Npm Audit - Arbitrary Code Execution - underscore

CSNW / sql-bricks

Transparent, Schemaless SQL Generation

http://csnw.github.io/sql-bricks

MIT License

203 stars 25 forks source link

Npm Audit - Arbitrary Code Execution - underscore #126

Closed talha-aftab closed 3 years ago

talha-aftab commented 3 years ago

npm audit

underscore 1.3.2 - 1.12.0 Severity: high Arbitrary Code Execution - https://npmjs.com/advisories/1674 No fix available node_modules/underscore sql-bricks * Depends on vulnerable versions of underscore node_modules/sql-bricks

solution: Bump underscore to 1.13.1 "dependencies": { "underscore": "^1.13.1" },

prust commented 3 years ago

Thanks for reporting! This was addressed by @pgarrison in #127, closing.