diff --git a/techstack.md b/techstack.md new file mode 100644 index 00000000..7dfdd5a7 --- /dev/null +++ b/techstack.md @@ -0,0 +1,154 @@ + +
+ +# Tech Stack File +![](https://img.stackshare.io/repo.svg "repo") [stackshareio/oauth2](https://github.com/stackshareio/oauth2)![](https://img.stackshare.io/public_badge.svg "public") +

+|24
Tools used|03/08/24
Report generated| +|------|------| +
+ +## Languages (2) + + + + + + +
+ JavaScript +
+ JavaScript +
+ +		 + Ruby +
+ Ruby +
+ v2.7.0 +
+ +## DevOps (6) + + + + + + + + + + + + + + +
+ Bundler +
+ Bundler +
+ +		 + Git +
+ Git +
+ +		 + RSpec +
+ RSpec +
+ v3.0 +		 + RubyGems +
+ RubyGems +
+ +		 + Travis CI +
+ Travis CI +
+ +		 + npm +
+ npm +
+ +
+ +## Other (1) + + + + +
+ Shell +
+ Shell +
+ +
+ + +## Open source packages (15) + +## RubyGems (15) + +|NAME|VERSION|LAST UPDATED|LAST UPDATED BY|LICENSE|VULNERABILITIES| +|:------|:------|:------|:------|:------|:------| +|[addressable](https://rubygems.org/addressable)|v2.3|01/19/18|Peter Boling |Apache-2.0|[CVE-2021-32740](https://github.com/advisories/GHSA-jxhc-q857-3j6g) (High)| +|[backports](https://rubygems.org/backports)|v3.11|01/19/18|Peter Boling |MIT|N/A| +|[byebug](https://rubygems.org/byebug)|N/A|10/01/19|Peter Boling |BSD-2-Clause|N/A| +|[coveralls](https://rubygems.org/coveralls)|v0.8|10/13/18|Peter Boling |MIT|N/A| +|[faraday](https://rubygems.org/faraday)|v0.8|07/16/19|Yuri S |MIT|N/A| +|[jwt](https://rubygems.org/jwt)|v1.0|04/22/10|Michael Bleigh |MIT|N/A| +|[multi_json](https://rubygems.org/multi_json)|v1.3|12/30/13|Erik Michaels-Ober |MIT|N/A| +|[multi_xml](https://rubygems.org/multi_xml)|v0.5|12/30/13|Erik Michaels-Ober |MIT|[CVE-2013-0175](https://github.com/advisories/GHSA-pchc-949f-53m5) (High)| +|[pry](https://rubygems.org/pry)|N/A|10/11/10|Erik Michaels-Ober |MIT|N/A| +|[pry-byebug](https://rubygems.org/pry-byebug)|N/A|10/01/19|Peter Boling |MIT|N/A| +|[rack](https://rubygems.org/rack)|v1.2|10/05/19|Orien Madgwick |MIT|[CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) (Critical)
[CVE-2023-27530](https://github.com/advisories/GHSA-3h57-hmj3-gj3p) (High)
[CVE-2020-8184](https://github.com/advisories/GHSA-j6w9-fv6q-3q52) (High)
[CVE-2022-30122](https://github.com/advisories/GHSA-hxqx-xwvh-44m2) (High)
[CVE-2020-8161](https://github.com/advisories/GHSA-5f9h-9pjv-v6j7) (High)
[CVE-2013-0263](https://github.com/advisories/GHSA-xc85-32mf-xpv8) (Moderate)
[CVE-2019-16782](https://github.com/advisories/GHSA-hrqr-hxpp-chr3) (Moderate)
[CVE-2013-0184](https://github.com/advisories/GHSA-v882-ccj6-jc48) (Moderate)
[CVE-2018-16471](https://github.com/advisories/GHSA-5r2p-j47h-mhpg) (Moderate)
[](https://github.com/advisories/GHSA-9vc2-p34x-jhxh) (Moderate)
[CVE-2011-5036](https://github.com/advisories/GHSA-v6j3-7jrw-hq2p) (Moderate)
[CVE-2012-6109](https://github.com/advisories/GHSA-h77x-m5q8-c29h) (Moderate)
[CVE-2024-25126](https://github.com/advisories/GHSA-22f2-v57c-j9cx) (Low)
[CVE-2024-26146](https://github.com/advisories/GHSA-54rr-7fvw-6x8f) (Low)| +|[rake](https://rubygems.org/rake)|N/A|10/01/19|Peter Boling |MIT|N/A| +|[rdoc](https://rubygems.org/rdoc)|v5.0|01/25/18|Peter Boling |Ruby|[CVE-2021-31799](https://github.com/advisories/GHSA-ggxm-pgc9-g7fp) (High)| +|[simplecov](https://rubygems.org/simplecov)|v0.9|10/13/18|Peter Boling |MIT|N/A| +|[wwtd](https://rubygems.org/wwtd)|N/A|01/24/18|Peter Boling |MIT|N/A| + +
+
+ +Generated via [Stack File](https://github.com/marketplace/stack-file) diff --git a/techstack.yml b/techstack.yml new file mode 100644 index 00000000..e179007b --- /dev/null +++ b/techstack.yml @@ -0,0 +1,437 @@ +repo_name: stackshareio/oauth2 +report_id: 4e52b82bcacfc75957e1ac32558a3d04 +version: 0.1 +repo_type: Public +timestamp: '2024-03-08T13:22:16+00:00' +requested_by: anvox +provider: github +branch: master +detected_tools_count: 24 +tools: +- name: JavaScript + description: Lightweight, interpreted, object-oriented language with first-class + functions + website_url: https://developer.mozilla.org/en-US/docs/Web/JavaScript + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/1209/javascript.jpeg + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Erik Michaels-Ober + last_updated_on: 2014-07-09 08:03:00.000000000 Z +- name: Ruby + description: A dynamic, interpreted, open source programming language with a focus + on simplicity and productivity + website_url: https://www.ruby-lang.org + version: 2.7.0 + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/989/ruby.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/.ruby-version + detection_source: Repo Metadata + last_updated_by: Peter Boling + last_updated_on: 2020-01-29 02:19:50.000000000 Z +- name: Bundler + description: A consistent environment for tracking and installing gems and versions + website_url: http://bundler.io + open_source: false + hosted_saas: false + category: Build, Test, Deploy + sub_category: Front End Package Manager + image_url: https://img.stackshare.io/service/2988/4e77LXIo_400x400.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Peter Boling + last_updated_on: 2019-10-01 03:54:35.000000000 Z +- name: Git + description: Fast, scalable, distributed revision control system + website_url: http://git-scm.com/ + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Version Control System + image_url: https://img.stackshare.io/service/1046/git.png + detection_source_url: https://github.com/stackshareio/oauth2 + detection_source: Repo Metadata +- name: RSpec + description: Behaviour Driven Development for Ruby + website_url: https://rspec.info/ + version: '3.0' + license: MIT + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Testing Frameworks + image_url: https://img.stackshare.io/service/2539/logo.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Erik Michaels-Ober + last_updated_on: 2013-01-26 08:40:04.000000000 Z +- name: RubyGems + description: Easily download, install, and use ruby software packages on your system + website_url: https://rubygems.org/ + open_source: false + hosted_saas: false + category: Build, Test, Deploy + sub_category: Package Managers + image_url: https://img.stackshare.io/service/12795/5jL6-BA5_400x400.jpeg + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Erik Michaels-Ober + last_updated_on: 2014-07-09 08:03:00.000000000 Z +- name: Travis CI + description: A hosted continuous integration service for open source and private + projects + website_url: http://travis-ci.com/ + open_source: false + hosted_saas: true + category: Build, Test, Deploy + sub_category: Continuous Integration + image_url: https://img.stackshare.io/service/460/Lu6cGu0z_400x400.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/.travis.yml + detection_source: ".travis.yml" + last_updated_by: Erik Michaels-Ober + last_updated_on: 2012-03-13 13:59:45.000000000 Z +- name: npm + description: The package manager for JavaScript. + website_url: https://www.npmjs.com/ + open_source: false + hosted_saas: false + category: Build, Test, Deploy + sub_category: Front End Package Manager + image_url: https://img.stackshare.io/service/1120/lejvzrnlpb308aftn31u.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Michael Bleigh + last_updated_on: 2010-04-22 05:20:38.000000000 Z +- name: Shell + description: A shell is a text-based terminal, used for manipulating programs and + files. Shell scripts typically manage program execution. + website_url: https://en.wikipedia.org/wiki/Shell_script + open_source: false + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/4631/default_c2062d40130562bdc836c13dbca02d318205a962.png + detection_source_url: https://github.com/stackshareio/oauth2 + detection_source: Repo Metadata +- name: addressable + description: Addressable is an alternative implementation to the URI implementation + that is part of Ruby's standard library + package_url: https://rubygems.org/addressable + version: '2.3' + license: Apache-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18870/default_63d360ffaa27bed91e2b067fb467407b5c9da0ed.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Peter Boling + last_updated_on: 2018-01-19 02:23:05.000000000 Z + vulnerabilities: + - name: Regular Expression Denial of Service in Addressable templates + cve_id: CVE-2021-32740 + cve_url: https://github.com/advisories/GHSA-jxhc-q857-3j6g + detected_date: Aug 22 + severity: high + first_patched: 2.8.0 +- name: backports + description: Essential backports that enable many of the nice features of Ruby for + earlier versions + package_url: https://rubygems.org/backports + version: '3.11' + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/19159/default_c8270617b11a0e0bb186cecf4527f28719105688.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Peter Boling + last_updated_on: 2018-01-19 02:23:05.000000000 Z +- name: byebug + description: Byebug is a Ruby debugger + package_url: https://rubygems.org/byebug + license: BSD-2-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18849/default_887cb273c504fac90d07fc552b7b223fbb32ca39.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: Peter Boling + last_updated_on: 2019-10-01 15:24:01.000000000 Z +- name: coveralls + description: A Ruby implementation of the Coveralls API + package_url: https://rubygems.org/coveralls + version: '0.8' + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18833/default_8c2fa81d8b8e48c679685199823ce30d598d3e87.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: Gemfile + last_updated_by: Peter Boling + last_updated_on: 2018-10-13 12:17:19.000000000 Z +- name: faraday + description: HTTP/REST API client library + package_url: https://rubygems.org/faraday + version: '0.8' + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18835/default_0e382579c2f0564abd86ba662410379f1d623a9c.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Yuri S + last_updated_on: 2019-07-16 20:21:20.000000000 Z +- name: jwt + description: A pure ruby implementation of the RFC 7519 OAuth JSON Web Token + package_url: https://rubygems.org/jwt + version: '1.0' + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18991/default_e5e3569d4beb5d51f9ce87c88e8b44a2308e087b.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Michael Bleigh + last_updated_on: 2010-04-22 05:20:38.000000000 Z +- name: multi_json + description: A common interface to multiple JSON libraries + package_url: https://rubygems.org/multi_json + version: '1.3' + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18851/default_b87d202e13d56f87c63181fa49bc5e099c9abaac.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Erik Michaels-Ober + last_updated_on: 2013-12-30 19:35:25.000000000 Z +- name: multi_xml + description: Provides swappable XML backends utilizing LibXML + package_url: https://rubygems.org/multi_xml + version: '0.5' + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/19050/default_76e060fe9703f2b60ce4bc4f9e2633d27597740f.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Erik Michaels-Ober + last_updated_on: 2013-12-30 19:35:25.000000000 Z + vulnerabilities: + - name: Improper Input Validation in multi_xml + cve_id: CVE-2013-0175 + cve_url: https://github.com/advisories/GHSA-pchc-949f-53m5 + detected_date: Aug 22 + severity: high + first_patched: 0.5.2 +- name: pry + description: An IRB alternative and runtime developer console + package_url: https://rubygems.org/pry + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18815/default_f582e4648f4682adb72d2b201218cda7f8e894ac.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: Erik Michaels-Ober + last_updated_on: 2010-10-11 19:25:45.000000000 Z +- name: pry-byebug + description: Combine 'pry' with 'byebug' + package_url: https://rubygems.org/pry-byebug + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18848/default_1c2935fa69cec14d38adad302e002464101cd71f.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: Peter Boling + last_updated_on: 2019-10-01 15:24:01.000000000 Z +- name: rack + description: Rack provides a minimal, modular and adaptable interface for developing + web applications in Ruby + package_url: https://rubygems.org/rack + version: '1.2' + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18839/default_db5cfb0d85d9fd8bfb40a863581417a2a57791ab.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Orien Madgwick + last_updated_on: 2019-10-05 00:34:30.000000000 Z + vulnerabilities: + - name: Possible shell escape sequence injection vulnerability in Rack + cve_id: CVE-2022-30123 + cve_url: https://github.com/advisories/GHSA-wq4h-7r42-5hrr + detected_date: May 28 + severity: critical + first_patched: 2.0.9.1 + - name: Rack has possible DoS Vulnerability in Multipart MIME parsing + cve_id: CVE-2023-27530 + cve_url: https://github.com/advisories/GHSA-3h57-hmj3-gj3p + detected_date: Mar 9 + severity: high + first_patched: 2.0.9.3 + - name: Rack allows Percent-encoded cookies to overwrite existing prefixed cookie + names + cve_id: CVE-2020-8184 + cve_url: https://github.com/advisories/GHSA-j6w9-fv6q-3q52 + detected_date: Aug 22 + severity: high + first_patched: 2.1.4 + - name: Denial of Service Vulnerability in Rack Multipart Parsing + cve_id: CVE-2022-30122 + cve_url: https://github.com/advisories/GHSA-hxqx-xwvh-44m2 + detected_date: May 28 + severity: high + first_patched: 2.0.9.1 + - name: Directory traversal in Rack::Directory app bundled with Rack + cve_id: CVE-2020-8161 + cve_url: https://github.com/advisories/GHSA-5f9h-9pjv-v6j7 + detected_date: Aug 22 + severity: high + first_patched: 2.1.3 + - name: Rack arbitrary code execution via timing attack + cve_id: CVE-2013-0263 + cve_url: https://github.com/advisories/GHSA-xc85-32mf-xpv8 + detected_date: Jun 18 + severity: moderate + first_patched: 1.2.8 + - name: Possible Information Leak / Session Hijack Vulnerability in Rack + cve_id: CVE-2019-16782 + cve_url: https://github.com/advisories/GHSA-hrqr-hxpp-chr3 + detected_date: Aug 22 + severity: moderate + first_patched: 1.6.12 + - name: Rack vulnerable to Denial of Service + cve_id: CVE-2013-0184 + cve_url: https://github.com/advisories/GHSA-v882-ccj6-jc48 + detected_date: Mar 9 + severity: moderate + first_patched: 1.2.7 + - name: Rack vulnerable to Cross-site Scripting + cve_id: CVE-2018-16471 + cve_url: https://github.com/advisories/GHSA-5r2p-j47h-mhpg + detected_date: Aug 22 + severity: moderate + first_patched: 1.6.11 + - name: Moderate severity vulnerability that affects rack + cve_id: + cve_url: https://github.com/advisories/GHSA-9vc2-p34x-jhxh + detected_date: Aug 22 + severity: moderate + first_patched: 1.4.6 + - name: Rack Gem Subject to Denial of Service via Hash Collisions + cve_id: CVE-2011-5036 + cve_url: https://github.com/advisories/GHSA-v6j3-7jrw-hq2p + detected_date: Mar 28 + severity: moderate + first_patched: 1.2.5 + - name: Rack vulnerable to REDoS + cve_id: CVE-2012-6109 + cve_url: https://github.com/advisories/GHSA-h77x-m5q8-c29h + detected_date: Aug 22 + severity: moderate + first_patched: 1.2.6 + - name: Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial) + cve_id: CVE-2024-25126 + cve_url: https://github.com/advisories/GHSA-22f2-v57c-j9cx + detected_date: Feb 29 + severity: low + first_patched: 2.2.8.1 + - name: Rack Header Parsing leads to Possible Denial of Service Vulnerability + cve_id: CVE-2024-26146 + cve_url: https://github.com/advisories/GHSA-54rr-7fvw-6x8f + detected_date: Feb 29 + severity: low + first_patched: 2.0.9.4 +- name: rake + description: Rake is a Make-like program implemented in Ruby + package_url: https://rubygems.org/rake + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18812/default_f582e4648f4682adb72d2b201218cda7f8e894ac.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Peter Boling + last_updated_on: 2019-10-01 09:35:41.000000000 Z +- name: rdoc + description: RDoc produces HTML and command-line documentation for Ruby projects + package_url: https://rubygems.org/rdoc + version: '5.0' + license: Ruby + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18829/default_ba8d7756589e5fc0164687950e3f091b32554546.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Peter Boling + last_updated_on: 2018-01-25 20:48:17.000000000 Z + vulnerabilities: + - name: Arbitrary Code Execution in Rdoc + cve_id: CVE-2021-31799 + cve_url: https://github.com/advisories/GHSA-ggxm-pgc9-g7fp + detected_date: Sep 2 + severity: high + first_patched: 6.1.2.1 +- name: simplecov + description: Code coverage for Ruby 1.9+ with a powerful configuration library and + automatic merging of coverage across test suites + package_url: https://rubygems.org/simplecov + version: '0.9' + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/18819/default_6564ae059af6c4ea7065fd2329370c7a05341cf8.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/Gemfile + detection_source: Gemfile + last_updated_by: Peter Boling + last_updated_on: 2018-10-13 12:17:19.000000000 Z +- name: wwtd + description: Travis simulator so you do not need to wait for the build + package_url: https://rubygems.org/wwtd + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: RubyGems Packages + image_url: https://img.stackshare.io/package/19205/default_33c8326f97a56642e8765668fc1ba3bfeb911247.png + detection_source_url: https://github.com/stackshareio/oauth2/blob/master/oauth2.gemspec + detection_source: oauth2.gemspec + last_updated_by: Peter Boling + last_updated_on: 2018-01-24 03:06:11.000000000 Z