Vulnerable Libraries - lodash.template-3.6.2.tgz, lodash-1.0.2.tgz, lodash-3.10.1.tgz, lodash-2.4.2.tgz
lodash.template-3.6.2.tgz
The modern build of lodashโs `_.template` as a module.
Library home page: https://registry.npmjs.org/lodash.template/-/lodash.template-3.6.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/lodash.template/package.json
Dependency Hierarchy:
- gulp-util-3.0.8.tgz (Root Library)
- โ lodash.template-3.6.2.tgz (Vulnerable Library)
lodash-1.0.2.tgz
A utility library delivering consistency, customization, performance, and extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-1.0.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/globule/node_modules/lodash/package.json
Dependency Hierarchy:
- gulp-imagemin-2.3.0.tgz (Root Library)
- imagemin-3.2.2.tgz
- vinyl-fs-1.0.0.tgz
- glob-watcher-0.0.8.tgz
- gaze-0.5.2.tgz
- globule-0.1.0.tgz
- โ lodash-1.0.2.tgz (Vulnerable Library)
lodash-3.10.1.tgz
The modern build of lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/babel-plugin-proto-to-assign/node_modules/lodash/package.json,/node_modules/jscs/node_modules/lodash/package.json,/node_modules/jsdoctypeparser/node_modules/lodash/package.json,/node_modules/babel-core/node_modules/lodash/package.json,/node_modules/xmlbuilder/node_modules/lodash/package.json,/node_modules/rcloader/node_modules/lodash/package.json,/node_modules/karma/node_modules/lodash/package.json
Dependency Hierarchy:
- karma-0.13.22.tgz (Root Library)
- โ lodash-3.10.1.tgz (Vulnerable Library)
lodash-2.4.2.tgz
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/plato/node_modules/lodash/package.json,/node_modules/gulp-jshint/node_modules/lodash/package.json
Dependency Hierarchy:
- gulp-jshint-1.7.1.tgz (Root Library)
- โ lodash-2.4.2.tgz (Vulnerable Library)
Found in HEAD commit: 08899f1309d1849e98e0cc7dce1131a96b55f0e8
Found in base branch: master
Suggested Fix
Type: Upgrade version
Origin: GHSA-jf85-cpcp-j695
Release Date: 2019-07-26
Fix Resolution (lodash): 4.5.0
Direct dependency fix Resolution (gulp-imagemin): 2.4.0
Fix Resolution (lodash): 4.5.0
Direct dependency fix Resolution (karma): 2.0.0
Fix Resolution (lodash): 4.5.0
Direct dependency fix Resolution (gulp-jshint): 2.0.1