Sign upLogin

altereagle/arc

View on GitHub
Star

Showing 91 of 91 total issues

tough-cookie Regular Expression Denial of Service
Open

        "tough-cookie": {
          "version": "2.3.2",
          "bundled": true,
          "dev": true,
          "optional": true,
Severity: Minor
Found in package-lock.json by nodesecurity

Regular Expression Denial of Service

Overview:

The tough-cookie module is vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds.

Unless node was compiled using the -DHTTPMAXHEADER_SIZE= option the default header max length is 80kb so the impact of the ReDoS is limited to around 7.3 seconds of blocking.

At the time of writing all version <=2.3.2 are vulnerable

Recommendation:

Please update to version 2.3.3 or greater

debug Regular Expression Denial of Service
Open

        "debug": {
          "version": "2.6.8",
          "bundled": true,
          "dev": true,
          "optional": true,
Severity: Minor
Found in package-lock.json by nodesecurity

Regular Expression Denial of Service

Overview:

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.

Recommendation:

Upgrade to version 2.6.9 or greater if you are on the 2.6.x series or 3.1.0 or greater.

Rule doesn't have all its properties in alphabetical order.
Open

#jump_to, #jump_wrapper {
Severity: Minor
Found in docs/docco.css by csslint

2 IDs in the selector, really?
Open

#jump_to:hover #jump_wrapper {
Severity: Minor
Found in docs/docco.css by csslint

Don't use IDs in selectors.
Open

  #jump_page .source {
Severity: Minor
Found in docs/docco.css by csslint

Element (span.lineno) is overqualified, just use .lineno without element name.
Open

span.lineno { background-color: #f0f0f0; padding: 0 5px 0 5px; }
Severity: Minor
Found in docs/docco.css by csslint

Unqualified attribute selectors are known to be slow.
Open

[hidden] {
Severity: Minor
Found in docs/public/stylesheets/normalize.css by csslint

Don't use IDs in selectors.
Open

#jump_to a {
Severity: Minor
Found in docs/docco.css by csslint

Outlines should only be modified using :focus.
Open

a:active,
Severity: Minor
Found in docs/public/stylesheets/normalize.css by csslint

The box-sizing property isn't supported in IE6 and IE7.
Open

    box-sizing: border-box; /* 1 */
Severity: Minor
Found in docs/public/stylesheets/normalize.css by csslint

Rule doesn't have all its properties in alphabetical order.
Open

@font-face {
Severity: Minor
Found in docs/docco.css by csslint

Heading (h2) has already been defined.
Open

h2 {
Severity: Minor
Found in docs/docco.css by csslint

Missing standard property 'box-shadow' to go along with '-webkit-box-shadow'.
Open

  -webkit-box-shadow: 0 0 25px #777; -moz-box-shadow: 0 0 25px #777;
Severity: Minor
Found in docs/docco.css by csslint

Don't use IDs in selectors.
Open

#jump_wrapper {
Severity: Minor
Found in docs/docco.css by csslint

Rule doesn't have all its properties in alphabetical order.
Open

  .sections blockquote p {
Severity: Minor
Found in docs/docco.css by csslint

Don't use IDs in selectors.
Open

#jump_page {
Severity: Minor
Found in docs/docco.css by csslint

Don't use IDs in selectors.
Open

#jump_to, #jump_wrapper {
Severity: Minor
Found in docs/docco.css by csslint

Rule doesn't have all its properties in alphabetical order.
Open

hr {
Severity: Minor
Found in docs/docco.css by csslint

Don't use IDs in selectors.
Open

#jump_to, #jump_wrapper {
Severity: Minor
Found in docs/docco.css by csslint

Don't use IDs in selectors.
Open

  #container {
Severity: Minor
Found in docs/docco.css by csslint
Severity
Category
Status
Source
Language