[WEBUI-1518] [LODASH] CVE-2018-3721 | CWE-1321 - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: Web UI

Epic Link:
[May 2024] Security fixes for Web UI third-party libraries
Tags:
- nxui
- nxui-triaged
Sprint:
UI - 2024-12

Description

CVE-2018-3721 | CWE-1321

Severity : Medium

lodash is vulnerable to prototype pollution attacks. Attackers can add or modify existing properties relating to an Object by using the utilities function to change the prototype of said Object. Using this flaw, attackers can trigger denial of service (DoS) attacks and in some situations remote code execution(RCE) attacks.

Module : loadash

nuxeo-web-ui.zip#zip:packages/nuxeo-designer-catalog/node_modules:lodash

Current Version : 3.10.1

Recommended Upgrade Version : 4.17.21

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

image-2024-05-14-18-20-01-833.png
108 kB
2024-05-14 12:50

Activity

People

Assignee:

Unassigned

Reporter:

Madhur Kulshrestha

Participants:

Madhur Kulshrestha

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

2024-05-14 12:18

Updated:

2024-10-24 08:02