WS-2020-0070 (High) detected in lodash-4.17.15.tgz #3

mend-bolt-for-github · 2020-05-10T13:04:10Z

WS-2020-0070 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.15.tgz

Lodash modular utilities.

Path to dependency file: /tmp/ws-scm/csv-parser/package.json

Path to vulnerable library: /tmp/ws-scm/csv-parser/node_modules/lodash/package.json

Dependency Hierarchy:

jest-26.0.1.tgz (Root Library)
- core-26.0.1.tgz
  - transform-26.0.1.tgz
    - core-7.9.6.tgz
      - ❌ lodash-4.17.15.tgz (Vulnerable Library)

Vulnerability Details

a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype

Publish Date: 2020-04-28

CVSS 3 Score Details (7.4)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

vaibhavarora14 · 2020-05-10T13:19:31Z

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label May 10, 2020