graphql-cli-prepare icon indicating copy to clipboard operation
graphql-cli-prepare copied to clipboard

Published 20 hours ago verified publisher icon graphql-cli

fix vulnerability in lodash

Open jjaybrown opened this issue 6 years ago • 1 comments

Prototype Pollution Vulnerable module: lodash Introduced through: [email protected] Detailed paths Introduced through: @spherehq/[email protected][email protected][email protected][email protected] Remediation: No remediation path available. Vulnerable Functions lodash.safeGet

Overview lodash is a modern JavaScript utility library delivering modularity, performance, & extras.

Affected versions of this package are vulnerable to Prototype Pollution. The functions merge, mergeWith, and defaultsDeep could be tricked into adding or modifying properties of Object.prototype. This is due to an incomplete fix to CVE-2018-3721.

jjaybrown avatar Jul 26 '19 16:07 jjaybrown

@schickling not sure whether this is something you could help with?

jjaybrown avatar Jul 29 '19 10:07 jjaybrown