Dependency Underscore -1.9.1 has CRITICAL Vulnerability - Arbitrary Code Execution in underscore which has patched in >=1.12.1 versions of underscore #1817

New issue

Open

Assignees

AllenFang

@Shobha-Potti

Description

@Shobha-Potti

Shobha-Potti

opened

on Apr 22, 2024

when I use this package react-bootstrap-table-next in create-react-app project.

when checking for vulnerabilities in the terminal

npm audit

I am encountering this error

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical │ Arbitrary Code Execution in underscore │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ underscore │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=1.12.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ react-bootstrap-table-next │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ react-bootstrap-table-next > underscore │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ GHSA-cf4h-3jhx-xvhq
├───────────────┼───────────────────────────────────────

Metadata

Assignees

@AllenFang
AllenFang

Labels

No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Dependency Underscore -1.9.1 has CRITICAL Vulnerability - Arbitrary Code Execution in underscore which has patched in >=1.12.1 versions of underscore #1817

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions