cube icon indicating copy to clipboard operation
cube copied to clipboard
Published 2 months ago • verified publisher icon cube-js

CVE-2019-10744 in dependency

Open a-legrand opened this issue 8 months ago • 2 comments

Hello,

your package hive-driver is using jshs2 which is very old and uses version of lodash targeted in critical CVE-2019-10744

thank you for your product :) regards

a-legrand avatar Jun 04 '25 10:06 a-legrand

Hello @a-legrand ,

Thank you for submitting the issue. It's true, I did the PR - https://github.com/imjuni/jshs2/pull/23

on May 21, 2021

It's still not merged )))))

Thanks

ovr avatar Jun 04 '25 20:06 ovr

oh wow!

thank you for your reply :)

a-legrand avatar Jun 05 '25 05:06 a-legrand