Vulnerable Libraries - lodash-3.10.1.tgz, lodash.mergewith-4.6.0.tgz, lodash.merge-4.6.0.tgz, lodash-2.4.2.tgz, lodash.defaultsdeep-4.6.0.tgz, lodash-es-4.17.4.tgz, lodash.template-3.6.2.tgz, lodash-4.17.4.tgz, lodash.template-4.4.0.tgz
lodash-3.10.1.tgz
The modern build of lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz
Path to dependency file: /vendor/github.com/hashicorp/vault/ui/package.json
Path to vulnerable library: /vendor/github.com/hashicorp/vault/ui/node_modules/lodash/package.json
Dependency Hierarchy:
- ember-cli-favicon-1.0.0-beta.4.tgz (Root Library)
- broccoli-favicon-1.0.0.tgz
- favicons-4.8.6.tgz
- cheerio-0.19.0.tgz
- โ lodash-3.10.1.tgz (Vulnerable Library)
lodash.mergewith-4.6.0.tgz
The lodash method `_.mergeWith` exported as a module.
Library home page: https://registry.npmjs.org/lodash.mergewith/-/lodash.mergewith-4.6.0.tgz
Path to dependency file: /vendor/github.com/hashicorp/vault/ui/package.json
Path to vulnerable library: /vendor/github.com/hashicorp/vault/ui/node_modules/lodash.mergewith/package.json
Dependency Hierarchy:
- ember-cli-sass-6.0.0.tgz (Root Library)
- broccoli-sass-source-maps-2.0.0.tgz
- node-sass-4.5.3.tgz
- โ lodash.mergewith-4.6.0.tgz (Vulnerable Library)
lodash.merge-4.6.0.tgz
The lodash method `_.merge` exported as a module.
Library home page: https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.0.tgz
Path to dependency file: /vendor/github.com/hashicorp/vault/ui/package.json
Path to vulnerable library: /vendor/github.com/hashicorp/vault/ui/node_modules/lodash.merge/package.json
Dependency Hierarchy:
- ember-cli-uglify-1.2.0.tgz (Root Library)
- broccoli-uglify-sourcemap-1.5.2.tgz
- โ lodash.merge-4.6.0.tgz (Vulnerable Library)
lodash-2.4.2.tgz
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: /vendor/github.com/hashicorp/vault/ui/package.json
Path to vulnerable library: /vendor/github.com/hashicorp/vault/ui/node_modules/merge-defaults/node_modules/lodash/package.json
Dependency Hierarchy:
- ember-cli-favicon-1.0.0-beta.4.tgz (Root Library)
- broccoli-favicon-1.0.0.tgz
- favicons-4.8.6.tgz
- merge-defaults-0.2.1.tgz
- โ lodash-2.4.2.tgz (Vulnerable Library)
lodash.defaultsdeep-4.6.0.tgz
The lodash method `_.defaultsDeep` exported as a module.
Library home page: https://registry.npmjs.org/lodash.defaultsdeep/-/lodash.defaultsdeep-4.6.0.tgz
Path to dependency file: /vendor/github.com/hashicorp/vault/ui/package.json
Path to vulnerable library: /vendor/github.com/hashicorp/vault/ui/node_modules/lodash.defaultsdeep/package.json
Dependency Hierarchy:
- ember-cli-eslint-4.1.0.tgz (Root Library)
- broccoli-lint-eslint-4.1.0.tgz
- โ lodash.defaultsdeep-4.6.0.tgz (Vulnerable Library)
lodash-es-4.17.4.tgz
Lodash exported as ES modules.
Library home page: https://registry.npmjs.org/lodash-es/-/lodash-es-4.17.4.tgz
Path to dependency file: /vendor/github.com/hashicorp/vault/ui/package.json
Path to vulnerable library: /vendor/github.com/hashicorp/vault/ui/node_modules/lodash-es/package.json
Dependency Hierarchy:
- ember-cli-mirage-0.4.1.tgz (Root Library)
- ember-lodash-4.18.0.tgz
- โ lodash-es-4.17.4.tgz (Vulnerable Library)
lodash.template-3.6.2.tgz
The modern build of lodashโs `_.template` as a module.
Library home page: https://registry.npmjs.org/lodash.template/-/lodash.template-3.6.2.tgz
Path to dependency file: /vendor/github.com/hashicorp/vault/ui/package.json
Path to vulnerable library: /vendor/github.com/hashicorp/vault/ui/node_modules/lodash.template/package.json
Dependency Hierarchy:
- ember-fetch-3.4.3.tgz (Root Library)
- broccoli-templater-1.0.0.tgz
- โ lodash.template-3.6.2.tgz (Vulnerable Library)
lodash-4.17.4.tgz
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.4.tgz
Path to dependency file: /vendor/github.com/hashicorp/vault/ui/package.json
Path to vulnerable library: /vendor/github.com/hashicorp/vault/ui/node_modules/lodash/package.json
Dependency Hierarchy:
- ember-cli-sass-6.0.0.tgz (Root Library)
- broccoli-sass-source-maps-2.0.0.tgz
- node-sass-4.5.3.tgz
- sass-graph-2.2.4.tgz
- โ lodash-4.17.4.tgz (Vulnerable Library)
lodash.template-4.4.0.tgz
The lodash method `_.template` exported as a module.
Library home page: https://registry.npmjs.org/lodash.template/-/lodash.template-4.4.0.tgz
Path to dependency file: /vendor/github.com/hashicorp/vault/ui/package.json
Path to vulnerable library: /vendor/github.com/hashicorp/vault/ui/node_modules/lodash.template/package.json
Dependency Hierarchy:
- ember-cli-2.14.0.tgz (Root Library)
- โ lodash.template-4.4.0.tgz (Vulnerable Library)
Found in HEAD commit: 9060713df80212ee5546b36d1083fb607520eb0b
Found in base branch: master
Suggested Fix
Type: Upgrade version
Origin: GHSA-jf85-cpcp-j695
Release Date: 2019-07-26
Fix Resolution (lodash): 4.17.12
Direct dependency fix Resolution (ember-cli-favicon): 2.2.0
Fix Resolution (lodash.mergewith): 4.17.12
Direct dependency fix Resolution (ember-cli-sass): 6.1.0
Fix Resolution (lodash.merge): 4.17.12
Direct dependency fix Resolution (ember-cli-uglify): 2.0.0
Fix Resolution (lodash): 4.17.12
Direct dependency fix Resolution (ember-cli-favicon): 2.2.0
Fix Resolution (lodash.defaultsdeep): 4.17.12
Direct dependency fix Resolution (ember-cli-eslint): 4.2.0
Fix Resolution (lodash-es): 4.17.12
Direct dependency fix Resolution (ember-cli-mirage): 0.4.2
Fix Resolution (lodash.template): 4.17.12
Direct dependency fix Resolution (ember-fetch): 3.4.4
Fix Resolution (lodash): 4.17.12
Direct dependency fix Resolution (ember-cli-sass): 6.1.3
Fix Resolution (lodash.template): 4.17.12
Direct dependency fix Resolution (ember-cli): 2.14.1