jshs2 icon indicating copy to clipboard operation
jshs2 copied to clipboard

Published 20 hours ago verified publisher icon imjuni

Vulnerable version of lodash

Open dylanfprice opened this issue 3 years ago • 1 comments

Our vulnerability scanner found these while scanning the cube.js Docker image. Here is a list of CVEs affecting lodash 3.10.1:

  • CVE-2019-10744
  • CVE-2021-23337
  • CVE-2018-16487
  • CVE-2019-1010266
  • CVE-2020-28500
  • CVE-2020-8203
  • CVE-2018-3721

dylanfprice avatar May 06 '21 16:05 dylanfprice

Hey @dylanfprice, We're part of a startup called Seal Security that mitigates software vulnerabilities in older open source versions by backporting/creating standalone security patches - enabling more straightforward remediation in cases like this. We created a lodash versions that's vulnerability-free. As with all of our patches, it's open-source and available for free.

If relevant, check out our GitHub repo if you wish to learn more, or start using our app.

Please feel free to reach us at [email protected] if you have any requests/questions.

levpachmanov avatar Dec 10 '23 16:12 levpachmanov