resume-cli [DepShield] (CVSS 8.8) Vulnerability due to usage of underscore:1.6.0

[DepShield] (CVSS 8.8) Vulnerability due to usage of underscore:1.6.0

Open sonatype-depshield[bot] opened this issue 2 years ago • 0 comments

Vulnerabilities

DepShield reports that this application's usage of underscore:1.6.0 results in the following vulnerability(s):

(CVSS 8.8) CWE-94: Improper Control of Generation of Code ('Code Injection')
(CVSS 7.2) [CVE-2021-23358] The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before ...

Occurrences

underscore:1.6.0 is a transitive dependency introduced by the following direct dependency(s):

• jsonlint:1.6.3 └─ nomnom:1.8.1 └─ underscore:1.6.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Apr 20 '22 12:04 sonatype-depshield[bot]

resume-cli resume-cli copied to clipboard

[DepShield] (CVSS 8.8) Vulnerability due to usage of underscore:1.6.0

resume-cli
resume-cli copied to clipboard