Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security fix for _.template variable parameter (CVE-2021-23358) #2917

Merged
merged 7 commits into from
Mar 29, 2021

Conversation

jgonggrijp
Copy link
Collaborator

This branch contains my test and fix for the security issue of #2915. The changes visible here were published to NPM as version 1.12.1. Also related to #2911.

@jgonggrijp jgonggrijp linked an issue Mar 29, 2021 that may be closed by this pull request
@jgonggrijp jgonggrijp merged commit bf5a0ed into jashkenas:master Mar 29, 2021
@jgonggrijp jgonggrijp deleted the template-variable-parameter branch March 29, 2021 15:21
@coveralls
Copy link

Coverage Status

Coverage increased (+0.02%) to 95.217% when pulling 7e3d404 on jgonggrijp:template-variable-parameter into 798eafa on jashkenas:master.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Security leak in _.template, please update
2 participants