You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
To Reproduce
run npm audit
lodash.template *
Severity: high
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
fix available via `npm audit fix --force`
Will install oclif@3.17.2, which is a breaking change
node_modules/@oclif/plugin-help/node_modules/lodash.template
node_modules/@oclif/plugin-not-found/node_modules/lodash.template
node_modules/@oclif/plugin-warn-if-update-available/node_modules/lodash.template
node_modules/lodash.template
@oclif/plugin-commands >=3.0.1
Depends on vulnerable versions of lodash.template
node_modules/@oclif/plugin-not-found/node_modules/@oclif/plugin-commands
@oclif/plugin-warn-if-update-available 1.7.0 || 2.0.0 || >=2.1.0
Depends on vulnerable versions of lodash.template
node_modules/@oclif/plugin-help/node_modules/@oclif/plugin-warn-if-update-available
node_modules/@oclif/plugin-not-found/node_modules/@oclif/plugin-warn-if-update-available
node_modules/@oclif/plugin-warn-if-update-available
node_modules/@oclif/plugin-warn-if-update-available/node_modules/@oclif/plugin-warn-if-update-available
oclif >=4.0.0-beta.1
Depends on vulnerable versions of @oclif/plugin-warn-if-update-available
Depends on vulnerable versions of lodash.template
node_modules/@oclif/plugin-help/node_modules/oclif
node_modules/@oclif/plugin-not-found/node_modules/oclif
node_modules/@oclif/plugin-warn-if-update-available/node_modules/oclif
node_modules/oclif
Expected behavior
upgrade lodash.template
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered:
Describe the bug
lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
To Reproduce
run
npm audit
Expected behavior
upgrade lodash.template
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: