Vulnerable Libraries - lodash-4.17.20.tgz, lodash-3.10.1.tgz, lodash-2.4.2.tgz, lodash-0.9.2.tgz
lodash-4.17.20.tgz
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz
Path to dependency file: /src/Scripts/lib/jquery-ui-1.12.1/package.json
Path to vulnerable library: /src/Scripts/lib/jquery-ui-1.12.1/node_modules/grunt-contrib-uglify/node_modules/lodash/package.json,/src/Scripts/lib/jquery-ui-1.12.1/node_modules/jshint/node_modules/lodash/package.json,/release/1.8.1/src/Scripts/lib/jquery-ui-1.12.1/node_modules/grunt-contrib-uglify/node_modules/lodash/package.json,/node_modules/lodash/package.json,/release/1.8.1/src/Scripts/lib/jquery-ui-1.12.1/node_modules/jshint/node_modules/lodash/package.json
Dependency Hierarchy:
- grunt-contrib-jshint-0.12.0.tgz (Root Library)
- jshint-2.9.7.tgz
- ❌ lodash-4.17.20.tgz (Vulnerable Library)
lodash-3.10.1.tgz
The modern build of lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz
Path to dependency file: /src/Scripts/lib/jquery-ui-1.12.1/package.json
Path to vulnerable library: /src/Scripts/lib/jquery-ui-1.12.1/node_modules/babel-core/node_modules/lodash/package.json,/src/Scripts/lib/jquery-ui-1.12.1/node_modules/grunt-bowercopy/node_modules/lodash/package.json,/release/1.8.1/src/Scripts/lib/jquery-ui-1.12.1/node_modules/grunt-contrib-csslint/node_modules/lodash/package.json,/src/Scripts/lib/jquery-ui-1.12.1/node_modules/grunt-contrib-csslint/node_modules/lodash/package.json,/release/1.8.1/src/Scripts/lib/jquery-ui-1.12.1/node_modules/grunt-bowercopy/node_modules/lodash/package.json,/release/1.8.1/src/Scripts/lib/jquery-ui-1.12.1/node_modules/jsdoctypeparser/node_modules/lodash/package.json,/release/1.8.1/src/Scripts/lib/jquery-ui-1.12.1/node_modules/xmlbuilder/node_modules/lodash/package.json,/src/Scripts/lib/jquery-ui-1.12.1/node_modules/babel-plugin-proto-to-assign/node_modules/lodash/package.json,/release/1.8.1/src/Scripts/lib/jquery-ui-1.12.1/node_modules/babel-plugin-proto-to-assign/node_modules/lodash/package.json,/release/1.8.1/src/Scripts/lib/jquery-ui-1.12.1/node_modules/grunt-jscs/node_modules/lodash/package.json,/src/Scripts/lib/jquery-ui-1.12.1/node_modules/grunt-jscs/node_modules/lodash/package.json,/src/Scripts/lib/jquery-ui-1.12.1/node_modules/xmlbuilder/node_modules/lodash/package.json,/release/1.8.1/src/Scripts/lib/jquery-ui-1.12.1/node_modules/babel-core/node_modules/lodash/package.json,/src/Scripts/lib/jquery-ui-1.12.1/node_modules/jsdoctypeparser/node_modules/lodash/package.json
Dependency Hierarchy:
- grunt-contrib-csslint-0.5.0.tgz (Root Library)
- ❌ lodash-3.10.1.tgz (Vulnerable Library)
lodash-2.4.2.tgz
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: /src/Scripts/lib/jquery-ui-1.12.1/package.json
Path to vulnerable library: /src/Scripts/lib/jquery-ui-1.12.1/node_modules/grunt-legacy-log-utils/node_modules/lodash/package.json,/release/1.8.1/src/Scripts/lib/jquery-ui-1.12.1/node_modules/grunt-legacy-log-utils/node_modules/lodash/package.json,/src/Scripts/lib/jquery-ui-1.12.1/node_modules/findup-sync/node_modules/lodash/package.json,/src/Scripts/lib/jquery-ui-1.12.1/node_modules/grunt-legacy-log/node_modules/lodash/package.json,/release/1.8.1/src/Scripts/lib/jquery-ui-1.12.1/node_modules/findup-sync/node_modules/lodash/package.json,/release/1.8.1/src/Scripts/lib/jquery-ui-1.12.1/node_modules/grunt-legacy-log/node_modules/lodash/package.json
Dependency Hierarchy:
- grunt-0.4.5.tgz (Root Library)
- grunt-legacy-log-0.1.3.tgz
- ❌ lodash-2.4.2.tgz (Vulnerable Library)
lodash-0.9.2.tgz
A utility library delivering consistency, customization, performance, and extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-0.9.2.tgz
Path to dependency file: /release/1.8.1/src/Scripts/lib/jquery-ui-1.12.1/package.json
Path to vulnerable library: /release/1.8.1/src/Scripts/lib/jquery-ui-1.12.1/node_modules/lodash/package.json,/src/Scripts/lib/jquery-ui-1.12.1/node_modules/lodash/package.json
Dependency Hierarchy:
- grunt-0.4.5.tgz (Root Library)
- ❌ lodash-0.9.2.tgz (Vulnerable Library)
Found in base branch: fixVersionHistory-gh
Suggested Fix
Type: Upgrade version
Origin: GHSA-35jh-r3h4-6jhm
Release Date: 2021-02-15
Fix Resolution (lodash): 4.17.21
Direct dependency fix Resolution (grunt-contrib-jshint): 1.0.0
Fix Resolution (lodash): 4.17.21
Direct dependency fix Resolution (grunt-contrib-csslint): 2.0.0
Fix Resolution (lodash): 4.17.21
Direct dependency fix Resolution (grunt): 1.0.3
Fix Resolution (lodash): 4.17.21
Direct dependency fix Resolution (grunt): 1.0.3