Closed DafneM closed 3 months ago
# npm audit report
bootstrap <=3.4.0
Severity: moderate
bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-ph58-4vrj-w6hr
XSS vulnerability that affects bootstrap - https://github.com/advisories/GHSA-3mgp-fx93-9xv5
Bootstrap Vulnerable to Cross-Site Scripting - https://github.com/advisories/GHSA-9v3m-8fp8-mj99
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-4p24-vmcr-4gqj
Bootstrap vulnerable to Cross-Site Scripting (XSS) - https://github.com/advisories/GHSA-3wqf-4x89-9g79
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-7mvr-5x2g-wfc8
fix available via `npm audit fix --force`
Will install bootstrap@3.4.1, which is outside the stated dependency range
node_modules/bootstrap
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/@svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of @svgr/webpack
Depends on vulnerable versions of resolve-url-loader
node_modules/react-scripts
postcss <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/resolve-url-loader/node_modules/postcss
resolve-url-loader 0.0.1-experiment-postcss || 3.0.0-alpha.1 - 4.0.0
Depends on vulnerable versions of postcss
node_modules/resolve-url-loader
9 vulnerabilities (3 moderate, 6 high)
To address all issues (including breaking changes), run:
npm audit fix --force
# npm audit report
bootstrap <=3.4.0
Severity: moderate
bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-ph58-4vrj-w6hr
XSS vulnerability that affects bootstrap - https://github.com/advisories/GHSA-3mgp-fx93-9xv5
Bootstrap Vulnerable to Cross-Site Scripting - https://github.com/advisories/GHSA-9v3m-8fp8-mj99
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-4p24-vmcr-4gqj
Bootstrap vulnerable to Cross-Site Scripting (XSS) - https://github.com/advisories/GHSA-3wqf-4x89-9g79
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-7mvr-5x2g-wfc8
fix available via `npm audit fix --force`
Will install bootstrap@3.4.1, which is outside the stated dependency range
node_modules/bootstrap
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/@svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of @svgr/webpack
Depends on vulnerable versions of resolve-url-loader
node_modules/react-scripts
postcss <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/resolve-url-loader/node_modules/postcss
resolve-url-loader 0.0.1-experiment-postcss || 3.0.0-alpha.1 - 4.0.0
Depends on vulnerable versions of postcss
node_modules/resolve-url-loader
9 vulnerabilities (3 moderate, 6 high)
To address all issues (including breaking changes), run:
npm audit fix --force
# npm audit report
bootstrap <=3.4.0
Severity: moderate
bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-ph58-4vrj-w6hr
XSS vulnerability that affects bootstrap - https://github.com/advisories/GHSA-3mgp-fx93-9xv5
Bootstrap Vulnerable to Cross-Site Scripting - https://github.com/advisories/GHSA-9v3m-8fp8-mj99
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-4p24-vmcr-4gqj
Bootstrap vulnerable to Cross-Site Scripting (XSS) - https://github.com/advisories/GHSA-3wqf-4x89-9g79
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-7mvr-5x2g-wfc8
fix available via `npm audit fix --force`
Will install bootstrap@3.4.1, which is outside the stated dependency range
node_modules/bootstrap
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/@svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of @svgr/webpack
Depends on vulnerable versions of resolve-url-loader
node_modules/react-scripts
postcss <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/resolve-url-loader/node_modules/postcss
resolve-url-loader 0.0.1-experiment-postcss || 3.0.0-alpha.1 - 4.0.0
Depends on vulnerable versions of postcss
node_modules/resolve-url-loader
ws 7.0.0 - 7.5.9 || 8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix`
node_modules/webpack-dev-server/node_modules/ws
node_modules/ws
10 vulnerabilities (3 moderate, 7 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
# npm audit report
bootstrap <=3.4.0
Severity: moderate
bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-ph58-4vrj-w6hr
XSS vulnerability that affects bootstrap - https://github.com/advisories/GHSA-3mgp-fx93-9xv5
Bootstrap Vulnerable to Cross-Site Scripting - https://github.com/advisories/GHSA-9v3m-8fp8-mj99
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-4p24-vmcr-4gqj
Bootstrap vulnerable to Cross-Site Scripting (XSS) - https://github.com/advisories/GHSA-3wqf-4x89-9g79
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-7mvr-5x2g-wfc8
fix available via `npm audit fix --force`
Will install bootstrap@3.4.1, which is outside the stated dependency range
node_modules/bootstrap
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/@svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of @svgr/webpack
Depends on vulnerable versions of resolve-url-loader
node_modules/react-scripts
postcss <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/resolve-url-loader/node_modules/postcss
resolve-url-loader 0.0.1-experiment-postcss || 3.0.0-alpha.1 - 4.0.0
Depends on vulnerable versions of postcss
node_modules/resolve-url-loader
ws 7.0.0 - 7.5.9 || 8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix`
node_modules/webpack-dev-server/node_modules/ws
node_modules/ws
10 vulnerabilities (3 moderate, 7 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Hello World!
Hello World!
# npm audit report
bootstrap <=3.4.0
Severity: moderate
bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-ph58-4vrj-w6hr
XSS vulnerability that affects bootstrap - https://github.com/advisories/GHSA-3mgp-fx93-9xv5
Bootstrap Vulnerable to Cross-Site Scripting - https://github.com/advisories/GHSA-9v3m-8fp8-mj99
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-4p24-vmcr-4gqj
Bootstrap vulnerable to Cross-Site Scripting (XSS) - https://github.com/advisories/GHSA-3wqf-4x89-9g79
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-7mvr-5x2g-wfc8
fix available via `npm audit fix --force`
Will install bootstrap@3.4.1, which is outside the stated dependency range
node_modules/bootstrap
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/@svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of @svgr/webpack
Depends on vulnerable versions of resolve-url-loader
node_modules/react-scripts
postcss <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/resolve-url-loader/node_modules/postcss
resolve-url-loader 0.0.1-experiment-postcss || 3.0.0-alpha.1 - 4.0.0
Depends on vulnerable versions of postcss
node_modules/resolve-url-loader
ws 7.0.0 - 7.5.9 || 8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix`
node_modules/webpack-dev-server/node_modules/ws
node_modules/ws
10 vulnerabilities (3 moderate, 7 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Hello World!
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.
# npm audit report
bootstrap <=3.4.0
Severity: moderate
bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-ph58-4vrj-w6hr
XSS vulnerability that affects bootstrap - https://github.com/advisories/GHSA-3mgp-fx93-9xv5
Bootstrap Vulnerable to Cross-Site Scripting - https://github.com/advisories/GHSA-9v3m-8fp8-mj99
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-4p24-vmcr-4gqj
Bootstrap vulnerable to Cross-Site Scripting (XSS) - https://github.com/advisories/GHSA-3wqf-4x89-9g79
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-7mvr-5x2g-wfc8
fix available via `npm audit fix --force`
Will install bootstrap@3.4.1, which is outside the stated dependency range
node_modules/bootstrap
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/@svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of @svgr/webpack
Depends on vulnerable versions of resolve-url-loader
node_modules/react-scripts
postcss <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/resolve-url-loader/node_modules/postcss
resolve-url-loader 0.0.1-experiment-postcss || 3.0.0-alpha.1 - 4.0.0
Depends on vulnerable versions of postcss
node_modules/resolve-url-loader
ws 7.0.0 - 7.5.9 || 8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix`
node_modules/webpack-dev-server/node_modules/ws
node_modules/ws
10 vulnerabilities (3 moderate, 7 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
# npm audit report
bootstrap <=3.4.0
Severity: moderate
bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-ph58-4vrj-w6hr
XSS vulnerability that affects bootstrap - https://github.com/advisories/GHSA-3mgp-fx93-9xv5
Bootstrap Vulnerable to Cross-Site Scripting - https://github.com/advisories/GHSA-9v3m-8fp8-mj99
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-4p24-vmcr-4gqj
Bootstrap vulnerable to Cross-Site Scripting (XSS) - https://github.com/advisories/GHSA-3wqf-4x89-9g79
Bootstrap Cross-site Scripting vulnerability - https://github.com/advisories/GHSA-7mvr-5x2g-wfc8
fix available via `npm audit fix --force`
Will install bootstrap@3.4.1, which is outside the stated dependency range
node_modules/bootstrap
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/@svgr/webpack
react-scripts >=2.1.4
Depends on vulnerable versions of @svgr/webpack
Depends on vulnerable versions of resolve-url-loader
node_modules/react-scripts
postcss <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install react-scripts@3.0.1, which is a breaking change
node_modules/resolve-url-loader/node_modules/postcss
resolve-url-loader 0.0.1-experiment-postcss || 3.0.0-alpha.1 - 4.0.0
Depends on vulnerable versions of postcss
node_modules/resolve-url-loader
ws 7.0.0 - 7.5.9 || 8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix`
node_modules/webpack-dev-server/node_modules/ws
node_modules/ws
10 vulnerabilities (3 moderate, 7 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Vulnerabilidade: A09 Descrição: não há arquivos de log que registrem as atividades dos usuários, nem avisos ou mensagens sobre as ações realizadas. Impacto: a ausência de logs elimina a rastreabilidade, dificultando a identificação de autenticações suspeitas e ataques na aplicação além de impedir a possibilidade de auditoria retroativa Sugestões de correção: 1) Adicionar arquivos de log com histórico; 2) Adicionar arquivos que registrem logins com falhas, considerando data e hora; 3) Adicionar arquivos que registrem as ações realizadas pelos usuários no sistema com identificação, data e hora; 4) Adicionar mensagens de alertas e erros detalhados para o usuário.
Vulnerabilidade: A07 Descrição: ao cadastrar um usuário, a aplicação não solicita um padrão mínimo de senha, permitindo a criação senhas fracas Impacto: uma senha fraca pode ser facilmente descoberta por um invasor por meio de ataques de força bruta Sugestões de correção: solicitar ao usuário padrões mínimos de senha, com letras maiúsculas e minúsculas, no mínimo um número, caracteres especiais e comprimento adequado
Issue: resolves tcc-lucas-dafne/tcc-password-manager#60
Descrição
O objetivo deste PR é gerar a análise de resultados do respositório para o TCC.