Showing 75 of 75 total issues
debug Regular Expression Denial of Service Open
"debug": {
"version": "2.6.8",
"bundled": true,
"dev": true,
"optional": true,- Read upRead up
- Exclude checks
Regular Expression Denial of Service
Overview:
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.
Recommendation:
Upgrade to version 2.6.9 or greater if you are on the 2.6.x series or 3.1.0 or greater.
slug Regular Expression Denial of Service Open
"slug": {
"version": "0.9.1",
"resolved": "https://registry.npmjs.org/slug/-/slug-0.9.1.tgz",
"integrity": "sha1-rwj2CKfBFRa2F3iqgA3OhMUYz9o=",
"requires": {- Read upRead up
- Exclude checks
Regular Expression Denial of Service
Overview:
slug is a module to slugify strings, even if they contain unicode.
slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds.
Recommendation:
There is currently no fix for this issue, consider submitting a pull request for this issue
tough-cookie Regular Expression Denial of Service Open
"tough-cookie": {
"version": "2.3.2",
"bundled": true,
"dev": true,
"optional": true,- Read upRead up
- Exclude checks
Regular Expression Denial of Service
Overview:
The tough-cookie module is vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds.
Unless node was compiled using the -DHTTPMAXHEADER_SIZE= option the default header max length is 80kb so the impact of the ReDoS is limited to around 7.3 seconds of blocking.
At the time of writing all version <=2.3.2 are vulnerable
Recommendation:
Please update to version 2.3.3 or greater
Heading (h1) has already been defined. Open
h1 {- Exclude checks
Don't use IDs in selectors. Open
#jump_to, #jump_page {- Exclude checks
Rule doesn't have all its properties in alphabetical order. Open
#jump_to, #jump_wrapper {- Exclude checks
Rule doesn't have all its properties in alphabetical order. Open
ul.sections > li > div.content {- Exclude checks
Don't use IDs in selectors. Open
#jump_page {- Exclude checks
Outlines should only be modified using :focus. Open
a:active,- Exclude checks
The property -moz-appearance is compatible with -webkit-appearance and should be included as well. Open
-webkit-appearance: button; /* 2 */- Exclude checks
Values of 0 shouldn't have units specified. Open
margin: 15px 0 0px;- Exclude checks
Rule doesn't have all its properties in alphabetical order. Open
.annotation pre {- Exclude checks
Rule doesn't have all its properties in alphabetical order. Open
.pilwrap {- Exclude checks
Missing standard property 'border-bottom-left-radius' to go along with '-moz-border-radius-bottomleft'. Open
-webkit-border-bottom-left-radius: 5px; -moz-border-radius-bottomleft: 5px;- Exclude checks
Rule doesn't have all its properties in alphabetical order. Open
#jump_page .source {- Exclude checks
Don't use IDs in selectors. Open
#container {- Exclude checks
Element (span.lineno) is overqualified, just use .lineno without element name. Open
span.lineno { background-color: #f0f0f0; padding: 0 5px 0 5px; }- Exclude checks
Rule doesn't have all its properties in alphabetical order. Open
h1, h2, h3, h4, h5, h6 {- Exclude checks
The box-sizing property isn't supported in IE6 and IE7. Open
box-sizing: border-box; /* css3 */- Exclude checks
Don't use IDs in selectors. Open
#jump_to a.large {- Exclude checks