Vulnerable Libraries - lodash-2.4.2.tgz, lodash-3.10.1.tgz, lodash-0.9.2.tgz
lodash-2.4.2.tgz
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: Indecrypt-2/static/jquery-ui-1.12.1.custom/package.json
Path to vulnerable library: Indecrypt-2/static/jquery-ui-1.12.1.custom/node_modules/grunt-legacy-log/node_modules/lodash/package.json,Indecrypt-2/static/jquery-ui-1.12.1.custom/node_modules/findup-sync/node_modules/lodash/package.json,Indecrypt-2/static/jquery-ui-1.12.1.custom/node_modules/grunt-legacy-log-utils/node_modules/lodash/package.json
Dependency Hierarchy:
- grunt-0.4.5.tgz (Root Library)
- findup-sync-0.1.3.tgz
- โ lodash-2.4.2.tgz (Vulnerable Library)
lodash-3.10.1.tgz
The modern build of lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz
Path to dependency file: Indecrypt-2/static/jquery-ui-1.12.1.custom/package.json
Path to vulnerable library: Indecrypt-2/static/jquery-ui-1.12.1.custom/node_modules/grunt-bowercopy/node_modules/lodash/package.json,Indecrypt-2/static/jquery-ui-1.12.1.custom/node_modules/xmlbuilder/node_modules/lodash/package.json,Indecrypt-2/static/jquery-ui-1.12.1.custom/node_modules/grunt-jscs/node_modules/lodash/package.json,Indecrypt-2/static/jquery-ui-1.12.1.custom/node_modules/grunt-contrib-csslint/node_modules/lodash/package.json,Indecrypt-2/static/jquery-ui-1.12.1.custom/node_modules/babel-plugin-proto-to-assign/node_modules/lodash/package.json,Indecrypt-2/static/jquery-ui-1.12.1.custom/node_modules/babel-core/node_modules/lodash/package.json,Indecrypt-2/static/jquery-ui-1.12.1.custom/node_modules/jsdoctypeparser/node_modules/lodash/package.json
Dependency Hierarchy:
- grunt-contrib-csslint-0.5.0.tgz (Root Library)
- โ lodash-3.10.1.tgz (Vulnerable Library)
lodash-0.9.2.tgz
A utility library delivering consistency, customization, performance, and extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-0.9.2.tgz
Path to dependency file: Indecrypt-2/static/jquery-ui-1.12.1.custom/package.json
Path to vulnerable library: Indecrypt-2/static/jquery-ui-1.12.1.custom/node_modules/lodash/package.json
Dependency Hierarchy:
- grunt-0.4.5.tgz (Root Library)
- โ lodash-0.9.2.tgz (Vulnerable Library)
Found in HEAD commit: be5e35bc27ca92f0532d889bc304ace229cc56cc
Found in base branch: master
Suggested Fix
Type: Upgrade version
Origin: GHSA-jf85-cpcp-j695
Release Date: 2019-07-08
Fix Resolution: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0