You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current release has a lodash dependency set to a fixed version. This version of lodash seems have a high severity security vulnerability.
lodash should be updated to fix the reported vulnerability.
CVE-2019-10744
More information
high severity
Vulnerable versions: < 4.17.13
Patched version: 4.17.13
Affected versions of lodash are vulnerable to Prototype Pollution.
The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
The text was updated successfully, but these errors were encountered:
The current release has a
lodash
dependency set to a fixed version. This version oflodash
seems have a high severity security vulnerability.lodash
should be updated to fix the reported vulnerability.CVE-2019-10744
More information
high severity
Vulnerable versions: < 4.17.13
Patched version: 4.17.13
Affected versions of lodash are vulnerable to Prototype Pollution.
The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
The text was updated successfully, but these errors were encountered: