WS-2018-0210 Low Severity Vulnerability detected by WhiteSource #8

mend-bolt-for-github · 2018-12-07T12:44:05Z

WS-2018-0210 - Low Severity Vulnerability

Vulnerable Library - lodash-4.17.5.tgz

Lodash modular utilities.

path: /tmp/git/listo-firebase/firebase/functions/node_modules/lodash/package.json

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.5.tgz

Dependency Hierarchy:

firebase-functions-0.5.9.tgz (Root Library)
- ❌ lodash-4.17.5.tgz (Vulnerable Library)

Vulnerability Details

In the node_module "lodash" before version 4.17.11 the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects.

Publish Date: 2018-11-25

URL: WS-2018-0210

CVSS 2 Score Details (3.5)

Base Score Metrics not available

Suggested Fix

Type: Change files

Origin: lodash/lodash@90e6199

Release Date: 2018-08-31

Fix Resolution: Replace or update the following files: lodash.js, test.js

Step up your Open Source Security Game with WhiteSource here

The text was updated successfully, but these errors were encountered:

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Dec 7, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2018-0210 Low Severity Vulnerability detected by WhiteSource #8

WS-2018-0210 Low Severity Vulnerability detected by WhiteSource #8

mend-bolt-for-github bot commented Dec 7, 2018

WS-2018-0210 Low Severity Vulnerability detected by WhiteSource #8

WS-2018-0210 Low Severity Vulnerability detected by WhiteSource #8

Comments

mend-bolt-for-github bot commented Dec 7, 2018

WS-2018-0210 - Low Severity Vulnerability