You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@johnnyporkchops@patphongs do you still see this listed as a vulnerability? Looks like develop is using lodash@4.17.21 which seems to have other vulnerabilities but not this one
Regular Expression Denial of Service (ReDoS)
Vulnerable module:
lodash
Introduced through:
swagger-tools@0.10.4
Exploit maturity: Proof of concept
Detailed paths
Introduced through: openfec@1.0.0 › swagger-tools@0.10.4 › lodash@4.17.20
Remediation: No remediation path available.
Introduced through: openfec@1.0.0 › swagger-tools@0.10.4 › async@2.6.3 › lodash@4.17.20
Remediation: No remediation path available.
Introduced through: openfec@1.0.0 › swagger-tools@0.10.4 › json-refs@3.0.15 › lodash@4.17.20
Remediation: No remediation path available.
…and 1 more
Overview
lodash is a modern JavaScript utility library delivering modularity, performance, & extras.
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Investigate whether lodash@latest will address it?
The text was updated successfully, but these errors were encountered: