Used package (Underscore@1.8.3) in Web Admin contains known vulnerabilities [Medium]

cofoundry-cms / cofoundry

Cofoundry is an extensible and flexible .NET Core CMS & application framework focusing on code first development

https://www.cofoundry.org

MIT License

835 stars 146 forks source link

Used package (Underscore@1.8.3) in Web Admin contains known vulnerabilities [Medium] #518

Closed rwolfdev closed 2 years ago

rwolfdev commented 2 years ago

The web admin package uses a third-party library (underscore@1.8.3) that has a known vulnerability. Reference: https://security.snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984

Updating this library to a newer version would increase security. The latest version of this package has no known security vulnerabilities at the moment (https://security.snyk.io/package/npm/underscore).

HeyJoel commented 2 years ago

The admin panel doesn't use the vulnerable templating feature, and so won't be affected, but I'll see about getting it updated so it doesn't come up in automated security checks.

HeyJoel commented 2 years ago

Fixed in 0.11.3