protoEvangelion / portfolio

Gatsby blog + portfolio
https://iamrhino.com
2 stars 2 forks source link

WS-2018-0210 Low Severity Vulnerability detected by WhiteSource #61

Closed mend-bolt-for-github[bot] closed 3 years ago

mend-bolt-for-github[bot] commented 5 years ago

WS-2018-0210 - Low Severity Vulnerability

Vulnerable Library - lodash-4.17.5.tgz

Lodash modular utilities.

path: /portfolio/node_modules/gatsby-remark-relative-images/node_modules/lodash/package.json

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.5.tgz

Dependency Hierarchy: - :x: **lodash-4.17.5.tgz** (Vulnerable Library)

Found in HEAD commit: e5ebdb9ba4b4baae51e825b062db4d5f9604f5f7

Vulnerability Details

In the node_module "lodash" before version 4.17.11 the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects.

Publish Date: 2018-11-25

URL: WS-2018-0210

CVSS 2 Score Details (3.5)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: https://github.com/lodash/lodash/commit/90e6199a161b6445b01454517b40ef65ebecd2ad

Release Date: 2018-08-31

Fix Resolution: Replace or update the following files: lodash.js, test.js


Step up your Open Source Security Game with WhiteSource here