Closed marcelomatz closed 2 years ago
Hello everyone. I identified that this repository uses Loadash in a version that has a security vulnerability.
Here have more information about this vulnerability > https://app.snyk.io/vuln/SNYK-JS-LODASH-1040724
In the Lodash repository there is a commit that talks about: Prevent command injection through _.template's variable option https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c
_.template
variable
I think that this vulnerability could jeopardize some applications that are using the NextJS Portfolio Starter.
I don't see that value being used in the lockfile for the latest dependency upgrade 👍
https://github.com/vercel/nextjs-portfolio-starter/pull/9
Hello everyone. I identified that this repository uses Loadash in a version that has a security vulnerability.
Here have more information about this vulnerability > https://app.snyk.io/vuln/SNYK-JS-LODASH-1040724
In the Lodash repository there is a commit that talks about: Prevent command injection through
_.template
'svariable
option https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1cI think that this vulnerability could jeopardize some applications that are using the NextJS Portfolio Starter.