We are facing below Black duck scan security issue with lowdb package.
Please check below screenshot and issue details and kindly suggest the solution or next steps for the same.
CVE-2021-41720
Description : DISPUTED A command injection vulnerability in Lodash 4.17.21 allows attackers to achieve arbitrary code execution via the template function. This is a different parameter, method, and version than CVE-2021-23337. NOTE: the vendor's position is that it's the developer's responsibility to ensure that a template does not evaluate code that originates from untrusted input.
Hi Team,
We are facing below Black duck scan security issue with lowdb package. Please check below screenshot and issue details and kindly suggest the solution or next steps for the same.
CVE-2021-41720 Description : DISPUTED A command injection vulnerability in Lodash 4.17.21 allows attackers to achieve arbitrary code execution via the template function. This is a different parameter, method, and version than CVE-2021-23337. NOTE: the vendor's position is that it's the developer's responsibility to ensure that a template does not evaluate code that originates from untrusted input.