Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lodash included in ACS AEM Commons has vulnerability #3110

Closed
3 tasks done
davidjgonzalez opened this issue May 18, 2023 · 2 comments
Closed
3 tasks done

Lodash included in ACS AEM Commons has vulnerability #3110

davidjgonzalez opened this issue May 18, 2023 · 2 comments
Assignees
@davidjgonzalez
Labels
technical enhancement

Comments

@davidjgonzalez
Copy link
Contributor

Required Information

  • AEM Version, including Service Packs, Cumulative Fix Packs, etc: N/A
  • ACS AEM Commons Version: 6.0.8
  • Reproducible on Latest? yes

Expected Behavior

Lodash v2 has a CVE-2021-23337 vulnerability. Update to version v4 of that does not have this vulnerability.
@davidjgonzalez davidjgonzalez self-assigned this May 18, 2023
davidjgonzalez added a commit to davidjgonzalez/acs-aem-commons that referenced this issue May 18, 2023
@davidjgonzalez
Adobe-Consulting-Services#3110 - Update lodash to 4.17.21 for fix GHS…
17da292 
…A-35jh-r3h4-6jhm
davidjgonzalez added a commit that referenced this issue Jun 2, 2023
@davidjgonzalez
#3110 - Update lodash to 4.17.21 for fix GHSA-35jh-r3h4-6jhm (#3111)
750ee06
@davidjgonzalez
Copy link
Contributor Author

Updated lodash to 4.17.21

@henrykuijpers
Copy link
Contributor

@davidjgonzalez It seems that lodash was updated to 4.17.15, instead of 4.17.21.

@henrykuijpers henrykuijpers mentioned this issue Jan 16, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@davidjgonzalez davidjgonzalez

Labels
technical enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@davidjgonzalez @henrykuijpers