You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to dependency file: /security-admin/src/main/webapp/libs/other/jquery-cookie/js/package.json
Path to vulnerable library: /security-admin/src/main/webapp/libs/other/jquery-cookie/js/node_modules/grunt-legacy-log-utils/node_modules/lodash/package.json,/security-admin/src/main/webapp/libs/other/jquery-cookie/js/node_modules/findup-sync/node_modules/lodash/package.json,/security-admin/src/main/webapp/libs/other/jquery-cookie/js/node_modules/grunt-legacy-log/node_modules/lodash/package.json
Dependency Hierarchy:
grunt-0.4.5.tgz (Root Library)
grunt-legacy-log-0.1.3.tgz
❌ lodash-2.4.2.tgz (Vulnerable Library)
lodash-1.3.1.tgz
A utility library delivering consistency, customization, performance, and extras.
CVE-2021-23337 - High Severity Vulnerability
Vulnerable Libraries - lodash-0.9.2.tgz, lodash-2.4.2.tgz, lodash-1.3.1.tgz
lodash-0.9.2.tgz
A utility library delivering consistency, customization, performance, and extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-0.9.2.tgz
Path to dependency file: /security-admin/src/main/webapp/libs/other/jquery-cookie/js/package.json
Path to vulnerable library: /security-admin/src/main/webapp/libs/other/jquery-cookie/js/node_modules/lodash/package.json
Dependency Hierarchy:
lodash-2.4.2.tgz
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: /security-admin/src/main/webapp/libs/other/jquery-cookie/js/package.json
Path to vulnerable library: /security-admin/src/main/webapp/libs/other/jquery-cookie/js/node_modules/grunt-legacy-log-utils/node_modules/lodash/package.json,/security-admin/src/main/webapp/libs/other/jquery-cookie/js/node_modules/findup-sync/node_modules/lodash/package.json,/security-admin/src/main/webapp/libs/other/jquery-cookie/js/node_modules/grunt-legacy-log/node_modules/lodash/package.json
Dependency Hierarchy:
lodash-1.3.1.tgz
A utility library delivering consistency, customization, performance, and extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-1.3.1.tgz
Path to dependency file: /security-admin/src/main/webapp/libs/other/jquery-cookie/js/package.json
Path to vulnerable library: /security-admin/src/main/webapp/libs/other/jquery-cookie/js/node_modules/wd/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 3d8c1142c5739a45e8e562215c8c83915a44ee6c
Found in base branch: master
Vulnerability Details
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Publish Date: 2021-02-15
URL: CVE-2021-23337
CVSS 3 Score Details (7.2)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-35jh-r3h4-6jhm
Release Date: 2021-02-15
Fix Resolution (lodash): 4.17.21
Direct dependency fix Resolution (grunt): 1.0.3
Fix Resolution (lodash): 4.17.21
Direct dependency fix Resolution (grunt): 1.0.3
⛑️ Automatic Remediation is available for this issue
The text was updated successfully, but these errors were encountered: