elastic-builder icon indicating copy to clipboard operation
elastic-builder copied to clipboard

Published 20 hours ago verified publisher icon sudo-suhas

Vulnerability in old lodash dependencies.

Open vijaykerure opened this issue 1 year ago • 1 comments

I am using the most recent version of Elastic Builder, and following a vulnerability scan, we discovered a couple Lodash modules with critical vulnerabilities.

Vulnerable versions:

  1. lodash.head: 4.0.1
  2. lodash.isstring: 4.0.1

vulnerability

vijaykerure avatar Apr 05 '24 07:04 vijaykerure

There is no newer version - https://www.npmjs.com/package/lodash.head, https://www.npmjs.com/package/lodash.isstring

PR to eliminate use of those packages is welcome.

sudo-suhas avatar Apr 14 '24 14:04 sudo-suhas