CVE-2021-23358 - Githubissues

dchester / jsonpath

Query and manipulate JavaScript objects with JSONPath expressions. Robust JSONPath engine for Node.js.

MIT License

1.35k stars 216 forks source link

Closed wickedest closed 3 years ago

wickedest commented 3 years ago

There is CVE-2021-23358 with underscore, which is pinned at "1.7.0". Fixed in 1.12.1. https://github.com/jashkenas/underscore/issues/2915

dchester commented 3 years ago

Fixed in version 1.1.1

j0k3r commented 3 years ago

Thanks for the release. But the tag wasn't created on GitHub.