-
Type: Bug
-
Status: Open
-
Priority: Minor
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Web UI
-
Tags:
-
Sprint:UI - 2024-11
CVE-2018-3721 | CWE-1321
Severity : Medium
lodash is vulnerable to prototype pollution attacks. Attackers can add or modify existing properties relating to an Object by using the utilities function to change the prototype of said Object. Using this flaw, attackers can trigger denial of service (DoS) attacks and in some situations remote code execution(RCE) attacks.
Module : loadash
nuxeo-web-ui.zip#zip:packages/nuxeo-designer-catalog/node_modules:lodash
Current Version : 3.10.1
Recommended Upgrade Version : 4.17.21