Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-32835

Upgrade underscore-min.js

    XMLWordPrintable

    Details

      Description

      Client reported the following CVE with underscore-min.js: https://nvd.nist.gov/vuln/detail/CVE-2021-23358
      It seems we use underscore-min.js version 1.3.3 in the nuxeo-rest-api-server module. Found at this location on a Nuxeo instance: nxserver/web/root.war/modules/org.nuxeo.ecm.platform.restapi.server/skin/resources/lib

        Attachments

          Issue Links

          is related to

          Clean up - NXP-32841 Move Swagger Rest API and Automation doc to an optional marketplace

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. NXP-32822 Upgrade handlebars.js

          • Major - Major loss of function.
          • Resolved
          is required by

          Bug - A problem which impairs or prevents the functions of the product. NXP-32879 NUXEO API Documentation page did not display list of items

          • Major - Major loss of function.
          • Resolved

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                npeacock Nicole Peacock
                Participants:
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: