You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-for-github-combot
changed the title
underscore-1.9.1.tgz: 1 vulnerabilities (highest severity is: 7.2)
underscore-1.9.1.tgz: 1 vulnerabilities (highest severity is: 7.2) - autoclosed
Jan 19, 2024
mend-for-github-combot
changed the title
underscore-1.9.1.tgz: 1 vulnerabilities (highest severity is: 7.2) - autoclosed
underscore-1.9.1.tgz: 1 vulnerabilities (highest severity is: 7.2)
Jan 19, 2024
ℹ️ This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
mend-for-github-combot
changed the title
underscore-1.9.1.tgz: 1 vulnerabilities (highest severity is: 7.2)
underscore-1.9.1.tgz: 1 vulnerabilities (highest severity is: 7.2) reachable
Mar 21, 2024
mend-for-github-combot
changed the title
underscore-1.9.1.tgz: 1 vulnerabilities (highest severity is: 7.2) reachable
underscore-1.9.1.tgz: 1 vulnerabilities (highest severity is: 7.2)
May 7, 2024
mend-for-github-combot
changed the title
underscore-1.9.1.tgz: 1 vulnerabilities (highest severity is: 7.2)
underscore-1.9.1.tgz: 1 vulnerabilities (highest severity is: 7.2) reachable
May 7, 2024
JavaScript's functional programming helper library.
Library home page: https://registry.npmjs.org/underscore/-/underscore-1.9.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/underscore/package.json
Found in HEAD commit: c1056ecdb56385bee0679cd13b20a6999fa0707e
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - underscore-1.9.1.tgz
JavaScript's functional programming helper library.
Library home page: https://registry.npmjs.org/underscore/-/underscore-1.9.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/underscore/package.json
Dependency Hierarchy:
Found in HEAD commit: c1056ecdb56385bee0679cd13b20a6999fa0707e
Found in base branch: master
Reachability Analysis
This vulnerability is potentially reachable
Vulnerability Details
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
Publish Date: 2021-03-29
URL: CVE-2021-23358
CVSS 3 Score Details (7.2)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358
Release Date: 2021-03-29
Fix Resolution: 1.12.1
In order to enable automatic remediation, please create workflow rules
In order to enable automatic remediation for this issue, please create workflow rules
The text was updated successfully, but these errors were encountered: