Dependency Underscore -1.9.1 has CRITICAL Vulnerability - Arbitrary Code Execution in underscore which has patched in >=1.12.1 versions of underscore

Question

Dependency Underscore -1.9.1 has CRITICAL Vulnerability - Arbitrary Code Execution in underscore which has patched in >=1.12.1 versions of underscore

Shobha-Potti opened this issue 7 months ago · 0 comments

when I use this package react-bootstrap-table-next in create-react-app project.

when checking for vulnerabilities in the terminal

npm audit

I am encountering this error

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical │ Arbitrary Code Execution in underscore │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ underscore │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=1.12.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ react-bootstrap-table-next │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ react-bootstrap-table-next > underscore │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ GHSA-cf4h-3jhx-xvhq
├───────────────┼───────────────────────────────────────