-
Type: Bug
-
Status: Resolved
-
Priority: Major
-
Resolution: Won't Do
-
Affects Version/s: 2021, 2023.15
-
Component/s: Distribution / Installers
-
Upgrade notes:
Client reported the following CVE with underscore-min.js: https://nvd.nist.gov/vuln/detail/CVE-2021-23358
It seems we use underscore-min.js version 1.3.3 in the nuxeo-rest-api-server module. Found at this location on a Nuxeo instance: nxserver/web/root.war/modules/org.nuxeo.ecm.platform.restapi.server/skin/resources/lib