Skip to content

Critical CVE-2019-10744 in lodash version 3.10.1  #235

Open
Open
Critical CVE-2019-10744 in lodash version 3.10.1 #235
@nishant95

Description

@nishant95
nishant95
opened on Mar 1, 2022

request-promise adds old version (3.10.1 ) of lodash as a transitive dependency which has a CRITICAL CVE-2019-10744

Dependency Tree:

.
.
|─ request-promise@1.0.2
│    |── bluebird@2.11.0
│    |─┬ cls-bluebird@1.1.3
│    │ |── is-bluebird@1.0.2
│    │ └── shimmer@1.2.1
│    |── lodash@3.10.1
│    └── request@2.88.2
.
.

Also, there are some HIGH CVEs as well.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions