Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

One low severity vulnerability caused by lodash

See original GitHub issue

Node: v9.3.0 NPM: 6.1.0 React-native: 0.56.0 Native-base: 2.7.0

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.17.5                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ native-base                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ native-base > lodash                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/577                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 84357 scanned packages 
  1 vulnerability requires manual review. See the full report for details.

Issue Analytics

State:
Created 5 years ago
Comments:17 (6 by maintainers)

Top GitHub Comments

1reaction

m14tcommented, Aug 8, 2018

Would it be possible to get a new release out with c737188? Thank you!

1reaction

SupriyaKalghatgicommented, Aug 6, 2018

Fixed https://github.com/GeekyAnts/NativeBase/commit/c737188cb224e76bc6b8a89e9cb4f6d874a84db3

Top Results From Across the Web

i am getting a low severity vulnerability related to lodash ...

It means that the package has a known vulnerability in this case one with low severity. To clarify it is not related to...

lodash 4.17.4 vulnerabilities

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber , trim and trimEnd functions.

Security Bulletin: Vulnerability in Lodash affects ...

There is a vulnerability in Lodash that could allow an attacker to launch a DOS attack. The code is used by IBM Process...

Prototype Pollution in lodash - CVE-2020-8203

Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The function zipObjectDeep allows a malicious user to modify the prototype of...

Lodash < 4.17.12 Prototype Pollution

According to its self-reported version number, Lodash is prior to 4.17.12. It is, therefore, affected by a prototype pollution vulnerability in the function ......