HIGH SEVERITY vulnerability issue , Vulnerable module: lodash.template

oblador / react-native-vector-icons

Customizable Icons for React Native with support for image source and full styling.

https://oblador.github.io/react-native-vector-icons/

MIT License

17.31k stars 2.12k forks source link

HIGH SEVERITY vulnerability issue , Vulnerable module: lodash.template #1402

Closed Udith-Murali closed 2 years ago

Udith-Murali commented 2 years ago

HIGH SEVERITY vulnerability issue Command Injection Vulnerable module: lodash.template Introduced through: lodash.template@4.5.0 Detailed paths Introduced through: react-native-vector-icons@9.0.0 › lodash.template@4.5.0 Overview lodash.template is a The Lodash method _.template exported as a Node.js module.

Affected versions of this package are vulnerable to Command Injection via template

Hoping a fix asap in the upcoming version.

RichardLindhout commented 2 years ago

It's not a runtime dep, so no real security issue

oblador commented 2 years ago

Fixed in 9.1.0