grapesjs >=0.21.13 Depends on vulnerable versions of underscore #6722
tiburciomzt
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi this is a new recient vulnerability
underscore <=1.13.7
Severity: high
underscore <=1.13.7
Severity: high
Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack - GHSA-qpx9-hpmf-5gmw
fix available via
npm audit fix --forceWill install grapesjs@0.21.12, which is a breaking change
node_modules/underscore
grapesjs >=0.21.13
Depends on vulnerable versions of underscore
node_modules/grapesjs
I did the update to the latest version of grapejs but underscore still is not the correct version
Beta Was this translation helpful? Give feedback.
All reactions