Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Critical Vulnerable module - underscore module #53

Open
udhayamoorthys opened this issue Oct 19, 2022 · 3 comments
Open

Critical Vulnerable module - underscore module #53

udhayamoorthys opened this issue Oct 19, 2022 · 3 comments

Comments

@udhayamoorthys
Copy link

Critical Arbitrary Code Execution in underscore
Package underscore
Patched in >=1.12.1
Dependency of json-sql

run npm audit
@lbeschastny
Copy link

If I remember correctly, only _.template is affected by this vulnerability.

So, json-sql should not be actually affected in any way.

@lbeschastny
Copy link

Bumping underscore is still a good idea, though

@santhoshreddytirumuru
Copy link

There is a pull request with potential fix for this
#51

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lbeschastny @santhoshreddytirumuru @udhayamoorthys