react-bootstrap-table2 icon indicating copy to clipboard operation
react-bootstrap-table2 copied to clipboard

Published 20 hours ago verified publisher icon react-bootstrap-table

underscore version needs update

Open suhailtajshaik opened this issue 3 years ago • 0 comments

Describe the bug The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.

To Reproduce Steps to reproduce the behavior:

  1. npm install, installs "underscore": "1.9.1". Please help in updating the version of underscore to 1.13.6

suhailtajshaik avatar Oct 10 '22 19:10 suhailtajshaik