This repository has been archived by the owner on Apr 11, 2023. It is now read-only.
Upgrade Vulnerable Library: underscore (npm) from >= 1.3.2 and 1.12.1 to 1.12.1 #356
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
The text was updated successfully, but these errors were encountered: