Spartacus is a lean, Angular-based JavaScript storefront for SAP Commerce Cloud that communicates exclusively through the Commerce REST API.
744
stars
389
forks
source link
Sec Alert. lodash.template. Increase Version to 4.5.0. Prototype Pollution #6288
Closed
giancorderoortiz closed 4 years ago
The following security alert has been risen by github.
Alert: https://github.com/SAP/cloud-commerce-spartacus-storefront/network/alert/yarn.lock/lodash.template/open
Severity: critical-severity
Request: Upgrade lodash.template to version 4.5.0 or later
Motive: Affected versions of lodash are vulnerable to Prototype Pollution. See CVE-2019-10744 https://github.com/advisories/GHSA-jf85-cpcp-j695
Additional comments: If decision is to dismiss, please provide concrete justification for further assessment during peer review.