Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

lodash Vulnerability

See original GitHub issue

Expected Behavior

yarn audit shouldn’t return any audit problems

Actual Behavior

yarn audit returns High vulnerability More info https://www.npmjs.com/advisories/1065

Possible Solution

Upgrade lodash

Steps to Reproduce

yarn audit / npm audit

Context

Currently breaks CI as we rely on audits

Environment

Node Version: v10.14.1
Package Manager Version: 6.4.1
Operating System: 18.6.0 Darwin Kernel Version 18.6.0: Thu Apr 25 23:16:27 PDT 2019; root:xnu-4903.261.4~2/RELEASE_X86_64 x86_64
Package Version: 3.0.4

Issue Analytics

State:
Created 4 years ago
Reactions:4
Comments:7 (4 by maintainers)

Top GitHub Comments

1reaction

michaeljqzqcommented, Sep 16, 2019

@petercooperjr-spls Sorry due to some issues in CI, 3.0.5 publish failed. We just fixed this and published 3.0.5, please check.

1reaction

msftbot[bot]commented, Sep 2, 2019

Thanks for working with Microsoft on GitHub! Tell us how you feel about your experience using the reactions on this comment.

Top Results From Across the Web

lodash vulnerabilities | Snyk

version published direct vulnerabilities 4.17.21 20 Feb, 2021 0. C. 0. H. 0. M. 0. L 4.17.20 13 Aug, 2020 0. C. 1. H. 1....

Lodash : Security vulnerabilities - CVE Details

# CVE ID CWE ID Vulnerability Type(s) Publish Date Update Date Score Gaine... 1 CVE‑2021‑23337 94 2021‑02‑15 2022‑09‑13 6.5 None 2 CVE‑2020‑28500 DoS 2021‑02‑15 2022‑09‑13...

Lodash: Understanding the recent ... - DEV Community ‍ ‍

Lodash versions prior to 4.17.19 are vulnerable to a Prototype Pollution (CVE-2020-8203). The function zipObjectDeep() allows a malicious user ...

Security Bulletin: Lodash versions prior to 4.17.21 vulnerability ...

DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) in the ...

Lodash: Understanding the recent vulnerability and how we ...

Lodash versions prior to 4.17.19 are vulnerable to a Prototype Pollution (CVE-2020-8203). The function zipObjectDeep() allows a malicious user to modify the ...