From 1779a9d83396393b156d642a6f279c70a8d6c272 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Tue, 9 Jan 2024 00:04:53 +0000 Subject: [PATCH 01/10] Create techstack.yml --- techstack.yml | 425 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 425 insertions(+) create mode 100644 techstack.yml diff --git a/techstack.yml b/techstack.yml new file mode 100644 index 00000000..334913d5 --- /dev/null +++ b/techstack.yml @@ -0,0 +1,425 @@ +repo_name: stackshareio/oauth2 +report_id: 836058b419846f0806076d18bd0a0091 +version: 0.1 +repo_type: Public +timestamp: '2024-01-09T00:04:51+00:00' +requested_by: anvox +provider: github +branch: master +detected_tools_count: 24 +tools: +- name: JavaScript + description: Lightweight, interpreted, object-oriented language with first-class + functions + website_url: https://developer.mozilla.org/en-US/docs/Web/JavaScript + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/1209/javascript.jpeg + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Erik Michaels-Ober + last_updated_on: 2014-07-09 08:03:00.000000000 Z +- name: Ruby + description: A dynamic, interpreted, open source programming language with a focus + on simplicity and productivity + website_url: https://www.ruby-lang.org + version: 2.7.0 + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/989/ruby.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/.ruby-version + detection_source: Repo Metadata + last_updated_by: Peter Boling + last_updated_on: 2020-01-29 02:19:50.000000000 Z +- name: Bundler + description: 'A consistent environment for tracking and installing gems and versions ' + website_url: http://bundler.io + open_source: false + hosted_saas: false + category: Build, Test, Deploy + sub_category: Front End Package Manager + image_url: https://img.stackshare.io/service/2988/4e77LXIo_400x400.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Peter Boling + last_updated_on: 2019-10-01 03:54:35.000000000 Z +- name: Git + description: Fast, scalable, distributed revision control system + website_url: http://git-scm.com/ + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Version Control System + image_url: https://img.stackshare.io/service/1046/git.png + detection_source_url: https://github.com/stackshareio/oauth2 + detection_source: Repo Metadata +- name: RSpec + description: Behaviour Driven Development for Ruby + website_url: https://rspec.info/ + version: '3.0' + license: MIT + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Testing Frameworks + image_url: https://img.stackshare.io/service/2539/logo.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Erik Michaels-Ober + last_updated_on: 2013-01-26 08:40:04.000000000 Z +- name: RubyGems + description: Easily download, install, and use ruby software packages on your system + website_url: https://rubygems.org/ + open_source: false + hosted_saas: false + category: Build, Test, Deploy + sub_category: Package Managers + image_url: https://img.stackshare.io/service/12795/5jL6-BA5_400x400.jpeg + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Erik Michaels-Ober + last_updated_on: 2014-07-09 08:03:00.000000000 Z +- name: Travis CI + description: A hosted continuous integration service for open source and private + projects + website_url: http://travis-ci.com/ + open_source: false + hosted_saas: true + category: Build, Test, Deploy + sub_category: Continuous Integration + image_url: https://img.stackshare.io/service/460/Lu6cGu0z_400x400.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/.travis.yml + detection_source: ".travis.yml" + last_updated_by: Erik Michaels-Ober + last_updated_on: 2012-03-13 13:59:45.000000000 Z +- name: npm + description: The package manager for JavaScript. + website_url: https://www.npmjs.com/ + open_source: false + hosted_saas: false + category: Build, Test, Deploy + sub_category: Front End Package Manager + image_url: https://img.stackshare.io/service/1120/lejvzrnlpb308aftn31u.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Michael Bleigh + last_updated_on: 2010-04-22 05:20:38.000000000 Z +- name: Shell + description: A shell is a text-based terminal, used for manipulating programs and + files. Shell scripts typically manage program execution. + website_url: https://en.wikipedia.org/wiki/Shell_script + open_source: false + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/4631/default_c2062d40130562bdc836c13dbca02d318205a962.png + detection_source_url: https://github.com/stackshareio/oauth2 + detection_source: Repo Metadata +- name: addressable + description: Addressable is an alternative implementation to the URI implementation + that is part of Ruby's standard library + package_url: https://rubygems.org/addressable + version: '2.3' + license: Apache-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18870/default_63d360ffaa27bed91e2b067fb467407b5c9da0ed.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Peter Boling + last_updated_on: 2018-01-19 02:23:05.000000000 Z + vulnerabilities: + - name: Regular Expression Denial of Service in Addressable templates + cve_id: CVE-2021-32740 + cve_url: https://github.com/advisories/GHSA-jxhc-q857-3j6g + detected_date: Aug 22 + severity: high + first_patched: 2.8.0 +- name: backports + description: Essential backports that enable many of the nice features of Ruby for + earlier versions + package_url: https://rubygems.org/backports + version: '3.11' + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/19159/default_c8270617b11a0e0bb186cecf4527f28719105688.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Peter Boling + last_updated_on: 2018-01-19 02:23:05.000000000 Z +- name: byebug + description: Byebug is a Ruby debugger + package_url: https://rubygems.org/byebug + license: BSD-2-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18849/default_887cb273c504fac90d07fc552b7b223fbb32ca39.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: Peter Boling + last_updated_on: 2019-10-01 15:24:01.000000000 Z +- name: coveralls + description: A Ruby implementation of the Coveralls API + package_url: https://rubygems.org/coveralls + version: '0.8' + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18833/default_8c2fa81d8b8e48c679685199823ce30d598d3e87.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: Gemfile + last_updated_by: Peter Boling + last_updated_on: 2018-10-13 12:17:19.000000000 Z +- name: faraday + description: HTTP/REST API client library + package_url: https://rubygems.org/faraday + version: '0.8' + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18835/default_0e382579c2f0564abd86ba662410379f1d623a9c.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Yuri S + last_updated_on: 2019-07-16 20:21:20.000000000 Z +- name: jwt + description: A pure ruby implementation of the RFC 7519 OAuth JSON Web Token + package_url: https://rubygems.org/jwt + version: '1.0' + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18991/default_e5e3569d4beb5d51f9ce87c88e8b44a2308e087b.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Michael Bleigh + last_updated_on: 2010-04-22 05:20:38.000000000 Z +- name: multi_json + description: A common interface to multiple JSON libraries + package_url: https://rubygems.org/multi_json + version: '1.3' + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18851/default_b87d202e13d56f87c63181fa49bc5e099c9abaac.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Erik Michaels-Ober + last_updated_on: 2013-12-30 19:35:25.000000000 Z +- name: multi_xml + description: Provides swappable XML backends utilizing LibXML + package_url: https://rubygems.org/multi_xml + version: '0.5' + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/19050/default_76e060fe9703f2b60ce4bc4f9e2633d27597740f.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Erik Michaels-Ober + last_updated_on: 2013-12-30 19:35:25.000000000 Z + vulnerabilities: + - name: Improper Input Validation in multi_xml + cve_id: CVE-2013-0175 + cve_url: https://github.com/advisories/GHSA-pchc-949f-53m5 + detected_date: Aug 22 + severity: high + first_patched: 0.5.2 +- name: pry + description: An IRB alternative and runtime developer console + package_url: https://rubygems.org/pry + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18815/default_f582e4648f4682adb72d2b201218cda7f8e894ac.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: Erik Michaels-Ober + last_updated_on: 2010-10-11 19:25:45.000000000 Z +- name: pry-byebug + description: Combine 'pry' with 'byebug' + package_url: https://rubygems.org/pry-byebug + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18848/default_1c2935fa69cec14d38adad302e002464101cd71f.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: Peter Boling + last_updated_on: 2019-10-01 15:24:01.000000000 Z +- name: rack + description: Rack provides a minimal, modular and adaptable interface for developing + web applications in Ruby + package_url: https://rubygems.org/rack + version: '1.2' + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18839/default_db5cfb0d85d9fd8bfb40a863581417a2a57791ab.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Orien Madgwick + last_updated_on: 2019-10-05 00:34:30.000000000 Z + vulnerabilities: + - name: Possible shell escape sequence injection vulnerability in Rack + cve_id: CVE-2022-30123 + cve_url: https://github.com/advisories/GHSA-wq4h-7r42-5hrr + detected_date: May 28 + severity: critical + first_patched: 2.0.9.1 + - name: Rack has possible DoS Vulnerability in Multipart MIME parsing + cve_id: CVE-2023-27530 + cve_url: https://github.com/advisories/GHSA-3h57-hmj3-gj3p + detected_date: Mar 9 + severity: high + first_patched: 2.0.9.3 + - name: Rack allows Percent-encoded cookies to overwrite existing prefixed cookie + names + cve_id: CVE-2020-8184 + cve_url: https://github.com/advisories/GHSA-j6w9-fv6q-3q52 + detected_date: Aug 22 + severity: high + first_patched: 2.1.4 + - name: Denial of Service Vulnerability in Rack Multipart Parsing + cve_id: CVE-2022-30122 + cve_url: https://github.com/advisories/GHSA-hxqx-xwvh-44m2 + detected_date: May 28 + severity: high + first_patched: 2.0.9.1 + - name: Directory traversal in Rack::Directory app bundled with Rack + cve_id: CVE-2020-8161 + cve_url: https://github.com/advisories/GHSA-5f9h-9pjv-v6j7 + detected_date: Aug 22 + severity: high + first_patched: 2.1.3 + - name: Moderate severity vulnerability that affects rack + cve_id: + cve_url: https://github.com/advisories/GHSA-9vc2-p34x-jhxh + detected_date: Aug 22 + severity: moderate + first_patched: 1.4.6 + - name: Possible Information Leak / Session Hijack Vulnerability in Rack + cve_id: CVE-2019-16782 + cve_url: https://github.com/advisories/GHSA-hrqr-hxpp-chr3 + detected_date: Aug 22 + severity: moderate + first_patched: 1.6.12 + - name: Rack vulnerable to Denial of Service + cve_id: CVE-2013-0184 + cve_url: https://github.com/advisories/GHSA-v882-ccj6-jc48 + detected_date: Mar 9 + severity: moderate + first_patched: 1.2.7 + - name: Rack vulnerable to Cross-site Scripting + cve_id: CVE-2018-16471 + cve_url: https://github.com/advisories/GHSA-5r2p-j47h-mhpg + detected_date: Aug 22 + severity: moderate + first_patched: 1.6.11 + - name: Rack arbitrary code execution via timing attack + cve_id: CVE-2013-0263 + cve_url: https://github.com/advisories/GHSA-xc85-32mf-xpv8 + detected_date: Jun 18 + severity: moderate + first_patched: 1.2.8 + - name: Rack Gem Subject to Denial of Service via Hash Collisions + cve_id: CVE-2011-5036 + cve_url: https://github.com/advisories/GHSA-v6j3-7jrw-hq2p + detected_date: Mar 28 + severity: moderate + first_patched: 1.2.5 + - name: Rack vulnerable to REDoS + cve_id: CVE-2012-6109 + cve_url: https://github.com/advisories/GHSA-h77x-m5q8-c29h + detected_date: Aug 22 + severity: moderate + first_patched: 1.2.6 +- name: rake + description: Rake is a Make-like program implemented in Ruby + package_url: https://rubygems.org/rake + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18812/default_f582e4648f4682adb72d2b201218cda7f8e894ac.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Peter Boling + last_updated_on: 2019-10-01 09:35:41.000000000 Z +- name: rdoc + description: RDoc produces HTML and command-line documentation for Ruby projects + package_url: https://rubygems.org/rdoc + version: '5.0' + license: Ruby + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18829/default_ba8d7756589e5fc0164687950e3f091b32554546.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Peter Boling + last_updated_on: 2018-01-25 20:48:17.000000000 Z + vulnerabilities: + - name: Arbitrary Code Execution in Rdoc + cve_id: CVE-2021-31799 + cve_url: https://github.com/advisories/GHSA-ggxm-pgc9-g7fp + detected_date: Sep 2 + severity: high + first_patched: 6.1.2.1 +- name: simplecov + description: Code coverage for Ruby 1.9+ with a powerful configuration library and + automatic merging of coverage across test suites + package_url: https://rubygems.org/simplecov + version: '0.9' + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18819/default_6564ae059af6c4ea7065fd2329370c7a05341cf8.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: Peter Boling + last_updated_on: 2018-10-13 12:17:19.000000000 Z +- name: wwtd + description: Travis simulator so you do not need to wait for the build + package_url: https://rubygems.org/wwtd + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/19205/default_33c8326f97a56642e8765668fc1ba3bfeb911247.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Peter Boling + last_updated_on: 2018-01-24 03:06:11.000000000 Z From 9783debdacad6be3eacc4a3d9613a8c1b5de2316 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Tue, 9 Jan 2024 00:04:54 +0000 Subject: [PATCH 02/10] Create techstack.md --- techstack.md | 154 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 154 insertions(+) create mode 100644 techstack.md diff --git a/techstack.md b/techstack.md new file mode 100644 index 00000000..1b1d03b6 --- /dev/null +++ b/techstack.md @@ -0,0 +1,154 @@ + +
+ +# Tech Stack File +![](https://img.stackshare.io/repo.svg "repo") [stackshareio/oauth2](https://github.com/stackshareio/oauth2)![](https://img.stackshare.io/public_badge.svg "public") +

+|24
Tools used|01/09/24
Report generated| +|------|------| +
+ +## Languages (2) + + + + + + +
+ JavaScript +
+ JavaScript +
+ +		 + Ruby +
+ Ruby +
+ v2.7.0 +
+ +## DevOps (6) + + + + + + + + + + + + + + +
+ Bundler +
+ Bundler +
+ +		 + Git +
+ Git +
+ +		 + RSpec +
+ RSpec +
+ v3.0 +		 + RubyGems +
+ RubyGems +
+ +		 + Travis CI +
+ Travis CI +
+ +		 + npm +
+ npm +
+ +
+ +## Other (1) + + + + +
+ Shell +
+ Shell +
+ +
+ + +## Open source packages (15) + +## RubyGems (15) + +|NAME|VERSION|LAST UPDATED|LAST UPDATED BY|LICENSE|VULNERABILITIES| +|:------|:------|:------|:------|:------|:------| +|[addressable](https://rubygems.org/addressable)|v2.3|01/19/18|Peter Boling |Apache-2.0|[CVE-2021-32740](https://github.com/advisories/GHSA-jxhc-q857-3j6g) (High)| +|[backports](https://rubygems.org/backports)|v3.11|01/19/18|Peter Boling |MIT|N/A| +|[byebug](https://rubygems.org/byebug)|N/A|10/01/19|Peter Boling |BSD-2-Clause|N/A| +|[coveralls](https://rubygems.org/coveralls)|v0.8|10/13/18|Peter Boling |MIT|N/A| +|[faraday](https://rubygems.org/faraday)|v0.8|07/16/19|Yuri S |MIT|N/A| +|[jwt](https://rubygems.org/jwt)|v1.0|04/22/10|Michael Bleigh |MIT|N/A| +|[multi_json](https://rubygems.org/multi_json)|v1.3|12/30/13|Erik Michaels-Ober |MIT|N/A| +|[multi_xml](https://rubygems.org/multi_xml)|v0.5|12/30/13|Erik Michaels-Ober |MIT|[CVE-2013-0175](https://github.com/advisories/GHSA-pchc-949f-53m5) (High)| +|[pry](https://rubygems.org/pry)|N/A|10/11/10|Erik Michaels-Ober |MIT|N/A| +|[pry-byebug](https://rubygems.org/pry-byebug)|N/A|10/01/19|Peter Boling |MIT|N/A| +|[rack](https://rubygems.org/rack)|v1.2|10/05/19|Orien Madgwick |MIT|[CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) (Critical)
[CVE-2023-27530](https://github.com/advisories/GHSA-3h57-hmj3-gj3p) (High)
[CVE-2020-8184](https://github.com/advisories/GHSA-j6w9-fv6q-3q52) (High)
[CVE-2022-30122](https://github.com/advisories/GHSA-hxqx-xwvh-44m2) (High)
[CVE-2020-8161](https://github.com/advisories/GHSA-5f9h-9pjv-v6j7) (High)
[](https://github.com/advisories/GHSA-9vc2-p34x-jhxh) (Moderate)
[CVE-2019-16782](https://github.com/advisories/GHSA-hrqr-hxpp-chr3) (Moderate)
[CVE-2013-0184](https://github.com/advisories/GHSA-v882-ccj6-jc48) (Moderate)
[CVE-2018-16471](https://github.com/advisories/GHSA-5r2p-j47h-mhpg) (Moderate)
[CVE-2013-0263](https://github.com/advisories/GHSA-xc85-32mf-xpv8) (Moderate)
[CVE-2011-5036](https://github.com/advisories/GHSA-v6j3-7jrw-hq2p) (Moderate)
[CVE-2012-6109](https://github.com/advisories/GHSA-h77x-m5q8-c29h) (Moderate)| +|[rake](https://rubygems.org/rake)|N/A|10/01/19|Peter Boling |MIT|N/A| +|[rdoc](https://rubygems.org/rdoc)|v5.0|01/25/18|Peter Boling |Ruby|[CVE-2021-31799](https://github.com/advisories/GHSA-ggxm-pgc9-g7fp) (High)| +|[simplecov](https://rubygems.org/simplecov)|v0.9|10/13/18|Peter Boling |MIT|N/A| +|[wwtd](https://rubygems.org/wwtd)|N/A|01/24/18|Peter Boling |MIT|N/A| + +
+
+ +Generated via [Stack File](https://github.com/marketplace/stack-file) From d6c0249467630a8936ee1689ed74f643512e7bcb Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Thu, 15 Feb 2024 18:30:03 +0000 Subject: [PATCH 03/10] Update techstack.yml --- techstack.yml | 156 ++++++++------------------------------------------ 1 file changed, 23 insertions(+), 133 deletions(-) diff --git a/techstack.yml b/techstack.yml index 334913d5..98b80d2f 100644 --- a/techstack.yml +++ b/techstack.yml @@ -1,26 +1,13 @@ repo_name: stackshareio/oauth2 -report_id: 836058b419846f0806076d18bd0a0091 +report_id: bcf313b6535fd07102148b97feb96e5f version: 0.1 repo_type: Public -timestamp: '2024-01-09T00:04:51+00:00' +timestamp: '2024-02-15T18:30:00+00:00' requested_by: anvox provider: github branch: master -detected_tools_count: 24 +detected_tools_count: 17 tools: -- name: JavaScript - description: Lightweight, interpreted, object-oriented language with first-class - functions - website_url: https://developer.mozilla.org/en-US/docs/Web/JavaScript - open_source: true - hosted_saas: false - category: Languages & Frameworks - sub_category: Languages - image_url: https://img.stackshare.io/service/1209/javascript.jpeg - detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec - detection_source: oauth2.gemspec - last_updated_by: Erik Michaels-Ober - last_updated_on: 2014-07-09 08:03:00.000000000 Z - name: Ruby description: A dynamic, interpreted, open source programming language with a focus on simplicity and productivity @@ -35,8 +22,19 @@ tools: detection_source: Repo Metadata last_updated_by: Peter Boling last_updated_on: 2020-01-29 02:19:50.000000000 Z +- name: Shell + description: A shell is a text-based terminal, used for manipulating programs and + files. Shell scripts typically manage program execution. + website_url: https://en.wikipedia.org/wiki/Shell_script + open_source: false + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/4631/default_c2062d40130562bdc836c13dbca02d318205a962.png + detection_source_url: https://github.com/stackshareio/oauth2 + detection_source: Repo Metadata - name: Bundler - description: 'A consistent environment for tracking and installing gems and versions ' + description: A consistent environment for tracking and installing gems and versions website_url: http://bundler.io open_source: false hosted_saas: false @@ -96,66 +94,19 @@ tools: detection_source: ".travis.yml" last_updated_by: Erik Michaels-Ober last_updated_on: 2012-03-13 13:59:45.000000000 Z -- name: npm - description: The package manager for JavaScript. - website_url: https://www.npmjs.com/ - open_source: false - hosted_saas: false - category: Build, Test, Deploy - sub_category: Front End Package Manager - image_url: https://img.stackshare.io/service/1120/lejvzrnlpb308aftn31u.png - detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec - detection_source: oauth2.gemspec - last_updated_by: Michael Bleigh - last_updated_on: 2010-04-22 05:20:38.000000000 Z -- name: Shell - description: A shell is a text-based terminal, used for manipulating programs and - files. Shell scripts typically manage program execution. - website_url: https://en.wikipedia.org/wiki/Shell_script - open_source: false - hosted_saas: false - category: Languages & Frameworks - sub_category: Languages - image_url: https://img.stackshare.io/service/4631/default_c2062d40130562bdc836c13dbca02d318205a962.png - detection_source_url: https://github.com/stackshareio/oauth2 - detection_source: Repo Metadata -- name: addressable - description: Addressable is an alternative implementation to the URI implementation - that is part of Ruby's standard library - package_url: https://rubygems.org/addressable - version: '2.3' - license: Apache-2.0 - open_source: true - hosted_saas: false - category: Libraries - sub_category: RubyGems Packages - image_url: https://img.stackshare.io/package/18870/default_63d360ffaa27bed91e2b067fb467407b5c9da0ed.png - detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec - detection_source: oauth2.gemspec - last_updated_by: Peter Boling - last_updated_on: 2018-01-19 02:23:05.000000000 Z - vulnerabilities: - - name: Regular Expression Denial of Service in Addressable templates - cve_id: CVE-2021-32740 - cve_url: https://github.com/advisories/GHSA-jxhc-q857-3j6g - detected_date: Aug 22 - severity: high - first_patched: 2.8.0 -- name: backports - description: Essential backports that enable many of the nice features of Ruby for - earlier versions - package_url: https://rubygems.org/backports - version: '3.11' +- name: Rake + description: A software task management and build automation tool + website_url: https://github.com/ruby/rake license: MIT open_source: true hosted_saas: false - category: Libraries - sub_category: RubyGems Packages - image_url: https://img.stackshare.io/package/19159/default_c8270617b11a0e0bb186cecf4527f28719105688.png + category: Application Utilities + sub_category: Task Management + image_url: https://ucarecdn.com/79629173-de2d-4cdf-8509-6d1411b382e7/ detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec detection_source: oauth2.gemspec - last_updated_by: Peter Boling - last_updated_on: 2018-01-19 02:23:05.000000000 Z + last_updated_by: Michael Bleigh + last_updated_on: 2010-04-22 05:20:38.000000000 Z - name: byebug description: Byebug is a Ruby debugger package_url: https://rubygems.org/byebug @@ -197,20 +148,6 @@ tools: detection_source: oauth2.gemspec last_updated_by: Yuri S last_updated_on: 2019-07-16 20:21:20.000000000 Z -- name: jwt - description: A pure ruby implementation of the RFC 7519 OAuth JSON Web Token - package_url: https://rubygems.org/jwt - version: '1.0' - license: MIT - open_source: true - hosted_saas: false - category: Libraries - sub_category: RubyGems Packages - image_url: https://img.stackshare.io/package/18991/default_e5e3569d4beb5d51f9ce87c88e8b44a2308e087b.png - detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec - detection_source: oauth2.gemspec - last_updated_by: Michael Bleigh - last_updated_on: 2010-04-22 05:20:38.000000000 Z - name: multi_json description: A common interface to multiple JSON libraries package_url: https://rubygems.org/multi_json @@ -225,27 +162,6 @@ tools: detection_source: oauth2.gemspec last_updated_by: Erik Michaels-Ober last_updated_on: 2013-12-30 19:35:25.000000000 Z -- name: multi_xml - description: Provides swappable XML backends utilizing LibXML - package_url: https://rubygems.org/multi_xml - version: '0.5' - license: MIT - open_source: true - hosted_saas: false - category: Libraries - sub_category: RubyGems Packages - image_url: https://img.stackshare.io/package/19050/default_76e060fe9703f2b60ce4bc4f9e2633d27597740f.png - detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec - detection_source: oauth2.gemspec - last_updated_by: Erik Michaels-Ober - last_updated_on: 2013-12-30 19:35:25.000000000 Z - vulnerabilities: - - name: Improper Input Validation in multi_xml - cve_id: CVE-2013-0175 - cve_url: https://github.com/advisories/GHSA-pchc-949f-53m5 - detected_date: Aug 22 - severity: high - first_patched: 0.5.2 - name: pry description: An IRB alternative and runtime developer console package_url: https://rubygems.org/pry @@ -361,19 +277,6 @@ tools: detected_date: Aug 22 severity: moderate first_patched: 1.2.6 -- name: rake - description: Rake is a Make-like program implemented in Ruby - package_url: https://rubygems.org/rake - license: MIT - open_source: true - hosted_saas: false - category: Libraries - sub_category: RubyGems Packages - image_url: https://img.stackshare.io/package/18812/default_f582e4648f4682adb72d2b201218cda7f8e894ac.png - detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec - detection_source: oauth2.gemspec - last_updated_by: Peter Boling - last_updated_on: 2019-10-01 09:35:41.000000000 Z - name: rdoc description: RDoc produces HTML and command-line documentation for Ruby projects package_url: https://rubygems.org/rdoc @@ -410,16 +313,3 @@ tools: detection_source: Gemfile last_updated_by: Peter Boling last_updated_on: 2018-10-13 12:17:19.000000000 Z -- name: wwtd - description: Travis simulator so you do not need to wait for the build - package_url: https://rubygems.org/wwtd - license: MIT - open_source: true - hosted_saas: false - category: Libraries - sub_category: RubyGems Packages - image_url: https://img.stackshare.io/package/19205/default_33c8326f97a56642e8765668fc1ba3bfeb911247.png - detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec - detection_source: oauth2.gemspec - last_updated_by: Peter Boling - last_updated_on: 2018-01-24 03:06:11.000000000 Z From 453e5ae8bcf6a6e484388785b5c190f22ea6652f Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Thu, 15 Feb 2024 18:30:04 +0000 Subject: [PATCH 04/10] Update techstack.md --- techstack.md | 50 ++++++++++++++++++-------------------------------- 1 file changed, 18 insertions(+), 32 deletions(-) diff --git a/techstack.md b/techstack.md index 1b1d03b6..d7c0a8ac 100644 --- a/techstack.md +++ b/techstack.md @@ -4,11 +4,11 @@ stackshareio/oauth2 is built on the following main stack: - [Ruby](https://www.ruby-lang.org) – Languages -- [JavaScript](https://developer.mozilla.org/en-US/docs/Web/JavaScript) – Languages -- [RSpec](https://rspec.info/) – Testing Frameworks +- [Shell](https://en.wikipedia.org/wiki/Shell_script) – Languages - [Bundler](http://bundler.io) – Front End Package Manager -- [Shell](https://en.wikipedia.org/wiki/Shell_script) – Shells +- [RSpec](https://rspec.info/) – Testing Frameworks - [Travis CI](http://travis-ci.com/) – Continuous Integration +- [Rake](https://github.com/ruby/rake) – Task Management Full tech stack [here](/techstack.md) @@ -19,11 +19,11 @@ Full tech stack [here](/techstack.md) stackshareio/oauth2 is built on the following main stack: - Ruby [Ruby](https://www.ruby-lang.org) – Languages -- JavaScript [JavaScript](https://developer.mozilla.org/en-US/docs/Web/JavaScript) – Languages -- RSpec [RSpec](https://rspec.info/) – Testing Frameworks +- Shell [Shell](https://en.wikipedia.org/wiki/Shell_script) – Languages - Bundler [Bundler](http://bundler.io) – Front End Package Manager -- Shell [Shell](https://en.wikipedia.org/wiki/Shell_script) – Shells +- RSpec [RSpec](https://rspec.info/) – Testing Frameworks - Travis CI [Travis CI](http://travis-ci.com/) – Continuous Integration +- Rake [Rake](https://github.com/ruby/rake) – Task Management Full tech stack [here](/techstack.md) @@ -34,32 +34,32 @@ Full tech stack [here](/techstack.md) # Tech Stack File ![](https://img.stackshare.io/repo.svg "repo") [stackshareio/oauth2](https://github.com/stackshareio/oauth2)![](https://img.stackshare.io/public_badge.svg "public")

-|24
Tools used|01/09/24
Report generated| +|17
Tools used|02/15/24
Report generated| |------|------|
## Languages (2)
- JavaScript + Ruby
- JavaScript + Ruby
- + v2.7.0 		- Ruby + Shell
- Ruby + Shell
- v2.7.0 +
-## DevOps (6) +## DevOps (5) - -
Bundler @@ -101,23 +101,15 @@ Full tech stack [here](/techstack.md) - npm -
- npm -
- -
## Other (1) @@ -126,27 +118,21 @@ Full tech stack [here](/techstack.md)
- Shell + Rake
- Shell + Rake
-## Open source packages (15) +## Open source packages (9) -## RubyGems (15) +## RubyGems (9) |NAME|VERSION|LAST UPDATED|LAST UPDATED BY|LICENSE|VULNERABILITIES| |:------|:------|:------|:------|:------|:------| -|[addressable](https://rubygems.org/addressable)|v2.3|01/19/18|Peter Boling |Apache-2.0|[CVE-2021-32740](https://github.com/advisories/GHSA-jxhc-q857-3j6g) (High)| -|[backports](https://rubygems.org/backports)|v3.11|01/19/18|Peter Boling |MIT|N/A| |[byebug](https://rubygems.org/byebug)|N/A|10/01/19|Peter Boling |BSD-2-Clause|N/A| |[coveralls](https://rubygems.org/coveralls)|v0.8|10/13/18|Peter Boling |MIT|N/A| |[faraday](https://rubygems.org/faraday)|v0.8|07/16/19|Yuri S |MIT|N/A| -|[jwt](https://rubygems.org/jwt)|v1.0|04/22/10|Michael Bleigh |MIT|N/A| |[multi_json](https://rubygems.org/multi_json)|v1.3|12/30/13|Erik Michaels-Ober |MIT|N/A| -|[multi_xml](https://rubygems.org/multi_xml)|v0.5|12/30/13|Erik Michaels-Ober |MIT|[CVE-2013-0175](https://github.com/advisories/GHSA-pchc-949f-53m5) (High)| |[pry](https://rubygems.org/pry)|N/A|10/11/10|Erik Michaels-Ober |MIT|N/A| |[pry-byebug](https://rubygems.org/pry-byebug)|N/A|10/01/19|Peter Boling |MIT|N/A| |[rack](https://rubygems.org/rack)|v1.2|10/05/19|Orien Madgwick |MIT|[CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) (Critical)
[CVE-2023-27530](https://github.com/advisories/GHSA-3h57-hmj3-gj3p) (High)
[CVE-2020-8184](https://github.com/advisories/GHSA-j6w9-fv6q-3q52) (High)
[CVE-2022-30122](https://github.com/advisories/GHSA-hxqx-xwvh-44m2) (High)
[CVE-2020-8161](https://github.com/advisories/GHSA-5f9h-9pjv-v6j7) (High)
[](https://github.com/advisories/GHSA-9vc2-p34x-jhxh) (Moderate)
[CVE-2019-16782](https://github.com/advisories/GHSA-hrqr-hxpp-chr3) (Moderate)
[CVE-2013-0184](https://github.com/advisories/GHSA-v882-ccj6-jc48) (Moderate)
[CVE-2018-16471](https://github.com/advisories/GHSA-5r2p-j47h-mhpg) (Moderate)
[CVE-2013-0263](https://github.com/advisories/GHSA-xc85-32mf-xpv8) (Moderate)
[CVE-2011-5036](https://github.com/advisories/GHSA-v6j3-7jrw-hq2p) (Moderate)
[CVE-2012-6109](https://github.com/advisories/GHSA-h77x-m5q8-c29h) (Moderate)| -|[rake](https://rubygems.org/rake)|N/A|10/01/19|Peter Boling |MIT|N/A| |[rdoc](https://rubygems.org/rdoc)|v5.0|01/25/18|Peter Boling |Ruby|[CVE-2021-31799](https://github.com/advisories/GHSA-ggxm-pgc9-g7fp) (High)| |[simplecov](https://rubygems.org/simplecov)|v0.9|10/13/18|Peter Boling |MIT|N/A| -|[wwtd](https://rubygems.org/wwtd)|N/A|01/24/18|Peter Boling |MIT|N/A|
From e7f538f74d97806b4686e6e1dfa72f153d447166 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Fri, 16 Feb 2024 00:20:43 +0000 Subject: [PATCH 05/10] Update techstack.yml --- techstack.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/techstack.yml b/techstack.yml index 98b80d2f..3893a23d 100644 --- a/techstack.yml +++ b/techstack.yml @@ -1,8 +1,8 @@ repo_name: stackshareio/oauth2 -report_id: bcf313b6535fd07102148b97feb96e5f +report_id: 17269c3879018616a805b10241b60e8b version: 0.1 repo_type: Public -timestamp: '2024-02-15T18:30:00+00:00' +timestamp: '2024-02-16T00:20:41+00:00' requested_by: anvox provider: github branch: master From cf45a141af37500c08d8de4ed92548fca64fdb2c Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Fri, 16 Feb 2024 00:20:44 +0000 Subject: [PATCH 06/10] Update techstack.md --- techstack.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techstack.md b/techstack.md index d7c0a8ac..b5724c8e 100644 --- a/techstack.md +++ b/techstack.md @@ -34,7 +34,7 @@ Full tech stack [here](/techstack.md) # Tech Stack File ![](https://img.stackshare.io/repo.svg "repo") [stackshareio/oauth2](https://github.com/stackshareio/oauth2)![](https://img.stackshare.io/public_badge.svg "public")

-|17
Tools used|02/15/24
Report generated| +|17
Tools used|02/16/24
Report generated| |------|------|
From 5f6cd447e0094b8fde94758b3b8d062a550d4df0 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Fri, 1 Mar 2024 20:35:17 +0000 Subject: [PATCH 07/10] Update techstack.yml --- techstack.yml | 186 +++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 154 insertions(+), 32 deletions(-) diff --git a/techstack.yml b/techstack.yml index 3893a23d..d7b2eccb 100644 --- a/techstack.yml +++ b/techstack.yml @@ -1,13 +1,26 @@ repo_name: stackshareio/oauth2 -report_id: 17269c3879018616a805b10241b60e8b +report_id: 4e52b82bcacfc75957e1ac32558a3d04 version: 0.1 repo_type: Public -timestamp: '2024-02-16T00:20:41+00:00' +timestamp: '2024-03-01T20:35:15+00:00' requested_by: anvox provider: github branch: master -detected_tools_count: 17 +detected_tools_count: 24 tools: +- name: JavaScript + description: Lightweight, interpreted, object-oriented language with first-class + functions + website_url: https://developer.mozilla.org/en-US/docs/Web/JavaScript + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/1209/javascript.jpeg + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Erik Michaels-Ober + last_updated_on: 2014-07-09 08:03:00.000000000 Z - name: Ruby description: A dynamic, interpreted, open source programming language with a focus on simplicity and productivity @@ -22,17 +35,6 @@ tools: detection_source: Repo Metadata last_updated_by: Peter Boling last_updated_on: 2020-01-29 02:19:50.000000000 Z -- name: Shell - description: A shell is a text-based terminal, used for manipulating programs and - files. Shell scripts typically manage program execution. - website_url: https://en.wikipedia.org/wiki/Shell_script - open_source: false - hosted_saas: false - category: Languages & Frameworks - sub_category: Languages - image_url: https://img.stackshare.io/service/4631/default_c2062d40130562bdc836c13dbca02d318205a962.png - detection_source_url: https://github.com/stackshareio/oauth2 - detection_source: Repo Metadata - name: Bundler description: A consistent environment for tracking and installing gems and versions website_url: http://bundler.io @@ -94,19 +96,66 @@ tools: detection_source: ".travis.yml" last_updated_by: Erik Michaels-Ober last_updated_on: 2012-03-13 13:59:45.000000000 Z -- name: Rake - description: A software task management and build automation tool - website_url: https://github.com/ruby/rake - license: MIT - open_source: true +- name: npm + description: The package manager for JavaScript. + website_url: https://www.npmjs.com/ + open_source: false hosted_saas: false - category: Application Utilities - sub_category: Task Management - image_url: https://ucarecdn.com/79629173-de2d-4cdf-8509-6d1411b382e7/ + category: Build, Test, Deploy + sub_category: Front End Package Manager + image_url: https://img.stackshare.io/service/1120/lejvzrnlpb308aftn31u.png detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec detection_source: oauth2.gemspec last_updated_by: Michael Bleigh last_updated_on: 2010-04-22 05:20:38.000000000 Z +- name: Shell + description: A shell is a text-based terminal, used for manipulating programs and + files. Shell scripts typically manage program execution. + website_url: https://en.wikipedia.org/wiki/Shell_script + open_source: false + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/4631/default_c2062d40130562bdc836c13dbca02d318205a962.png + detection_source_url: https://github.com/stackshareio/oauth2 + detection_source: Repo Metadata +- name: addressable + description: Addressable is an alternative implementation to the URI implementation + that is part of Ruby's standard library + package_url: https://rubygems.org/addressable + version: '2.3' + license: Apache-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18870/default_63d360ffaa27bed91e2b067fb467407b5c9da0ed.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Peter Boling + last_updated_on: 2018-01-19 02:23:05.000000000 Z + vulnerabilities: + - name: Regular Expression Denial of Service in Addressable templates + cve_id: CVE-2021-32740 + cve_url: https://github.com/advisories/GHSA-jxhc-q857-3j6g + detected_date: Aug 22 + severity: high + first_patched: 2.8.0 +- name: backports + description: Essential backports that enable many of the nice features of Ruby for + earlier versions + package_url: https://rubygems.org/backports + version: '3.11' + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/19159/default_c8270617b11a0e0bb186cecf4527f28719105688.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Peter Boling + last_updated_on: 2018-01-19 02:23:05.000000000 Z - name: byebug description: Byebug is a Ruby debugger package_url: https://rubygems.org/byebug @@ -148,6 +197,20 @@ tools: detection_source: oauth2.gemspec last_updated_by: Yuri S last_updated_on: 2019-07-16 20:21:20.000000000 Z +- name: jwt + description: A pure ruby implementation of the RFC 7519 OAuth JSON Web Token + package_url: https://rubygems.org/jwt + version: '1.0' + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18991/default_e5e3569d4beb5d51f9ce87c88e8b44a2308e087b.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Michael Bleigh + last_updated_on: 2010-04-22 05:20:38.000000000 Z - name: multi_json description: A common interface to multiple JSON libraries package_url: https://rubygems.org/multi_json @@ -162,6 +225,27 @@ tools: detection_source: oauth2.gemspec last_updated_by: Erik Michaels-Ober last_updated_on: 2013-12-30 19:35:25.000000000 Z +- name: multi_xml + description: Provides swappable XML backends utilizing LibXML + package_url: https://rubygems.org/multi_xml + version: '0.5' + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/19050/default_76e060fe9703f2b60ce4bc4f9e2633d27597740f.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Erik Michaels-Ober + last_updated_on: 2013-12-30 19:35:25.000000000 Z + vulnerabilities: + - name: Improper Input Validation in multi_xml + cve_id: CVE-2013-0175 + cve_url: https://github.com/advisories/GHSA-pchc-949f-53m5 + detected_date: Aug 22 + severity: high + first_patched: 0.5.2 - name: pry description: An IRB alternative and runtime developer console package_url: https://rubygems.org/pry @@ -235,12 +319,12 @@ tools: detected_date: Aug 22 severity: high first_patched: 2.1.3 - - name: Moderate severity vulnerability that affects rack - cve_id: - cve_url: https://github.com/advisories/GHSA-9vc2-p34x-jhxh - detected_date: Aug 22 + - name: Rack arbitrary code execution via timing attack + cve_id: CVE-2013-0263 + cve_url: https://github.com/advisories/GHSA-xc85-32mf-xpv8 + detected_date: Jun 18 severity: moderate - first_patched: 1.4.6 + first_patched: 1.2.8 - name: Possible Information Leak / Session Hijack Vulnerability in Rack cve_id: CVE-2019-16782 cve_url: https://github.com/advisories/GHSA-hrqr-hxpp-chr3 @@ -259,12 +343,12 @@ tools: detected_date: Aug 22 severity: moderate first_patched: 1.6.11 - - name: Rack arbitrary code execution via timing attack - cve_id: CVE-2013-0263 - cve_url: https://github.com/advisories/GHSA-xc85-32mf-xpv8 - detected_date: Jun 18 + - name: Moderate severity vulnerability that affects rack + cve_id: + cve_url: https://github.com/advisories/GHSA-9vc2-p34x-jhxh + detected_date: Aug 22 severity: moderate - first_patched: 1.2.8 + first_patched: 1.4.6 - name: Rack Gem Subject to Denial of Service via Hash Collisions cve_id: CVE-2011-5036 cve_url: https://github.com/advisories/GHSA-v6j3-7jrw-hq2p @@ -277,6 +361,31 @@ tools: detected_date: Aug 22 severity: moderate first_patched: 1.2.6 + - name: Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial) + cve_id: CVE-2024-25126 + cve_url: https://github.com/advisories/GHSA-22f2-v57c-j9cx + detected_date: Feb 29 + severity: low + first_patched: 2.2.8.1 + - name: Rack Header Parsing leads to Possible Denial of Service Vulnerability + cve_id: CVE-2024-26146 + cve_url: https://github.com/advisories/GHSA-54rr-7fvw-6x8f + detected_date: Feb 29 + severity: low + first_patched: 2.0.9.4 +- name: rake + description: Rake is a Make-like program implemented in Ruby + package_url: https://rubygems.org/rake + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18812/default_f582e4648f4682adb72d2b201218cda7f8e894ac.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Peter Boling + last_updated_on: 2019-10-01 09:35:41.000000000 Z - name: rdoc description: RDoc produces HTML and command-line documentation for Ruby projects package_url: https://rubygems.org/rdoc @@ -313,3 +422,16 @@ tools: detection_source: Gemfile last_updated_by: Peter Boling last_updated_on: 2018-10-13 12:17:19.000000000 Z +- name: wwtd + description: Travis simulator so you do not need to wait for the build + package_url: https://rubygems.org/wwtd + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/19205/default_33c8326f97a56642e8765668fc1ba3bfeb911247.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Peter Boling + last_updated_on: 2018-01-24 03:06:11.000000000 Z From a4726fc24a4300121748bc51249bcb5c7067b7ae Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Fri, 1 Mar 2024 20:35:17 +0000 Subject: [PATCH 08/10] Update techstack.md --- techstack.md | 48 +++++++++++++++++++++++++++++++----------------- 1 file changed, 31 insertions(+), 17 deletions(-) diff --git a/techstack.md b/techstack.md index b5724c8e..24c71ab6 100644 --- a/techstack.md +++ b/techstack.md @@ -3,12 +3,12 @@ ## Tech Stack stackshareio/oauth2 is built on the following main stack: +- [JavaScript](https://developer.mozilla.org/en-US/docs/Web/JavaScript) – Languages - [Ruby](https://www.ruby-lang.org) – Languages -- [Shell](https://en.wikipedia.org/wiki/Shell_script) – Languages - [Bundler](http://bundler.io) – Front End Package Manager - [RSpec](https://rspec.info/) – Testing Frameworks - [Travis CI](http://travis-ci.com/) – Continuous Integration -- [Rake](https://github.com/ruby/rake) – Task Management +- [Shell](https://en.wikipedia.org/wiki/Shell_script) – Shells Full tech stack [here](/techstack.md) @@ -18,12 +18,12 @@ Full tech stack [here](/techstack.md) ## Tech Stack stackshareio/oauth2 is built on the following main stack: +- JavaScript [JavaScript](https://developer.mozilla.org/en-US/docs/Web/JavaScript) – Languages - Ruby [Ruby](https://www.ruby-lang.org) – Languages -- Shell [Shell](https://en.wikipedia.org/wiki/Shell_script) – Languages - Bundler [Bundler](http://bundler.io) – Front End Package Manager - RSpec [RSpec](https://rspec.info/) – Testing Frameworks - Travis CI [Travis CI](http://travis-ci.com/) – Continuous Integration -- Rake [Rake](https://github.com/ruby/rake) – Task Management +- Shell [Shell](https://en.wikipedia.org/wiki/Shell_script) – Shells Full tech stack [here](/techstack.md) @@ -34,32 +34,32 @@ Full tech stack [here](/techstack.md) # Tech Stack File ![](https://img.stackshare.io/repo.svg "repo") [stackshareio/oauth2](https://github.com/stackshareio/oauth2)![](https://img.stackshare.io/public_badge.svg "public")

-|17
Tools used|02/16/24
Report generated| +|24
Tools used|03/01/24
Report generated| |------|------| ## Languages (2)
- Ruby + JavaScript
- Ruby + JavaScript
- v2.7.0 + 		- Shell + Ruby
- Shell + Ruby
- + v2.7.0
-## DevOps (5) +## DevOps (6) + +
Bundler @@ -101,15 +101,23 @@ Full tech stack [here](/techstack.md) + npm +
+ npm +
+ +
## Other (1) @@ -118,21 +126,27 @@ Full tech stack [here](/techstack.md)
- Rake + Shell
- Rake + Shell
-## Open source packages (9) +## Open source packages (15) -## RubyGems (9) +## RubyGems (15) |NAME|VERSION|LAST UPDATED|LAST UPDATED BY|LICENSE|VULNERABILITIES| |:------|:------|:------|:------|:------|:------| +|[addressable](https://rubygems.org/addressable)|v2.3|01/19/18|Peter Boling |Apache-2.0|[CVE-2021-32740](https://github.com/advisories/GHSA-jxhc-q857-3j6g) (High)| +|[backports](https://rubygems.org/backports)|v3.11|01/19/18|Peter Boling |MIT|N/A| |[byebug](https://rubygems.org/byebug)|N/A|10/01/19|Peter Boling |BSD-2-Clause|N/A| |[coveralls](https://rubygems.org/coveralls)|v0.8|10/13/18|Peter Boling |MIT|N/A| |[faraday](https://rubygems.org/faraday)|v0.8|07/16/19|Yuri S |MIT|N/A| +|[jwt](https://rubygems.org/jwt)|v1.0|04/22/10|Michael Bleigh |MIT|N/A| |[multi_json](https://rubygems.org/multi_json)|v1.3|12/30/13|Erik Michaels-Ober |MIT|N/A| +|[multi_xml](https://rubygems.org/multi_xml)|v0.5|12/30/13|Erik Michaels-Ober |MIT|[CVE-2013-0175](https://github.com/advisories/GHSA-pchc-949f-53m5) (High)| |[pry](https://rubygems.org/pry)|N/A|10/11/10|Erik Michaels-Ober |MIT|N/A| |[pry-byebug](https://rubygems.org/pry-byebug)|N/A|10/01/19|Peter Boling |MIT|N/A| -|[rack](https://rubygems.org/rack)|v1.2|10/05/19|Orien Madgwick |MIT|[CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) (Critical)
[CVE-2023-27530](https://github.com/advisories/GHSA-3h57-hmj3-gj3p) (High)
[CVE-2020-8184](https://github.com/advisories/GHSA-j6w9-fv6q-3q52) (High)
[CVE-2022-30122](https://github.com/advisories/GHSA-hxqx-xwvh-44m2) (High)
[CVE-2020-8161](https://github.com/advisories/GHSA-5f9h-9pjv-v6j7) (High)
[](https://github.com/advisories/GHSA-9vc2-p34x-jhxh) (Moderate)
[CVE-2019-16782](https://github.com/advisories/GHSA-hrqr-hxpp-chr3) (Moderate)
[CVE-2013-0184](https://github.com/advisories/GHSA-v882-ccj6-jc48) (Moderate)
[CVE-2018-16471](https://github.com/advisories/GHSA-5r2p-j47h-mhpg) (Moderate)
[CVE-2013-0263](https://github.com/advisories/GHSA-xc85-32mf-xpv8) (Moderate)
[CVE-2011-5036](https://github.com/advisories/GHSA-v6j3-7jrw-hq2p) (Moderate)
[CVE-2012-6109](https://github.com/advisories/GHSA-h77x-m5q8-c29h) (Moderate)| +|[rack](https://rubygems.org/rack)|v1.2|10/05/19|Orien Madgwick |MIT|[CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) (Critical)
[CVE-2023-27530](https://github.com/advisories/GHSA-3h57-hmj3-gj3p) (High)
[CVE-2020-8184](https://github.com/advisories/GHSA-j6w9-fv6q-3q52) (High)
[CVE-2022-30122](https://github.com/advisories/GHSA-hxqx-xwvh-44m2) (High)
[CVE-2020-8161](https://github.com/advisories/GHSA-5f9h-9pjv-v6j7) (High)
[CVE-2013-0263](https://github.com/advisories/GHSA-xc85-32mf-xpv8) (Moderate)
[CVE-2019-16782](https://github.com/advisories/GHSA-hrqr-hxpp-chr3) (Moderate)
[CVE-2013-0184](https://github.com/advisories/GHSA-v882-ccj6-jc48) (Moderate)
[CVE-2018-16471](https://github.com/advisories/GHSA-5r2p-j47h-mhpg) (Moderate)
[](https://github.com/advisories/GHSA-9vc2-p34x-jhxh) (Moderate)
[CVE-2011-5036](https://github.com/advisories/GHSA-v6j3-7jrw-hq2p) (Moderate)
[CVE-2012-6109](https://github.com/advisories/GHSA-h77x-m5q8-c29h) (Moderate)
[CVE-2024-25126](https://github.com/advisories/GHSA-22f2-v57c-j9cx) (Low)
[CVE-2024-26146](https://github.com/advisories/GHSA-54rr-7fvw-6x8f) (Low)| +|[rake](https://rubygems.org/rake)|N/A|10/01/19|Peter Boling |MIT|N/A| |[rdoc](https://rubygems.org/rdoc)|v5.0|01/25/18|Peter Boling |Ruby|[CVE-2021-31799](https://github.com/advisories/GHSA-ggxm-pgc9-g7fp) (High)| |[simplecov](https://rubygems.org/simplecov)|v0.9|10/13/18|Peter Boling |MIT|N/A| +|[wwtd](https://rubygems.org/wwtd)|N/A|01/24/18|Peter Boling |MIT|N/A|
From dac99fa5fba3250c73b6768653cb008d31260af5 Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Fri, 8 Mar 2024 13:22:18 +0000 Subject: [PATCH 09/10] Update techstack.yml --- techstack.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/techstack.yml b/techstack.yml index d7b2eccb..e179007b 100644 --- a/techstack.yml +++ b/techstack.yml @@ -2,7 +2,7 @@ repo_name: stackshareio/oauth2 report_id: 4e52b82bcacfc75957e1ac32558a3d04 version: 0.1 repo_type: Public -timestamp: '2024-03-01T20:35:15+00:00' +timestamp: '2024-03-08T13:22:16+00:00' requested_by: anvox provider: github branch: master @@ -344,7 +344,7 @@ tools: severity: moderate first_patched: 1.6.11 - name: Moderate severity vulnerability that affects rack - cve_id: + cve_id: cve_url: https://github.com/advisories/GHSA-9vc2-p34x-jhxh detected_date: Aug 22 severity: moderate From de146a769dab396febbeaebdf7273ad9ba2bceed Mon Sep 17 00:00:00 2001 From: stacksharebot Date: Fri, 8 Mar 2024 13:22:19 +0000 Subject: [PATCH 10/10] Update techstack.md --- techstack.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/techstack.md b/techstack.md index 24c71ab6..7dfdd5a7 100644 --- a/techstack.md +++ b/techstack.md @@ -34,7 +34,7 @@ Full tech stack [here](/techstack.md) # Tech Stack File ![](https://img.stackshare.io/repo.svg "repo") [stackshareio/oauth2](https://github.com/stackshareio/oauth2)![](https://img.stackshare.io/public_badge.svg "public")

-|24
Tools used|03/01/24
Report generated| +|24
Tools used|03/08/24
Report generated| |------|------|