Skip to content

openbadge pulls in vulnerable module lodash - CVE-2021-23337 #7

New issue
New issue
Open
Open
openbadge pulls in vulnerable module lodash - CVE-2021-23337#7
@yahanvesh

Description

@yahanvesh
yahanvesh
opened on Apr 28, 2021

The latest lodash module which is not vulnerable is 4.17.21. For more on the vulnerability, please visit https://nvd.nist.gov/vuln/detail/CVE-2021-23337

Recommendation
Update the lodash module dependency to 4.17.21 or later

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions