Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Lodash prototype pollution vulnerability #437

Open
vidhyadharmaraj opened this issue Aug 21, 2019 · 1 comment
Open

Lodash prototype pollution vulnerability #437

vidhyadharmaraj opened this issue Aug 21, 2019 · 1 comment

Comments

@vidhyadharmaraj
Copy link

https://snyk.io/blog/snyk-research-team-discovers-severe-prototype-pollution-security-vulnerabilities-affecting-all-versions-of-lodash/

It seems the last version of grunt-ts requires the following package(s):
csproj2ts inturn using vulnerable lodash version 4.17.4

Unfortunately, these packages have a dependency of lodash. https://snyk.io/vuln/npm:lodash fixed at version 4.17.12.

I'm just creating the issue to notify this fact and request a dependency update when the related packages are updated.
@nycdotnet
Copy link
Contributor

Thanks.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nycdotnet @vidhyadharmaraj