Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Vulnerability CVE-2021-23358 #307

Closed
skorolev-tjc opened this issue Apr 25, 2021 · 1 comment
Closed

Security Vulnerability CVE-2021-23358 #307

skorolev-tjc opened this issue Apr 25, 2021 · 1 comment
Labels
duplicate

Comments

@skorolev-tjc
Copy link

Hi,
We use karma-ui5 plugin in our project and one of the recent builds revealed a vulnerability CVE-2021-23358 which is relevant to your code as it depends on underscore-1.10.2.

CVE-2021-23358 Description:
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.

Could you please update the version?

Thank you.
@RandomByte
Copy link
Member

This is a duplicate of #305 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@RandomByte @skorolev-tjc