search

peterolson / BigInteger.js

An arbitrary length integer library for Javascript
The Unlicense
1.12k stars 187 forks source link

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') #218

Closed love89music closed 2 years ago

love89music commented 2 years ago

Hi team,

Will we have plan to fix this in the future. https://ossindex.sonatype.org/vulnerability/afbfcdda-fd2d-42b6-aa10-bf8343466d99?component-type=npm&component-name=big-integer

Thank you

attritionorg commented 2 years ago

https://github.com/peterolson/BigInteger.js/issues/216

love89music commented 2 years ago

Hi Team,

If team can specify the lodash version to "lodash": "^4.17.21" we can fix current issue.

Thanks.

peterolson commented 2 years ago

Fixed by #219