[WEBUI-1515] [LODASH] CVE-2019-10744 | CWE-1321 - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Open
Priority: Critical
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: Web UI

Epic Link:
[May 2024] Security fixes for Web UI third-party libraries
Tags:
- nxui
- nxui-triaged
Sprint:
UI - 2024-12

Description

CVE-2019-10744 | CWE-1321

Severity : Very High

lodash is vulnerable to prototype pollution. The vulnerability exists due to the ability to inject properties in `_.defaultsDeep`, which allows DoS, and possibly other forms of attacks.

Module : loadash

nuxeo-web-ui.zip#zip:packages/nuxeo-designer-catalog/node_modules:lodash

Current Version : 3.10.1

Recommended Upgrade Version : 4.17.21

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

image-2024-05-14-18-06-19-708.png
108 kB
2024-05-14 12:36

Activity

People

Assignee:

Unassigned

Reporter:

Madhur Kulshrestha

Participants:

Madhur Kulshrestha

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

2024-05-14 12:14

Updated:

2024-10-24 08:02