Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: measure-text security vulnerability #4

Closed
matt-d-rat opened this issue Aug 19, 2019 · 0 comments
Closed

security: measure-text security vulnerability #4

matt-d-rat opened this issue Aug 19, 2019 · 0 comments
Assignees
@matt-d-rat
Labels
security This issue concerns a security vulnerability

Comments

@matt-d-rat
Copy link
Owner

matt-d-rat commented Aug 19, 2019
edited

Snyk identified an security vulnerability in an upstream dependency of measure-text@0.0.4, as noted by other users here: FormidableLabs/measure-text#5.

Prototype Pollution

  • Vulnerable module: lodash.merge
  • Introduced through: measure-text@0.0.4
  • Path: react-middle-truncate@1.0.0 › measure-text@0.0.4 › lodash.merge@4.6.1
  • CVE-2018-3721

The issue is still outstanding, so in the interim I will import the measure-text dependent code into the react-middle-truncate repo until this issue is resolved.
@matt-d-rat matt-d-rat added the security This issue concerns a security vulnerability label Aug 19, 2019
@matt-d-rat matt-d-rat self-assigned this Aug 19, 2019
@matt-d-rat matt-d-rat mentioned this issue Aug 19, 2019
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@matt-d-rat matt-d-rat

Labels
security This issue concerns a security vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@matt-d-rat