-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk: Med] Prototype Pollution (Due 07/05/2020) #3740
Comments
The latest version of lodash pkg still do not have the patch/remediation for |
Patch yet to be release for Lodash v4.17.15. Until then moving this ticket to blocked section. |
It looks like a fix was made but a release still needs to be pushed: https://github.com/lodash/lodash/issues/4837 |
Notified security team that this issue is BLOCKED until the LODASH package is fixed in a later version. |
Looks like a fix is ready: https://github.com/lodash/lodash/issues/4837#issuecomment-655648024 |
Updated lodash pkg to the latest v4.17.19. And a PR #3890 is ready for review. |
Summary
Medium severity vulnerability found
Description: Prototype Pollution
Info: https://app.snyk.io/vuln/SNYK-JS-LODASH-567746
Prototype Pollution is a vulnerability affecting JavaScript.
Remediation: There is no fixed version for lodash.
Completion criteria:
Consider/document alternatives or workaround to solve this security issue and do that thingThe text was updated successfully, but these errors were encountered: