WS-2018-0210 Low Severity Vulnerability detected by WhiteSource #17

mend-bolt-for-github · 2018-12-19T10:18:28Z

WS-2018-0210 - Low Severity Vulnerability

Vulnerable Library - lodash-4.17.4.tgz

Lodash modular utilities.

path: /vanity.osweekends.com/node_modules/lodash/package.json

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.4.tgz

Dependency Hierarchy:

❌ lodash-4.17.4.tgz (Vulnerable Library)

Found in HEAD commit: 691886f63bb7cb5f6d3649490625c420a62105ef

Vulnerability Details

In the node_module "lodash" before version 4.17.11 the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects.

Publish Date: 2018-11-25

URL: WS-2018-0210

CVSS 2 Score Details (3.5)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: lodash/lodash@90e6199

Release Date: 2018-08-31

Fix Resolution: Replace or update the following files: lodash.js, test.js

Step up your Open Source Security Game with WhiteSource here

The text was updated successfully, but these errors were encountered:

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Dec 19, 2018

UlisesGascon self-assigned this Dec 19, 2018

UlisesGascon added the 🐛 bug Something isn't working label Dec 19, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2018-0210 Low Severity Vulnerability detected by WhiteSource #17

WS-2018-0210 Low Severity Vulnerability detected by WhiteSource #17

mend-bolt-for-github bot commented Dec 19, 2018

WS-2018-0210 Low Severity Vulnerability detected by WhiteSource #17

WS-2018-0210 Low Severity Vulnerability detected by WhiteSource #17

Comments

mend-bolt-for-github bot commented Dec 19, 2018

WS-2018-0210 - Low Severity Vulnerability