Closed mend-for-github-com[bot] closed 4 years ago
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz
Path to dependency file: /TCSTK-custom-form-app-plugin/package.json
Path to vulnerable library: /tmp/git/TCSTK-custom-form-app-plugin/node_modules/lodash/package.json
Dependency Hierarchy: - custom-webpack-8.0.2.tgz (Root Library) - :x: **lodash-4.17.11.tgz** (Vulnerable Library)
Found in HEAD commit: 6e4e533bc149e5cd444bc4f9846a1b8891635437
A Prototype Pollution vulnerability was found in lodash through version 4.17.11.
Publish Date: 2019-07-08
URL: CVE-2019-10744
Base Score Metrics not available
Type: Upgrade version
Origin: https://github.com/lodash/lodash/pull/4336/commits/a01e4fa727e7294cb7b2845570ba96b206926790
Release Date: 2019-07-08
Fix Resolution: 4.17.12
Updated to 4.17.19
CVE-2019-10744 - High Severity Vulnerability
Vulnerable Library - lodash-4.17.11.tgz
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz
Path to dependency file: /TCSTK-custom-form-app-plugin/package.json
Path to vulnerable library: /tmp/git/TCSTK-custom-form-app-plugin/node_modules/lodash/package.json
Dependency Hierarchy: - custom-webpack-8.0.2.tgz (Root Library) - :x: **lodash-4.17.11.tgz** (Vulnerable Library)
Found in HEAD commit: 6e4e533bc149e5cd444bc4f9846a1b8891635437
Vulnerability Details
A Prototype Pollution vulnerability was found in lodash through version 4.17.11.
Publish Date: 2019-07-08
URL: CVE-2019-10744
CVSS 2 Score Details (7.4)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://github.com/lodash/lodash/pull/4336/commits/a01e4fa727e7294cb7b2845570ba96b206926790
Release Date: 2019-07-08
Fix Resolution: 4.17.12