avoid arbitrary code execution in "underscore" dependency #141

christopherwood · 2022-07-12T19:08:22Z

jsonlint -> nomnom -> underscore

Underscore has an arbitrary code execution per the link below.

One solution is to "rm package-lock.json" before building. This file
is the lock file that "npm install" left behind.

More details:

/jsonlint # npm audit

underscore 1.3.2 - 1.12.0
Severity: high
Arbitrary Code Execution in underscore - GHSA-cf4h-3jhx-xvhq
fix available via npm audit fix
node_modules/underscore
nomnom >=1.6.0
Depends on vulnerable versions of underscore
node_modules/nomnom

2 high severity vulnerabilities

To address all issues, run:
npm audit fix

jsonlint -> nomnom -> underscore Underscore has an arbitrary code execution per the link below. GHSA-cf4h-3jhx-xvhq One solution is to "rm package-lock.json" before building. This file is the lock file that "npm install" left behind. More details: /jsonlint # npm audit underscore 1.3.2 - 1.12.0 Severity: high Arbitrary Code Execution in underscore - GHSA-cf4h-3jhx-xvhq fix available via `npm audit fix` node_modules/underscore nomnom >=1.6.0 Depends on vulnerable versions of underscore node_modules/nomnom 2 high severity vulnerabilities To address all issues, run: npm audit fix

christopherwood mentioned this pull request Jul 12, 2022

Arbitrary code execution vulnerability affecting underscore package #133

Open

sklawren mentioned this pull request Jul 21, 2022

High Severity Dependency godaddy/eslint-plugin-i18n-json#55

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

avoid arbitrary code execution in "underscore" dependency #141

avoid arbitrary code execution in "underscore" dependency #141

christopherwood commented Jul 12, 2022

avoid arbitrary code execution in "underscore" dependency #141

Are you sure you want to change the base?

avoid arbitrary code execution in "underscore" dependency #141

Conversation

christopherwood commented Jul 12, 2022