[Snyk: High] Command Injection (due 3/19/21) #4766

lbeaufort · 2021-02-17T17:19:11Z

Command Injection

Vulnerable module: lodash
Introduced through: [email protected]
Exploit maturity: Proof of concept
Detailed paths
Introduced through: [email protected] › [email protected] › [email protected]
Remediation: No remediation path available.
Introduced through: [email protected] › [email protected] › [email protected] › [email protected]
Remediation: No remediation path available.
Introduced through: [email protected] › [email protected] › [email protected] › [email protected]
Remediation: No remediation path available but possible PR in progress: lodash/lodash#5085

Overview
lodash is a modern JavaScript utility library delivering modularity, performance, & extras.

Affected versions of this package are vulnerable to Command Injection via template.

Completion criteria:

Determine whether this is necessary work and make recommendations as necessary to address

The text was updated successfully, but these errors were encountered:

lbeaufort added the Security: high Remediate within 30 days label Feb 17, 2021

lbeaufort added this to the Sprint 14.1 milestone Feb 17, 2021

lbeaufort mentioned this issue Feb 17, 2021

Check logs Sprint 13 innovation#2 - week 4 (2/17) #4749

Closed

1 task

JonellaCulmer assigned rfultz Feb 23, 2021

rfultz mentioned this issue Feb 24, 2021

4766 bump lodash 4.17.20 > 4.17.21 #4782

Merged

patphongs mentioned this issue Feb 24, 2021

Check logs sprint 14.1 - week 1 (2/24) #4768

Closed

lbeaufort closed this as completed in #4782 Feb 26, 2021

patphongs mentioned this issue Feb 29, 2024

Epic: Stability and reliability fecgov/fec-epics#137

Open

Provide feedback