diff --git a/techstack.md b/techstack.md new file mode 100644 index 0000000..fbf6671 --- /dev/null +++ b/techstack.md @@ -0,0 +1,126 @@ + +
+ +# Tech Stack File +![](https://img.stackshare.io/repo.svg "repo") [highlanderkev/ibm-lab3-template-django-bootstrap](https://github.com/highlanderkev/ibm-lab3-template-django-bootstrap)![](https://img.stackshare.io/public_badge.svg "public") +

+|14
Tools used|02/29/24
Report generated| +|------|------| +
+ +## Languages (4) + + + + + + + + + + +
+ CSS 3 +
+ CSS 3 +
+ +		 + JavaScript +
+ JavaScript +
+ +		 + Jinja +
+ Jinja +
+ v3.0 +		 + Python +
+ Python +
+ +
+ +## DevOps (2) + + + + + + +
+ Git +
+ Git +
+ +		 + PyPI +
+ PyPI +
+ +
+ +## Software as a Service (SaaS) (1) + + + + +
+ Pillow +
+ Pillow +
+ +
+ + +## Open source packages (7) + +## PyPI (7) + +|NAME|VERSION|LAST UPDATED|LAST UPDATED BY|LICENSE|VULNERABILITIES| +|:------|:------|:------|:------|:------|:------| +|[Django](https://pypi.org/project/Django)|v3.1.3|11/13/23|Kevin Westropp |BSD-3-Clause|[CVE-2021-35042](https://github.com/advisories/GHSA-xpfp-f569-q3p2) (Critical)
[CVE-2021-44420](https://github.com/advisories/GHSA-v6rh-hp5x-86rv) (High)
[CVE-2021-31542](https://github.com/advisories/GHSA-rxjp-mfm9-w4wr) (High)
[CVE-2021-28658](https://github.com/advisories/GHSA-xgxc-v2qg-chmh) (Moderate)
[CVE-2021-32052](https://github.com/advisories/GHSA-qm57-vhq3-3fwf) (Moderate)| +|[aiohttp](https://pypi.org/project/aiohttp)|v3.8.3|11/13/23|Kevin Westropp |Apache-2.0|[CVE-2023-49081](https://github.com/advisories/GHSA-q3qx-c6g2-7pw2) (High)
[CVE-2024-23334](https://github.com/advisories/GHSA-5h86-8mv2-jq9f) (Moderate)
[CVE-2023-47627](https://github.com/advisories/GHSA-gfw2-4jvh-wgfg) (Moderate)
[](https://github.com/advisories/GHSA-pjjw-qhg8-p2p9) (Moderate)
[CVE-2023-49082](https://github.com/advisories/GHSA-qvrw-v9rv-5rjx) (Moderate)
[CVE-2023-37276](https://github.com/advisories/GHSA-45c4-8wx5-qw6w) (Moderate)
[CVE-2024-23829](https://github.com/advisories/GHSA-8qpw-xqxj-h4r2) (Moderate)| +|[click](https://pypi.org/project/click)|v8.0.4|11/13/23|Kevin Westropp |BSD-3-Clause|N/A| +|[gunicorn](https://pypi.org/project/gunicorn)|v20.1.0|11/13/23|Kevin Westropp |MIT|N/A| +|[multidict](https://pypi.org/project/multidict)|v4.5|11/13/23|Kevin Westropp |Apache-2.0|N/A| +|[typing-extensions](https://pypi.org/project/typing-extensions)|v4.2.0|11/13/23|Kevin Westropp |Python-2.0|N/A| +|[wheel](https://pypi.org/project/wheel)|v0.41.1|11/13/23|Kevin Westropp |MIT|N/A| + +
+
+ +Generated via [Stack File](https://github.com/marketplace/stack-file) diff --git a/techstack.yml b/techstack.yml new file mode 100644 index 0000000..c146062 --- /dev/null +++ b/techstack.yml @@ -0,0 +1,265 @@ +repo_name: highlanderkev/ibm-lab3-template-django-bootstrap +report_id: c859266dd76457b66556ce0a2d893a15 +version: 0.1 +repo_type: Public +timestamp: '2024-02-29T19:47:22+00:00' +requested_by: highlanderkev +provider: github +branch: main +detected_tools_count: 14 +tools: +- name: CSS 3 + description: The latest evolution of the Cascading Style Sheets language + website_url: https://developer.mozilla.org/en-US/docs/Web/CSS/CSS3 + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/6727/css.png + detection_source_url: https://github.com/highlanderkev/ibm-lab3-template-django-bootstrap + detection_source: Repo Metadata +- name: JavaScript + description: Lightweight, interpreted, object-oriented language with first-class + functions + website_url: https://developer.mozilla.org/en-US/docs/Web/JavaScript + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/1209/javascript.jpeg + detection_source_url: https://github.com/highlanderkev/ibm-lab3-template-django-bootstrap + detection_source: Repo Metadata +- name: Jinja + description: Full featured template engine for Python + website_url: https://palletsprojects.com/p/jinja/ + version: '3.0' + license: BSD-3-Clause + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Templating Languages & Extensions + image_url: https://img.stackshare.io/service/2303/New_Project__20_.png + detection_source_url: https://github.com/highlanderkev/ibm-lab3-template-django-bootstrap/blob/main/requirements.txt + detection_source: requirements.txt + last_updated_by: Kevin Westropp + last_updated_on: 2023-11-13 05:03:37.000000000 Z +- name: Python + description: A clear and powerful object-oriented programming language, comparable + to Perl, Ruby, Scheme, or Java. + website_url: https://www.python.org + open_source: true + hosted_saas: false + category: Languages & Frameworks + sub_category: Languages + image_url: https://img.stackshare.io/service/993/pUBY5pVj.png + detection_source_url: https://github.com/highlanderkev/ibm-lab3-template-django-bootstrap + detection_source: Repo Metadata +- name: Git + description: Fast, scalable, distributed revision control system + website_url: http://git-scm.com/ + open_source: true + hosted_saas: false + category: Build, Test, Deploy + sub_category: Version Control System + image_url: https://img.stackshare.io/service/1046/git.png + detection_source_url: https://github.com/highlanderkev/ibm-lab3-template-django-bootstrap + detection_source: Repo Metadata +- name: PyPI + description: A repository of software for the Python programming language + website_url: https://pypi.org/ + open_source: false + hosted_saas: false + category: Build, Test, Deploy + sub_category: Hosted Package Repository + image_url: https://img.stackshare.io/service/12572/-RIWgodF_400x400.jpg + detection_source_url: https://github.com/highlanderkev/ibm-lab3-template-django-bootstrap/blob/main/requirements.txt + detection_source: requirements.txt + last_updated_by: Kevin Westropp + last_updated_on: 2023-11-13 05:03:37.000000000 Z +- name: Pillow + description: Python Imaging Library + website_url: https://python-pillow.github.io/ + open_source: true + hosted_saas: false + category: Assets and Media + sub_category: Image Processing and Management + image_url: https://img.stackshare.io/service/2375/default_1f67b0ca7416a9f52beb655f90b5602d5ef74b75.jpg + detection_source_url: https://github.com/highlanderkev/ibm-lab3-template-django-bootstrap/blob/main/requirements.txt + detection_source: requirements.txt + last_updated_by: Kevin Westropp + last_updated_on: 2023-11-13 05:03:37.000000000 Z +- name: Django + description: A high-level Python Web framework that encourages rapid development + and clean + package_url: https://pypi.org/project/Django + version: 3.1.3 + license: BSD-3-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19832/default_58dbe7b4d7ec447b62773209af0f9a31bbabf5bd.png + detection_source_url: https://github.com/highlanderkev/ibm-lab3-template-django-bootstrap/blob/main/requirements.txt + detection_source: requirements.txt + last_updated_by: Kevin Westropp + last_updated_on: 2023-11-13 05:03:37.000000000 Z + vulnerabilities: + - name: SQL Injection in Django + cve_id: CVE-2021-35042 + cve_url: https://github.com/advisories/GHSA-xpfp-f569-q3p2 + detected_date: Sep 23 + severity: critical + first_patched: 3.1.13 + - name: Potential bypass of an upstream access control based on URL paths in Django + cve_id: CVE-2021-44420 + cve_url: https://github.com/advisories/GHSA-v6rh-hp5x-86rv + detected_date: Dec 14 + severity: high + first_patched: 3.1.14 + - name: Path Traversal in Django + cve_id: CVE-2021-31542 + cve_url: https://github.com/advisories/GHSA-rxjp-mfm9-w4wr + detected_date: Aug 22 + severity: high + first_patched: 3.1.9 + - name: Directory Traversal in Django + cve_id: CVE-2021-28658 + cve_url: https://github.com/advisories/GHSA-xgxc-v2qg-chmh + detected_date: Aug 22 + severity: moderate + first_patched: 3.1.8 + - name: Header injection possible in Django + cve_id: CVE-2021-32052 + cve_url: https://github.com/advisories/GHSA-qm57-vhq3-3fwf + detected_date: Aug 22 + severity: moderate + first_patched: 3.1.10 +- name: aiohttp + description: Async http client/server framework + package_url: https://pypi.org/project/aiohttp + version: 3.8.3 + license: Apache-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19852/default_d748224707283d9d8a73c2323730c87bda6b313a.png + detection_source_url: https://github.com/highlanderkev/ibm-lab3-template-django-bootstrap/blob/main/requirements.txt + detection_source: requirements.txt + last_updated_by: Kevin Westropp + last_updated_on: 2023-11-13 05:03:37.000000000 Z + vulnerabilities: + - name: aiohttp's ClientSession is vulnerable to CRLF injection via version + cve_id: CVE-2023-49081 + cve_url: https://github.com/advisories/GHSA-q3qx-c6g2-7pw2 + detected_date: Nov 28 + severity: high + first_patched: 3.9.0 + - name: aiohttp is vulnerable to directory traversal + cve_id: CVE-2024-23334 + cve_url: https://github.com/advisories/GHSA-5h86-8mv2-jq9f + detected_date: Jan 30 + severity: moderate + first_patched: 3.9.2 + - name: AIOHTTP has problems in HTTP parser (the python one, not llhttp) + cve_id: CVE-2023-47627 + cve_url: https://github.com/advisories/GHSA-gfw2-4jvh-wgfg + detected_date: Nov 15 + severity: moderate + first_patched: 3.8.6 + - name: aiohttp has vulnerable dependency that is vulnerable to request smuggling + cve_id: + cve_url: https://github.com/advisories/GHSA-pjjw-qhg8-p2p9 + detected_date: Nov 29 + severity: moderate + first_patched: 3.8.6 + - name: aiohttp's ClientSession is vulnerable to CRLF injection via method + cve_id: CVE-2023-49082 + cve_url: https://github.com/advisories/GHSA-qvrw-v9rv-5rjx + detected_date: Nov 28 + severity: moderate + first_patched: 3.9.0 + - name: aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp + HTTP request parser + cve_id: CVE-2023-37276 + cve_url: https://github.com/advisories/GHSA-45c4-8wx5-qw6w + detected_date: Jul 21 + severity: moderate + first_patched: 3.8.5 + - name: aiohttp's HTTP parser (the python one, not llhttp) still overly lenient + about separators + cve_id: CVE-2024-23829 + cve_url: https://github.com/advisories/GHSA-8qpw-xqxj-h4r2 + detected_date: Jan 30 + severity: moderate + first_patched: 3.9.2 +- name: click + description: Composable command line interface toolkit + package_url: https://pypi.org/project/click + version: 8.0.4 + license: BSD-3-Clause + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19830/default_74a61b43bdb9fc0cba2978316b9976f43545029b.png + detection_source_url: https://github.com/highlanderkev/ibm-lab3-template-django-bootstrap/blob/main/requirements.txt + detection_source: requirements.txt + last_updated_by: Kevin Westropp + last_updated_on: 2023-11-13 05:03:37.000000000 Z +- name: gunicorn + description: WSGI HTTP Server for UNIX + package_url: https://pypi.org/project/gunicorn + version: 20.1.0 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19931/default_74a0c20721d3a0a1484d69586401591fe8993db2.png + detection_source_url: https://github.com/highlanderkev/ibm-lab3-template-django-bootstrap/blob/main/requirements.txt + detection_source: requirements.txt + last_updated_by: Kevin Westropp + last_updated_on: 2023-11-13 05:03:37.000000000 Z +- name: multidict + description: Multidict implementation + package_url: https://pypi.org/project/multidict + version: '4.5' + license: Apache-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/20160/default_8822b1755ae0c97a622ebcb1aa9cafa328004f81.png + detection_source_url: https://github.com/highlanderkev/ibm-lab3-template-django-bootstrap/blob/main/requirements.txt + detection_source: requirements.txt + last_updated_by: Kevin Westropp + last_updated_on: 2023-11-13 05:03:37.000000000 Z +- name: typing-extensions + description: Backported and Experimental Type Hints for Python 3.5+ + package_url: https://pypi.org/project/typing-extensions + version: 4.2.0 + license: Python-2.0 + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19875/default_2270bfab784e3d2c2d999d26b11ee478a9dad238.png + detection_source_url: https://github.com/highlanderkev/ibm-lab3-template-django-bootstrap/blob/main/requirements.txt + detection_source: requirements.txt + last_updated_by: Kevin Westropp + last_updated_on: 2023-11-13 05:03:37.000000000 Z +- name: wheel + description: A built-package format for Python + package_url: https://pypi.org/project/wheel + version: 0.41.1 + license: MIT + open_source: true + hosted_saas: false + category: Libraries + sub_category: PyPI Packages + image_url: https://img.stackshare.io/package/19889/default_7182952cb92ae36151a754e2592ac68e6e6340df.png + detection_source_url: https://github.com/highlanderkev/ibm-lab3-template-django-bootstrap/blob/main/requirements.txt + detection_source: requirements.txt + last_updated_by: Kevin Westropp + last_updated_on: 2023-11-13 05:03:37.000000000 Z