You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
there is a medium security vulnerability in a lodash function
Prototype Pollution
Vulnerable module: lodash
Introduced through: lodash@4.17.15 and csvtojson@2.0.10
Detailed paths
Introduced through: @mindconnect/mindconnect-nodejs@mindsphere/mindconnect-nodejs#c6084de5bad0303d94b9d2104ecc6e29d53e5798 › lodash@4.17.15
Remediation: Open PR to patch lodash@4.17.15.
Introduced through: @mindconnect/mindconnect-nodejs@mindsphere/mindconnect-nodejs#c6084de5bad0303d94b9d2104ecc6e29d53e5798 › csvtojson@2.0.10 › lodash@4.17.15
Remediation: Open PR to patch lodash@4.17.15.
Overview
lodash is a modern JavaScript utility library delivering modularity, performance, & extras.
Affected versions of this package are vulnerable to Prototype Pollution. The function zipObjectDeep can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects.
This function is not used by the library. We ill upgrade lodash once the new lodash version is released.
there is a medium security vulnerability in a lodash function
This function is not used by the library. We ill upgrade lodash once the new lodash version is released.
lodash/lodash#4759
The text was updated successfully, but these errors were encountered: