scriptex/AnimateMe

CVE-2019-10744 (High) detected in lodash-4.17.11.tgz

Closed this issue · 0 comments

mend-bolt-for-github commented

CVE-2019-10744 - High Severity Vulnerability

Vulnerable Library - lodash-4.17.11.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz

Path to dependency file: /AnimateMe/package.json

Path to vulnerable library: /tmp/git/AnimateMe/node_modules/lodash/package.json

Dependency Hierarchy:

  • @babel/cli-7.5.0.tgz (Root Library)
    • lodash-4.17.11.tgz (Vulnerable Library)

Found in HEAD commit: 122c18a40e27192676945bd05c469ea3a36baa7e

Vulnerability Details

A Prototype Pollution vulnerability was found in lodash through version 4.17.11.

Publish Date: 2019-07-08

URL: CVE-2019-10744

CVSS 2 Score Details (7.4)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: lodash/lodash@a01e4fa

Release Date: 2019-07-08

Fix Resolution: 4.17.12

Step up your Open Source Security Game with WhiteSource here