Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-32835

Upgrade underscore-min.js

    XMLWordPrintable

    Details

      Description

      Client reported the following CVE with underscore-min.js: https://nvd.nist.gov/vuln/detail/CVE-2021-23358
      It seems we use underscore-min.js version 1.3.3 in the nuxeo-rest-api-server module. Found at this location on a Nuxeo instance: nxserver/web/root.war/modules/org.nuxeo.ecm.platform.restapi.server/skin/resources/lib

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                npeacock Nicole Peacock
                Participants:
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: