New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade lodash to version 4.17.13 or later. #11992
Closed
toptalo opened this issue
Jul 15, 2019
· 4 comments
· Fixed by thinkwee/thinkwee.github.io#7, geo6/manager#42, geo6/mapper#61, WealthWizardsEngineering/version-service#7 or WealthWizardsEngineering/service-registry#6
Closed
Upgrade lodash to version 4.17.13 or later. #11992
toptalo opened this issue
Jul 15, 2019
· 4 comments
· Fixed by thinkwee/thinkwee.github.io#7, geo6/manager#42, geo6/mapper#61, WealthWizardsEngineering/version-service#7 or WealthWizardsEngineering/service-registry#6
Labels
archived due to age
This issue has been archived; please open a new issue for any further discussion
triage
An ESLint team member will look at this issue soon
Comments
eslint-deprecated
bot
added
the
triage
An ESLint team member will look at this issue soon
label
Jul 15, 2019
quetzaluz
added a commit
to quetzaluz/eslint
that referenced
this issue
Jul 15, 2019
quetzaluz
added a commit
to quetzaluz/eslint
that referenced
this issue
Jul 15, 2019
quetzaluz
added a commit
to quetzaluz/eslint
that referenced
this issue
Jul 15, 2019
quetzaluz
added a commit
to quetzaluz/eslint
that referenced
this issue
Jul 15, 2019
Issue in lodash filed at lodash/lodash#4348
❤️ |
ETA for a fresh NPM eslint release version, in order to publish this patch for regular users? |
@mcandre We usually release every 2 weeks on Friday or Saturday, with our next release being this week. You can look at issues with the "release" label to follow the next release in general (or see #11955 for this week's release specifically). |
This was referenced Aug 27, 2019
This was referenced Sep 12, 2019
This was referenced Nov 9, 2019
eslint-deprecated
bot
added
the
archived due to age
This issue has been archived; please open a new issue for any further discussion
label
Jan 13, 2020
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
archived due to age
This issue has been archived; please open a new issue for any further discussion
triage
An ESLint team member will look at this issue soon
CVE-2019-10744 More information
high severity
Vulnerable versions: < 4.17.13
Patched version: 4.17.13
Affected versions of lodash are vulnerable to Prototype Pollution.
The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
The text was updated successfully, but these errors were encountered: