE-2020-15168

CVSS 3 Score Details (5.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r

Release Date: 2020-07-21

Fix Resolution: 2.6.1,3.0.0-beta.9


Step up your Open Source Security Game with WhiteSource here

43 [DepShield] (CVSS 7.4) Vulnerability due to usage of lodash:4.17.19

Find it on GitHub

Vulnerabilities

DepShield reports that this application's usage of lodash:4.17.19 results in the following vulnerability(s):


Occurrences

lodash:4.17.19 is a transitive dependency introduced by the following direct dependency(s):

@testing-library/jest-dom:4.2.4         └─ lodash:4.17.19

node-sass:4.14.1         └─ gaze:1.1.3               └─ globule:1.3.2                     └─ lodash:4.17.19         └─ lodash:4.17.19         └─ sass-graph:2.2.5               └─ lodash:4.17.19

react-google-maps:9.4.5         └─ lodash:4.17.19

react-scripts:3.4.3         └─ @babel/core:7.9.0               └─ @babel/helper-module-transforms:7.11.0                     └─ lodash:4.17.19               └─ @babel/traverse:7.11.0                     └─ lodash:4.17.19               └─ @babel/types:7.11.0                     └─ lodash:4.17.19               └─ lodash:4.17.19         └─ @svgr/webpack:4.3.3               └─ @babel/preset-env:7.11.0                     └─ @babel/plugin-transform-classes:7.10.4                           └─ @babel/helper-define-map:7.10.5                                 └─ lodash:4.17.19                     └─ @babel/plugin-transform-sticky-regex:7.10.4                           └─ @babel/helper-regex:7.10.5                                 └─ lodash:4.17.19         └─ @typescript-eslint/parser:2.34.0               └─ @typescript-eslint/typescript-estree:2.34.0                     └─ lodash:4.17.19         └─ eslint:6.8.0               └─ inquirer:7.3.3                     └─ lodash:4.17.19               └─ lodash:4.17.19               └─ table:5.4.6                     └─ lodash:4.17.19         └─ eslint-plugin-flowtype:4.6.0               └─ lodash:4.17.19         └─ html-webpack-plugin:4.0.0-beta.11               └─ lodash:4.17.19         └─ jest-environment-jsdom-fourteen:1.0.1               └─ jsdom:14.1.0                     └─ request-promise-native:1.0.9                           └─ request-promise-core:1.1.4                                 └─ lodash:4.17.19         └─ optimize-css-assets-webpack-plugin:5.0.3               └─ last-call-webpack-plugin:3.0.0                     └─ lodash:4.17.19         └─ react-dev-utils:10.2.1               └─ inquirer:7.0.4                     └─ lodash:4.17.19         └─ webpack-dev-server:3.11.0               └─ http-proxy-middleware:0.19.1                     └─ lodash:4.17.19               └─ portfinder:1.0.28                     └─ async:2.6.3                           └─ lodash:4.17.19         └─ webpack-manifest-plugin:2.2.0               └─ lodash:4.17.19

This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.

44 [DepShield] (CVSS 7.4) Vulnerability due to usage of lodash.uniq:4.5.0

Find it on GitHub

Vulnerabilities

DepShield reports that this application's usage of lodash.uniq:4.5.0 results in the following vulnerability(s):


Occurrences

lodash.uniq:4.5.0 is a transitive dependency introduced by the following direct dependency(s):

react-scripts:3.4.3         └─ optimize-css-assets-webpack-plugin:5.0.3               └─ cssnano:4.1.10                     └─ cssnano-preset-default:4.0.7                           └─ postcss-merge-rules:4.0.3                                 └─ caniuse-api:3.0.0                                       └─ lodash.uniq:4.5.0

This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.

45 Add focus size factor for rectangular shape

Find it on GitHub

Add focusRectSizeFactor parameter for rectangle focus shape (like focusCircleRadiusFactor for circular). Default value should be 1.

46 Complement crawled data

Find it on GitHub

The result of the crawler made by @douglasferlini in #5 is a JSON array with the overall information of the dresses os La Fiancee. Now, we need now to get the details of the dresses and generate a more detailed JSON array.

To do so, you will read the attached JSON and will make a request for the product API providing the urlPartin the following format:

Javascript const productID = <urlPart_from_json_array> await fetch("https://www.lafiancee.com.br/_api/wix-ecommerce-storefront-web/api", { "credentials": "include", "headers": { "Accept": "*/*", "Authorization": "brUTfgwc9eaqQ4m_KjbIkjnR-MRt9rGfCLGikGEPiRU.eyJpbnN0YW5jZUlkIjoiMWI0OTQ1ODItZDg5Zi00MmY2LTg0YzAtNTAxOGE3NzI1Y2MyIiwiYXBwRGVmSWQiOiIxMzgwYjcwMy1jZTgxLWZmMDUtZjExNS0zOTU3MWQ5NGRmY2QiLCJtZXRhU2l0ZUlkIjoiN2RlM2ExNjgtNDEyNC00NDljLTg4ZDYtZmViNjkzYWY3NzRjIiwic2lnbkRhdGUiOiIyMDIwLTA5LTIzVDEyOjI3OjE4LjUyOVoiLCJ2ZW5kb3JQcm9kdWN0SWQiOiJQcmVtaXVtMSIsImRlbW9Nb2RlIjpmYWxzZSwiYWlkIjoiOWE0ZjJjNDAtMTIzNC00ZGM3LTg3OWEtMjIzZDMxMzI0N2E1IiwiYmlUb2tlbiI6IjY2YWFlNGVhLTk5YmItMDY2YS0wYzE2LWFlYWUzNGRkMmI4ZSIsInNpdGVPd25lcklkIjoiZmI0Y2Y2ODQtODZkZS00N2E0LWE2NjUtZjE4ZDcxYzA3YzUxIn0", "Content-Type": "application/json; charset=utf-8", }, "body": `{"query":"query getProductBySlug($externalId: String!, $slug: String!, $withPricePerUnit: Boolean!, $withCountryCodes: Boolean!) { appSettings(externalId: $externalId) { widgetSettings } catalog { product(slug: $slug, onlyVisible: true) { id description isVisible sku ribbon price comparePrice discountedPrice formattedPrice formattedComparePrice formattedDiscountedPrice pricePerUnit @include(if: $withPricePerUnit) formattedPricePerUnit @include(if: $withPricePerUnit) pricePerUnitData @include(if: $withPricePerUnit) { baseQuantity baseMeasurementUnit } seoTitle seoDescription createVersion digitalProductFileItems { fileId fileType fileName } productItems { price comparePrice formattedPrice formattedComparePrice pricePerUnit @include(if: $withPricePerUnit) formattedPricePerUnit @include(if: $withPricePerUnit) optionsSelections isVisible inventory { status quantity } sku weight surcharge subscriptionPlans { list { id price formattedPrice pricePerUnit @include(if: $withPricePerUnit) formattedPricePerUnit @include(if: $withPricePerUnit) } } } name isTrackingInventory inventory { status quantity } isVisible isManageProductItems isInStock media { id url fullUrl altText thumbnailFullUrl: fullUrl(width: 50, height: 50) mediaType videoType videoFiles { url width height format quality } width height index title } customTextFields { title isMandatory inputLimit } nextOptionsSelectionId options { title optionType selections { id value description linkedMediaItems { altText url fullUrl thumbnailFullUrl: fullUrl(width: 50, height: 50) mediaType width height index title videoFiles { url width height format quality } } } } productType urlPart additionalInfo { id title description index } subscriptionPlans { list(onlyVisible: true) { id name tagline frequency duration price formattedPrice pricePerUnit @include(if: $withPricePerUnit) formattedPricePerUnit @include(if: $withPricePerUnit) } oneTimePurchase { index } } discount { mode value } currency weight seoJson } } localeData(language: "en") @include(if: $withCountryCodes) { countries { key shortKey } } }","variables":{"slug":productID,"externalId":"","withPricePerUnit":true,"withCountryCodes":false},"source":"WixStoresWebClient","operationName":"getProductBySlug"}`, "method": "POST", });

This request will return a JSON that has the product options with title and selections which will be the features.

With this enhanced JSON Array we can build the database to serve this data.

47 Create Login Controller

Find it on GitHub

The auth route and user model is being created. For now we will be focusing on local-strategy authentication using username & passward. We are using passportjs with jsonwebtokens.

Login Controller

Once passport-local statergy validates the user this controller should just generate the jwt token and send send it as response. Also just use the user._id to create the jwt.

signup controller

validate the username is unique, then generate the jwt token and send it as response.

48 Add pull request and issue templates

Find it on GitHub

Adding issue templates and pull request template will enhance the workflow of the repository.

Use the new form of ISSUETEMPLATE i.e. making a folder ISSUETEMPLATE in .github and adding different types of .md files for different issues like bug.md, documentation.md and feature.md. A contributor can choose the type of templates whenever they make an issue.

Reference: https://docs.github.com/en/github/building-a-strong-community/about-issue-and-pull-request-templates

49 Add GitHub actions

Find it on GitHub

Addition of GitHub actions will help to enhance the code quality and workflow or repository. try to add ESLint and prettier Actions.

50 Highlight the text of stats

Find it on GitHub

Right Now, the todoist readme stats are just in normal text format, it can be highlighed by using ``

Try to make in this format:

51 Migrate from DATABASE_URL environment variable to flag

Find it on GitHub

Currently the database connection information is get from an environment variable DATABASEURL. To be more a "go thing", we could change it to be a flag --databaseURL instead of the environment var. In some scenarios, the env would be used as the value of the flag, like `--databaseURL=DATABASEURL`, but that would not be mandatory

52 [Installer] Add `yq` (for editing YAML configs)

Find it on GitHub

Add yq

https://github.com/mikefarah/yq

We want to add yq because it can make configuring config.yml files (such as alacrittys config file) much easier than writing custom code.

It's written in go, so it works consistently across Windows, Mac, and Linux.

This could be as simple as copying _example, updating the github releases info, and doing a find and replace on a few file system path names.

How to create a webi installer

![Video Tutorial: How to create a webi Installer](https://user-images.githubusercontent.com/122831/91064908-17f28100-e5ed-11ea-9cf0-ab3363cdf4f8.jpeg)

Skills required

  • Basic Command Line knowledge (mkdir, mv, ls, tar, unzip, variables)

Steps

  1. Clone and setup the webi packages repo bash git clone git@github.com:webinstall/packages.git pushd packages/ npm install
  2. Copy the example template and update with info from Official Releases: https://github.com/mikefarah/yq/releases bash rsync -av ./_example/ ./yq/
    • [ ] update yq/release.js to use the official repo
    • [ ] Learn how yq unpacks (i.e. as a single file? as a .tar.gz? as a .tar.gz with a folder named yq?)
    • [ ] find and replace to change the name
      • [ ] update yq/install.sh (see bat and jq as examples)
      • [ ] update yq/install.ps1 (see bat and jq as examples)
  3. Needs an updated tagline and cheat sheet
    • [ ] update yq/README.md
      • [ ] official URL
      • [ ] tagline
      • [ ] Switch versions
      • [ ] description / summary
      • [ ] General pointers on usage (and perhaps "gotchas")

It's also okay to have multiple people work on part of this (i.e. the Cheat Sheet can be done independently from the install.sh)

53 Automate Copyright year updation according to current year

Find it on GitHub

Find all the places where Copyright message is written and automate Copyright year updation by replacing year written manually with {% now 'Y'%} template tag.

Also, do share screenshot in the PR showing that it is working properly.

54 Wrong blue in a part of the nf-core ascii art

Find it on GitHub

Installed the dev tools yesterday, and i just noticed this morning that one part of the R does not have the same colour:

![nf-core_ascii](https://user-images.githubusercontent.com/1019628/93857555-0ae3b300-fcbb-11ea-8520-47bd7b2e4c13.png)

Here is the ascii art from Sarek, so probably not coming from a strange setting in my terminal:

![sarek_ascii](https://user-images.githubusercontent.com/1019628/93857910-a07f4280-fcbb-11ea-8069-2ac9b4a75b41.png)

55 [Docs] Add Meshery Release v0.4.2 to Release page

Find it on GitHub

Desired State: The Releases page needs the v0.4.2 release and release notes added.

The v0.4.2 release notes are here - https://github.com/layer5io/meshery/releases/tag/v0.4.2


Contributor Resources - Meshery documentation site - Meshery documentation source - Instructions for contributing to documentation

56 I want to contribute!

Find it on GitHub

I am Vaibhav Kashera, studying at the International Institute of Information Technology, Hyderabad(IIIT-H). My past experiences include creating an android application in a team in Flutter and Firebase, which can be viewed here. I am comfortable working in C, C++, JS, Python3, Django, and Dart. I also have a fair amount of exposure to web development(bootstrap, js, Django). I would like to contribute to this repository to kick off my work in open source.

57 [Hacktoberfest] UI Improvements

Find it on GitHub

Kindly come up with an eye-catching layout for the homepage (i.e. index.html)

  • Feel free to play with fonts/colors in CSS files.
  • Do not make any changes to js/app.js.
  • Make sure that business logic shouldn't break i.e. fetching news.
  • Update CSS to have a better News card.

![Screenshot 2020-09-19 at 5 58 55 PM](https://user-images.githubusercontent.com/20594326/93667439-73f0de00-faa3-11ea-918e-15b38640b203.png)

PS - I don't have any wireframe in my mind if you come up with one, please comment on this thread.

58 Add Date published in News Card

Find it on GitHub

The News Card does not display the date published for the News article. Add date in News Card.

![Screenshot 2020-09-19 at 5 58 55 PM](https://user-images.githubusercontent.com/20594326/93667279-57a07180-faa2-11ea-947f-7ba44fb225b7.png)

59 Sort news on the basis of popularity and Date published

Find it on GitHub

In current web app, users can filter the news on the basis of source but there is no way to filter the recent or popular news.

The idea is to sort the news in the following orders:

  • Date published
  • Relevancy to search keyword
  • Popularity of source

![Screenshot 2020-09-19 at 5 58 55 PM](https://user-images.githubusercontent.com/20594326/93667233-d2b55800-faa1-11ea-9069-b6a90d827107.png)

Find the API Documentation here.

60 Remove repositories that are not participating in Hacktoberfest 2020 from the list.

Find it on GitHub

This is a really good task for beginners, you can help this awesome list by checking the repositories list.

If you find a repository that:

  • Is not available anymore
  • Is not being maintained anymore (11+ months of inactivity)
  • Is not accepting pull requests anymore for hacktoberfest 2020
  • Repositories that are "only to add your name" or something that's clearly an attempt to simply +1 your pull request count for October.

You can make a pull request removing one or more of these repositories.

61 Find projects that are beginners friendly and add to this awesome list for Hacktoberfest 2020

Find it on GitHub

Welcome to Hacktoberfest 2020! 🎉

62 CVE-2018-1324 (Medium) detected in commons-compress-1.12.jar

Find it on GitHub

CVE-2018-1324 - Medium Severity Vulnerability

Vulnerable Library - commons-compress-1.12.jar

Apache Commons Compress software defines an API for working with compression and archive formats. These include: bzip2, gzip, pack200, lzma, xz, Snappy, traditional Unix Compress, DEFLATE and ar, cpio, jar, tar, zip, dump, 7z, arj.

Path to dependency file: android-mycovidconnect/app/build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.commons/commons-compress/1.12/84caa68576e345eb5e7ae61a0e5a9229eb100d7b/commons-compress-1.12.jar

Dependency Hierarchy: - lint-gradle-27.0.1 (Root Library) - sdk-common-27.0.1.jar - sdklib-27.0.1.jar - :x: **commons-compress-1.12.jar** (Vulnerable Library)

Found in HEAD commit: 5c4b3e8c21b6fd83ac6f2c88296dc4d04242f7d1

Found in base branch: master

Vulnerability Details

A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.

Publish Date: 2018-03-16

URL: CVE-2018-1324

CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1324

Release Date: 2018-03-16

Fix Resolution: 1.16


Step up your Open Source Security Game with WhiteSource here

63 CVE-2018-1000180 (High) detected in bcprov-jdk15on-1.56.jar

Find it on GitHub

CVE-2018-1000180 - High Severity Vulnerability

Vulnerable Library - bcprov-jdk15on-1.56.jar

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.

Library home page: http://www.bouncycastle.org/java.html

Path to dependency file: android-mycovidconnect/app/build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.bouncycastle/bcprov-jdk15on/1.56/a153c6f9744a3e9dd6feab5e210e1c9861362ec7/bcprov-jdk15on-1.56.jar

Dependency Hierarchy: - lint-gradle-27.0.1 (Root Library) - builder-4.0.1.jar - apkzlib-4.0.1.jar - :x: **bcprov-jdk15on-1.56.jar** (Vulnerable Library)

Found in HEAD commit: 5c4b3e8c21b6fd83ac6f2c88296dc4d04242f7d1

Found in base branch: master

Vulnerability Details

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.

Publish Date: 2018-06-05

URL: CVE-2018-1000180

CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000180

Release Date: 2018-06-05

Fix Resolution: org.bouncycastle:bcprov-jdk15on:1.60,org.bouncycastle:bcprov-jdk14:1.60,org.bouncycastle:bcprov-ext-jdk14:1.60,org.bouncycastle:bcprov-ext-jdk15on:1.60


Step up your Open Source Security Game with WhiteSource here

64 CVE-2018-1000613 (High) detected in bcprov-jdk15on-1.56.jar

Find it on GitHub

CVE-2018-1000613 - High Severity Vulnerability

Vulnerable Library - bcprov-jdk15on-1.56.jar

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.

Library home page: http://www.bouncycastle.org/java.html

Path to dependency file: android-mycovidconnect/app/build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.bouncycastle/bcprov-jdk15on/1.56/a153c6f9744a3e9dd6feab5e210e1c9861362ec7/bcprov-jdk15on-1.56.jar

Dependency Hierarchy: - lint-gradle-27.0.1 (Root Library) - builder-4.0.1.jar - apkzlib-4.0.1.jar - :x: **bcprov-jdk15on-1.56.jar** (Vulnerable Library)

Found in HEAD commit: 5c4b3e8c21b6fd83ac6f2c88296dc4d04242f7d1

Found in base branch: master

Vulnerability Details

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.

Publish Date: 2018-07-09

URL: CVE-2018-1000613

CVSS 3 Score Details (9.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000613

Release Date: 2018-07-09

Fix Resolution: org.bouncycastle:bcprov-ext-debug-jdk15on:1.60,org.bouncycastle:bcprov-debug-jdk15on:1.60,org.bouncycastle:bcprov-debug-jdk14:1.60,org.bouncycastle:bcprov-ext-jdk14:1.60,org.bouncycastle:bcprov-ext-jdk15on:1.60,org.bouncycastle:bcprov-jdk14:1.60,org.bouncycastle:bcprov-jdk15on:1.60


Step up your Open Source Security Game with WhiteSource here

65 CVE-2018-11771 (Medium) detected in commons-compress-1.12.jar

Find it on GitHub

CVE-2018-11771 - Medium Severity Vulnerability

Vulnerable Library - commons-compress-1.12.jar

Apache Commons Compress software defines an API for working with compression and archive formats. These include: bzip2, gzip, pack200, lzma, xz, Snappy, traditional Unix Compress, DEFLATE and ar, cpio, jar, tar, zip, dump, 7z, arj.

Path to dependency file: android-mycovidconnect/app/build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.commons/commons-compress/1.12/84caa68576e345eb5e7ae61a0e5a9229eb100d7b/commons-compress-1.12.jar

Dependency Hierarchy: - lint-gradle-27.0.1 (Root Library) - sdk-common-27.0.1.jar - sdklib-27.0.1.jar - :x: **commons-compress-1.12.jar** (Vulnerable Library)

Found in HEAD commit: 5c4b3e8c21b6fd83ac6f2c88296dc4d04242f7d1

Found in base branch: master

Vulnerability Details

When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.

Publish Date: 2018-08-16

URL: CVE-2018-11771

CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11771

Release Date: 2018-08-16

Fix Resolution: 1.18


Step up your Open Source Security Game with WhiteSource here

66 WS-2019-0379 (Medium) detected in commons-codec-1.10.jar

Find it on GitHub

WS-2019-0379 - Medium Severity Vulnerability

Vulnerable Library - commons-codec-1.10.jar

The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

Path to dependency file: android-mycovidconnect/app/build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/commons-codec/commons-codec/1.10/4b95f4897fa13f2cd904aee711aeafc0c5295cd8/commons-codec-1.10.jar

Dependency Hierarchy: - room-compiler-2.2.5.jar (Root Library) - :x: **commons-codec-1.10.jar** (Vulnerable Library)

Found in HEAD commit: 5c4b3e8c21b6fd83ac6f2c88296dc4d04242f7d1

Found in base branch: master

Vulnerability Details

Apache commons-codec before version “commons-codec-1.13-RC1” is vulnerable to information disclosure due to Improper Input validation.

Publish Date: 2019-05-20

URL: WS-2019-0379

CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/apache/commons-codec/commit/48b615756d1d770091ea3322eefc08011ee8b113

Release Date: 2019-05-12

Fix Resolution: 1.13-RC1


Step up your Open Source Security Game with WhiteSource here

67 CVE-2019-17359 (High) detected in bcprov-jdk15on-1.56.jar

Find it on GitHub

CVE-2019-17359 - High Severity Vulnerability

Vulnerable Library - bcprov-jdk15on-1.56.jar

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.

Library home page: http://www.bouncycastle.org/java.html

Path to dependency file: android-mycovidconnect/app/build.gradle.kts

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.bouncycastle/bcprov-jdk15on/1.56/a153c6f9744a3e9dd6feab5e210e1c9861362ec7/bcprov-jdk15on-1.56.jar

Dependency Hierarchy: - lint-gradle-27.0.1 (Root Library) - builder-4.0.1.jar - apkzlib-4.0.1.jar - :x: **bcprov-jdk15on-1.56.jar** (Vulnerable Library)

Found in HEAD commit: 5c4b3e8c21b6fd83ac6f2c88296dc4d04242f7d1

Found in base branch: master

Vulnerability Details

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.

Publish Date: 2019-10-08

URL: CVE-2019-17359

CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17359

Release Date: 2019-10-08

Fix Resolution: org.bouncycastle:bcprov-jdk15on:1.64


Step up your Open Source Security Game with WhiteSource here

68 CVE-2018-10237 (Medium) detected in guava-23.5-jre.jar

Find it on GitHub

CVE-2018-10237 - Medium Severity Vulnerability

Vulnerable Library - guava-23.5-jre.jar

Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more.

Library home page: https://github.com/google/guava

Path to dependency file: android-mycovidconnect/data/build.gradle.kts

Path to vulnerable library: /tmp/ws-ua_20200917114631_PFMIKB/downloadResource_JKICCP/20200917115258/guava-23.5-jre.jar

Dependency Hierarchy: - room-compiler-2.2.5.jar (Root Library) - auto-common-0.10.jar - :x: **guava-23.5-jre.jar** (Vulnerable Library)

Found in HEAD commit: 5c4b3e8c21b6fd83ac6f2c88296dc4d04242f7d1

Found in base branch: master

Vulnerability Details

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

Publish Date: 2018-04-26

URL: CVE-2018-10237

CVSS 3 Score Details (5.9)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-10237

Release Date: 2018-04-26

Fix Resolution: 24.1.1-jre, 24.1.1-android


Step up your Open Source Security Game with WhiteSource here

69 Get ready for Hacktoberfest 2020 | Submit 4 PRs to earn a T-shirt

Find it on GitHub

![hacktoberfest 2020](https://raw.githubusercontent.com/vinitshahdeo/Water-Monitoring-System/master/assets/Logo.svg)

Hello :wave:

It’s that time of year again when we come together to support and celebrate the open source technologies we use and love. To help you celebrate Hacktoberfest 2020, I have opened a few issues for #CodeNewbie folks, also few are good ones to be taken by JS developers. Please check this.

Check all the issues with hacktoberfest label for this repo here.

Check out the repo below for beginner-friendly (first-timers-only) issues which are up for grabs.

![Hacktoberfest2020](https://github-readme-stats.vercel.app/api/pin/?username=vinitshahdeo&repo=Hacktoberfest2020)

I'll be adding a few more beginner-friendly issues, Star(watch) this repo.

🤗

Vinit

![Open Source Love](https://badges.frapsoft.com/os/v2/open-source.svg?v=103)

70 [Project] Service Mesh Interface: text alignment

Find it on GitHub

Description The text on the Service Mesh Interface project is center-aligned (see screenshot).

Expected Behavior This text should be left-aligned.

Screenshots


Contributor Resources The layer5 repo contains two websites. The current generation and the next-generation of the layer5.io site.

If the layer5-ng label is absent on this issue, then this issue pertains to the current generation of the layer5.io website, which uses Jekyll and GitHub Pages. Site content is found under the master branch. - See layer5 contributing instructions

If the layer5-ng label is present on this issue, then this issue pertains to the next-generation of the layer5.io website, which uses Gatsby, Strapi, and GitHub Pages. Site content is found under the layer5-ng branch. - See layer5-ng contributing instructions

71 Welcome to Hacktoberfest 2020

Find it on GitHub

![hacktoberfest 2020](https://raw.githubusercontent.com/vinitshahdeo/Water-Monitoring-System/master/assets/Logo.svg)

Hello :wave:

It’s that time of year again when we come together to support and celebrate the open source technologies we use and love. To help you celebrate Hacktoberfest 2020, I have opened a few issues for #CodeNewbie folks, also few are good ones to be taken by JS developers. Please check this.

Check out the repo below for beginner-friendly | first-timers-only issues which are up for grabs.

![Hacktoberfest2020](https://github-readme-stats.vercel.app/api/pin/?username=vinitshahdeo&repo=Hacktoberfest2020)

I'll be adding a few more beginner-friendly issues, follow me(@vinitshahdeo) for more updates. Star(watch) this repo.

🤗

Vinit

![Open Source Love](https://badges.frapsoft.com/os/v2/open-source.svg?v=103)

72 [chore] Add updated meeting links to the readme

Find it on GitHub

Description <!-- A brief description of what the current circumstance is. -->

Replace the respective zoom links for all the Layer5 meeting with the redirected links in the Readme, for example: Layer5 community meeting: https://meet.layer5.io/community The redirected links have been updated in the Layer5 community calendar and can be sourced from there.


Contributor Resources The layer5 repo contains two websites. The current generation and the next-generation of the layer5.io site.

If the layer5-ng label is absent on this issue, then this issue pertains to the current generation of the layer5.io website, which uses Jekyll and GitHub Pages. Site content is found under the master branch. - See layer5 contributing instructions

If the layer5-ng label is present on this issue, then this issue pertains to the next-generation of the layer5.io website, which uses Gatsby, Strapi, and GitHub Pages. Site content is found under the layer5-ng branch. - See layer5-ng contributing instructions

73 I want to contribute

Find it on GitHub

Hi, I recently learned full stack development using MERN stack. Here is a link to the website I recently made for my college tech fest.

I want to start contributing to open source and I am also preparing for GSOC next year. Please help me out.

Thanks in advance

74 I want to contribute

Find it on GitHub

Hi! I am pursuing my Bachelor's degree in Software Engineering and am looking for a project to contribute to so that I can learn new things and improve my skills.

My education mainly focused on Java, C++. The other focus of my education is web applications, so I'm pretty comfortable with CSS, HTML, and currently learning Javascript.

75 Fixing Title in Github Pages (gh-pages)

Find it on GitHub

Fixing the Title in Github Pages. In smaller screen sizes, the title doesn't show up properly.

Requirement Fix the title so that the entire name is shown. After forking this repository, head over to the branch gh-pages, commit your changes and send a PR!.

76 Update readme.md

Find it on GitHub

🆕🐥☝ First Timers Only.

This issue is reserved for people who never contributed to Open Source before. We know that the process of creating a pull request is the biggest barrier for new contributors. This issue is for you 💝

About First Timers Only.

🤔 What you will need to know.

Nothing. This issue is meant to welcome you to Open Source :) We are happy to walk you through the process.

📋 Step by Step

  • [ ] 🙋 Claim this issue: Comment below.

Once claimed we add you as contributor to this repository.

  • [ ] 👌 Accept our invitation to this repository. Once accepted, assign yourself to this issue

  • [ ] 📝 Update the file \readme.md in the Hacktober-2020 repository (press the little pen Icon) and edit the line as shown below.

```diff @@ -1,6 +1,6 @@ ![Open Source Love](https://badges.frapsoft.com/os/v1/open-source.svg?v=103) ![License: MIT](https://img.shields.io/badge/License-MIT-green.svg) -![Pull Request Merged](https://img.shields.io/github/issues-pr-closed/godslayer201/Hacktober-2020) +

# First Contribution

```

  • [ ] 💾 Commit your changes

  • [ ] 🔀 Start a Pull Request. There are two ways how you can start a pull request:

  1. If you are familiar with the terminal or would like to learn it, here is a great tutorial on how to send a pull request using the terminal.

  2. You can edit files directly in your browser

  • [ ] 🏁 Done Ask in comments for a review :)

🤔❓ Questions

Leave a comment below!

This issue was created by First-Timers-Bot.

77 Add yourself!

Find it on GitHub

Learn to contribute to open source !

78 Add instagram worthy captions

Find it on GitHub

Please check how to contribute section in the readme file to contribute to this repo!

79 Add readme for dynamic programming

Find it on GitHub

Refer the comments for https://github.com/SiddharthaAnand/datastructures/issues/40

80 I want to contribute

Find it on GitHub

Hi! I recently finished my Bachelor's degree in Software Engineering and am looking for a project to contribute to so that I can learn new things and improve my skills.

My education mainly focused on OOP concepts and languages such as Python, Java, C++, but I've also taken a scripting class so I'm familiar with BASH and PERL. The other focus of my education was web applications, so I'm pretty comfortable with JavaScript, CSS, and HTML.

81 show map results radially outwards

Find it on GitHub

the hospitals near me will be on the top in the results page, so distances will be radially outwards, in ascending order.

82 [Installer] Add shfmt

Find it on GitHub

Add shfmt

We want to add shfmt because...

  • Prettier doesn't handle bash scripts
  • shfmt does
    • also uses some existing style guidelines well (i.e. Google's bash guidelines)

This could be as simple as copying _example, updating the github releases info, and doing a find and replace on a few file system path names.

Special note

shfmt is a "bare naked" release, so it follows the special mv rule mentioned in the .sh and .ps1 comments and in the video.

How to create a webi installer

![Video Tutorial: How to create a webi Installer](https://user-images.githubusercontent.com/122831/91064908-17f28100-e5ed-11ea-9cf0-ab3363cdf4f8.jpeg)

Skills required

  • Basic Command Line knowledge (mkdir, mv, ls, tar, unzip, variables)

Steps

  1. Clone and setup the webi packages repo bash git clone git@github.com:webinstall/packages.git pushd packages/ npm install
  2. Copy the example template and update with info from Official Releases: https://github.com/mvdan/sh/releases bash rsync -av _example/ shfmt/
    • [ ] update shfmt/release.js to use the official repo
    • [ ] shfmt is a bare-naked release, so it follows the special mv rule mentioned in the tutorial video
      • see jq, gitea, and comrak as examples of this
    • [ ] find and replace to change the name
      • [ ] update shfmt/install.sh (see jq as examples)
      • [ ] update shfmt/install.ps1 (see jq as examples)
  3. Needs an updated tagline and cheat sheet
    • [ ] update shfmt/README.md
      • [ ] official URL
      • [ ] tagline
      • [ ] Switch versions
      • [ ] description / summary
      • [ ] General pointers on usage (and perhaps "gotchas")

It's also okay to have multiple people work on part of this (i.e. the Cheat Sheet can be done independently from the install.sh)

Note to self (related)

Should be able to use this with vim-autofmt: - https://vimawesome.com/plugin/vim-autoformat

83 Browser with countermeasures: <Brave Private Window with Tor>

Find it on GitHub

Browser Name and website I am not entirely sure if this issue has been raised now.

So I tried following the steps on my brave browser, but then when I was asked to open on a private browser window, I used a private window with Tor. I never got past this first page, It kept trying to verify if I am human.

![Screenshot 2020-09-10 at 01 06 54](https://user-images.githubusercontent.com/26186206/92666982-a1e75d00-f302-11ea-9398-9d03c1f8ff6e.png)

Version - Brave Version 1.13.82 Chromium: 85.0.4183.83 (Official Build) (64-bit) Operating System used - macOS Operating Systems supported

Notes

84 Update README

Find it on GitHub

  • [x] Add some relevant images.

  • [x] Add/Explain some steps on Contributing.

  • [x] Make it more redable.

85 I want to contribute!

Find it on GitHub

Hi! I'm new to open source contributions, would love to contribute to this project 😄 . I have experience in React, typescript, html and css.

Accidentally created an issue on the wrong account but closed it

86 CVE-2019-18797 (Medium) detected in opennms-opennms-source-24.1.2-1

Find it on GitHub

CVE-2019-18797 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-24.1.2-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Vulnerable Source Files (1)

mycovidconnect/nodemodules/node-sass/src/libsass/src/eval.cpp

<img src='https://whitesource-resources.whitesourcesoftware.com/mediumvul.png' width=19 height=20> Vulnerability Details

LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.

Publish Date: 2019-11-06

URL: CVE-2019-18797

CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18797

Release Date: 2019-11-06

Fix Resolution: LibSass - 3.6.3


Step up your Open Source Security Game with WhiteSource here

87 CVE-2018-11697 (High) detected in proyector-movil-proyector-movil-windows, CSS::Sass-v3.4.11

Find it on GitHub

CVE-2018-11697 - High Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11697

CVSS 3 Score Details (8.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11697

Release Date: 2019-09-01

Fix Resolution: LibSass - 3.6.0


Step up your Open Source Security Game with WhiteSource here

88 CVE-2018-20821 (Medium) detected in multiple libraries

Find it on GitHub

CVE-2018-20821 - Medium Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/mycovidconnect/package.json

Path to vulnerable library: /mycovidconnect/node_modules/node-sass/package.json

Dependency Hierarchy: - :x: **node-sass-4.14.1.tgz** (Vulnerable Library)

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Vulnerability Details

The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parsecssvariable_value in parser.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20821

CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20821

Release Date: 2019-04-23

Fix Resolution: LibSass - 3.6.0


Step up your Open Source Security Game with WhiteSource here

89 CVE-2018-20190 (Medium) detected in multiple libraries

Find it on GitHub

CVE-2018-20190 - Medium Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/mycovidconnect/package.json

Path to vulnerable library: /mycovidconnect/node_modules/node-sass/package.json

Dependency Hierarchy: - :x: **node-sass-4.14.1.tgz** (Vulnerable Library)

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-17

URL: CVE-2018-20190

CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20190

Release Date: 2018-12-17

Fix Resolution: LibSass - 3.6.0


Step up your Open Source Security Game with WhiteSource here

90 CVE-2018-19839 (Medium) detected in node-sass-4.14.1.tgz, CSS::Sass-v3.4.11

Find it on GitHub

CVE-2018-19839 - Medium Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/mycovidconnect/package.json

Path to vulnerable library: /mycovidconnect/node_modules/node-sass/package.json

Dependency Hierarchy: - :x: **node-sass-4.14.1.tgz** (Vulnerable Library)

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Vulnerability Details

In LibSass prior to 3.5.5, the function handleerror in sasscontext.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.

Publish Date: 2018-12-04

URL: CVE-2018-19839

CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19839

Release Date: 2018-12-04

Fix Resolution: Libsass:3.6.0


Step up your Open Source Security Game with WhiteSource here

91 CVE-2018-19827 (High) detected in node-sass-4.14.1.tgz, opennms-opennms-source-24.1.2-1

Find it on GitHub

CVE-2018-19827 - High Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/mycovidconnect/package.json

Path to vulnerable library: /mycovidconnect/node_modules/node-sass/package.json

Dependency Hierarchy: - :x: **node-sass-4.14.1.tgz** (Vulnerable Library)

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Vulnerability Details

In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-12-03

URL: CVE-2018-19827

CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/sass/libsass/pull/2784

Release Date: 2019-08-29

Fix Resolution: LibSass - 3.6.0


Step up your Open Source Security Game with WhiteSource here

92 CVE-2018-11694 (High) detected in node-sass-4.14.1.tgz, proyector-movil-proyector-movil-windows

Find it on GitHub

CVE-2018-11694 - High Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/mycovidconnect/package.json

Path to vulnerable library: /mycovidconnect/node_modules/node-sass/package.json

Dependency Hierarchy: - :x: **node-sass-4.14.1.tgz** (Vulnerable Library)

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.

Publish Date: 2018-06-04

URL: CVE-2018-11694

CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11694

Release Date: 2018-06-04

Fix Resolution: LibSass - 3.6.0


Step up your Open Source Security Game with WhiteSource here

93 CVE-2019-6286 (Medium) detected in opennms-opennms-source-22.0.1-1, node-sass-4.14.1.tgz

Find it on GitHub

CVE-2019-6286 - Medium Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/mycovidconnect/package.json

Path to vulnerable library: /mycovidconnect/node_modules/node-sass/package.json

Dependency Hierarchy: - :x: **node-sass-4.14.1.tgz** (Vulnerable Library)

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skipoverscopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.

Publish Date: 2019-01-14

URL: CVE-2019-6286

CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6286

Release Date: 2019-08-06

Fix Resolution: LibSass - 3.6.0


Step up your Open Source Security Game with WhiteSource here

94 CVE-2019-6284 (Medium) detected in opennms-opennms-source-22.0.1-1, node-sass-4.14.1.tgz

Find it on GitHub

CVE-2019-6284 - Medium Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/mycovidconnect/package.json

Path to vulnerable library: /mycovidconnect/node_modules/node-sass/package.json

Dependency Hierarchy: - :x: **node-sass-4.14.1.tgz** (Vulnerable Library)

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6284

CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6284

Release Date: 2019-08-06

Fix Resolution: LibSass - 3.6.0


Step up your Open Source Security Game with WhiteSource here

95 CVE-2019-6283 (Medium) detected in opennms-opennms-source-22.0.1-1, node-sass-4.14.1.tgz

Find it on GitHub

CVE-2019-6283 - Medium Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/mycovidconnect/package.json

Path to vulnerable library: /mycovidconnect/node_modules/node-sass/package.json

Dependency Hierarchy: - :x: **node-sass-4.14.1.tgz** (Vulnerable Library)

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Vulnerability Details

In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.

Publish Date: 2019-01-14

URL: CVE-2019-6283

CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6284

Release Date: 2019-08-06

Fix Resolution: LibSass - 3.6.0


Step up your Open Source Security Game with WhiteSource here

96 CVE-2018-20822 (Medium) detected in opennms-opennms-source-22.0.1-1

Find it on GitHub

CVE-2018-20822 - Medium Severity Vulnerability

Vulnerable Library - opennmsopennms-source-22.0.1-1

A Java based fault and performance management system

Library home page: https://sourceforge.net/projects/opennms/

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Vulnerable Source Files (1)

mycovidconnect/nodemodules/node-sass/src/libsass/src/ast.hpp

<img src='https://whitesource-resources.whitesourcesoftware.com/mediumvul.png' width=19 height=20> Vulnerability Details

LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).

Publish Date: 2019-04-23

URL: CVE-2018-20822

CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20822

Release Date: 2019-08-06

Fix Resolution: LibSass - 3.6.0;node-sass - 4.13.1


Step up your Open Source Security Game with WhiteSource here

97 CVE-2018-19838 (Medium) detected in opennms-opennms-source-22.0.1-1, node-sass-4.14.1.tgz

Find it on GitHub

CVE-2018-19838 - Medium Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/mycovidconnect/package.json

Path to vulnerable library: /mycovidconnect/node_modules/node-sass/package.json

Dependency Hierarchy: - :x: **node-sass-4.14.1.tgz** (Vulnerable Library)

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Vulnerability Details

In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENTASTOPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().

Publish Date: 2018-12-04

URL: CVE-2018-19838

CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/sass/libsass/blob/3.6.0/src/ast.cpp

Release Date: 2019-07-01

Fix Resolution: LibSass - 3.6.0


Step up your Open Source Security Game with WhiteSource here

98 CVE-2018-19797 (Medium) detected in opennms-opennms-source-22.0.1-1, node-sass-4.14.1.tgz

Find it on GitHub

CVE-2018-19797 - Medium Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/mycovidconnect/package.json

Path to vulnerable library: /mycovidconnect/node_modules/node-sass/package.json

Dependency Hierarchy: - :x: **node-sass-4.14.1.tgz** (Vulnerable Library)

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Vulnerability Details

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::SelectorList::populateextends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.

Publish Date: 2018-12-03

URL: CVE-2018-19797

CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19797

Release Date: 2018-12-03

Fix Resolution: libsass-3.6.0


Step up your Open Source Security Game with WhiteSource here

99 CVE-2018-11698 (High) detected in opennms-opennms-source-22.0.1-1, node-sass-4.14.1.tgz

Find it on GitHub

CVE-2018-11698 - High Severity Vulnerability

Vulnerable Libraries - node-sass-4.14.1.tgz

node-sass-4.14.1.tgz

Wrapper around libsass

Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.14.1.tgz

Path to dependency file: /tmp/ws-scm/mycovidconnect/package.json

Path to vulnerable library: /mycovidconnect/node_modules/node-sass/package.json

Dependency Hierarchy: - :x: **node-sass-4.14.1.tgz** (Vulnerable Library)

Found in HEAD commit: 904c592ca134c67a95183f05f52ab8f2c0153488

Vulnerability Details

An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

Publish Date: 2018-06-04

URL: CVE-2018-11698

CVSS 3 Score Details (8.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-11698

Release Date: 2018-06-04

Fix Resolution: Libsass-3.6.0


Step up your Open Source Security Game with WhiteSource here

100 CVE-2018-11499 (High) detected in opennms-opennms-source-22.0.1-1, proyector-movil-proyector-movil-windows

Find it on GitHub

CVE-2018-11499 - High Severity Vulnerability

Vulnerable Libraries -

Vulnerability Details

A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.

Publish Date: 2018-05-26

URL: CVE-2018-11499

CVSS 3 Score Details (9.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11499

Release Date: 2018-05-26

Fix Resolution: LibSass - 3.6.0


Step up your Open Source Security Game with WhiteSource here