CVE-2018-16487 High Severity Vulnerability detected by WhiteSource #50

mend-bolt-for-github · 2019-02-22T01:18:31Z

CVE-2018-16487 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.4.tgz

Lodash modular utilities.

path: /tmp/git/nthu-select-courses/node_modules/lodash/package.json

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.4.tgz

Dependency Hierarchy:

babel-core-6.26.0.tgz (Root Library)
- ❌ lodash-4.17.4.tgz (Vulnerable Library)

Vulnerability Details

A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.

Publish Date: 2019-02-01

URL: CVE-2018-16487

CVSS 2 Score Details (7.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16487

Release Date: 2019-02-01

Fix Resolution: 4.17.11

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Feb 22, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2018-16487 High Severity Vulnerability detected by WhiteSource #50

CVE-2018-16487 High Severity Vulnerability detected by WhiteSource #50

mend-bolt-for-github bot commented Feb 22, 2019

CVE-2018-16487 High Severity Vulnerability detected by WhiteSource #50

CVE-2018-16487 High Severity Vulnerability detected by WhiteSource #50

Comments

mend-bolt-for-github bot commented Feb 22, 2019

CVE-2018-16487 - High Severity Vulnerability