Skip to content

Bump lodash from 4.17.4 to 4.17.15 #108

New issue
New issue
Closed
#109
Closed
Bump lodash from 4.17.4 to 4.17.15#108
#109
Labels
securityNeeds immediate attentiontechnical debtIt was like this when I joined the project
@nunojsferreira

Description

@nunojsferreira
nunojsferreira
opened on Dec 20, 2019

CVE-2019-10744

critical severity
Vulnerable versions: < 4.17.12
Patched version: 4.17.12

Affected versions of lodash are vulnerable to Prototype Pollution.
The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

Metadata

Metadata

Assignees

No one assigned

    Labels

    securityNeeds immediate attentiontechnical debtIt was like this when I joined the project

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions