CraZySacX
commented
3 years ago 0.7.4 has been released back in January and lodash has been updated to 4.17.20.
Open fengnian7 opened 3 years ago
CraZySacX
commented
3 years ago 0.7.4 has been released back in January and lodash has been updated to 4.17.20.
fengnian7
commented
3 years ago Thank you for your reply. lodash 4.17.20 version still has the two vulnerabilities but not 4.17.21 version
Hi, I have some questions to ask. In version 0.6.3 of the jdbc , there are fatal vulnerabilities in the dependent version 4.17.5 of lodash under java that jdbc directly depends on and under async of java. The two fatal vulnerabilities are CVE-2019-10744 and CVE-2020-36242 in version 4.17.5 of lodash. Do you have the plan to solve the vulnerabilities of lodash in the next version of jdbc? Thanks.