Multiple NPM packages contain security vulnerabilities 

The currently used version contains these vulnerabilities according to WhiteSource
1. 

A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
--


2.
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

Required solution:
Up[grade Lodash to v4.17.12

https://github.com/naturalatlas/tilestrata-mapnik/blob/81770a09e9cdc4aa3024819fde1cdd8de8179e9e/package.json#L26

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Multiple NPM packages contain security vulnerabilities #10

A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Multiple NPM packages contain security vulnerabilities #10

Description

A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions