react-bootstrap-table2 Dependency Underscore -1.9.1 has CRITICAL Vulnerability - Arbitrary Code Execution in underscore which has patched in >=1.12.1 versions of underscore

Dependency Underscore -1.9.1 has CRITICAL Vulnerability - Arbitrary Code Execution in underscore which has patched in >=1.12.1 versions of underscore

Open Shobha-Potti opened this issue 1 year ago • 0 comments

when I use this package react-bootstrap-table-next in create-react-app project.

when checking for vulnerabilities in the terminal

npm audit

I am encountering this error

┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Critical │ Arbitrary Code Execution in underscore │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ underscore │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=1.12.1 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ react-bootstrap-table-next │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ react-bootstrap-table-next > underscore │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://github.com/advisories/GHSA-cf4h-3jhx-xvhq ├───────────────┼───────────────────────────────────────

Apr 22 '24 13:04 Shobha-Potti

react-bootstrap-table2 react-bootstrap-table2 copied to clipboard

Dependency Underscore -1.9.1 has CRITICAL Vulnerability - Arbitrary Code Execution in underscore which has patched in >=1.12.1 versions of underscore

react-bootstrap-table2
react-bootstrap-table2 copied to clipboard