Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Medium severity vuln found in lodash@4.17.20, introduced via swagger-ui-react@4.0.0-beta.4 #7473

Closed
Tracked by #7341
alexec opened this issue Aug 25, 2021 · 3 comments
Closed
Tracked by #7341

Medium severity vuln found in lodash@4.17.20, introduced via swagger-ui-react@4.0.0-beta.4 #7473

alexec opened this issue Aug 25, 2021 · 3 comments
Assignees
@char0n
Labels
cat: security dependencies Pull requests that update a dependency file version: 4.x

Comments

@alexec
Copy link

alexec commented Aug 25, 2021 

? ✗ Medium severity vuln found in lodash@4.17.20, introduced via swagger-ui-react@4.0.0-beta.4
    Description: Regular Expression Denial of Service (ReDoS)
    Info: https://snyk.io/vuln/SNYK-JS-LODASH-1018905
    From: swagger-ui-react@4.0.0-beta.4 > swagger-client@3.16.0 > lodash@4.17.20

Should be fixable by update lodash.
@alexec alexec closed this as completed Aug 25, 2021
@alexec alexec reopened this Aug 25, 2021
@char0n char0n mentioned this issue Aug 27, 2021
Closed
23 tasks
@char0n
Copy link
Member

char0n commented Aug 27, 2021

Thanks!

Incorporated into #7341 todo list.

@char0n char0n self-assigned this Aug 27, 2021
@char0n char0n added cat: security dependencies Pull requests that update a dependency file version: 4.x labels Aug 27, 2021
char0n added a commit to swagger-api/swagger-js that referenced this issue Sep 10, 2021
@char0n
fix(security): depend on min version of lodash >= 4.17.21
0283fee 
This fixes security vulnerability in older version of lodash.

Vuln URL: https://snyk.io/vuln/SNYK-JS-LODASH-1018905

Refs swagger-api/swagger-ui#7473
@char0n char0n mentioned this issue Sep 10, 2021
Merged
10 tasks
char0n added a commit to swagger-api/swagger-js that referenced this issue Sep 10, 2021
@char0n
fix(security): depend on min version of lodash >= 4.17.21
374ef79 
This fixes security vulnerability in older version of lodash.

Vuln URL: https://snyk.io/vuln/SNYK-JS-LODASH-1018905

Refs swagger-api/swagger-ui#7473
@char0n
Copy link
Member

char0n commented Sep 10, 2021

swagger-client@3.16.1 has been released which now installed minimum version of lodash >= 4.17.21

char0n added a commit that referenced this issue Sep 10, 2021
@char0n
fix(security): bump swagger-client to v3.16.1
a4c08e3 
Refs #7473
@char0n char0n mentioned this issue Sep 10, 2021
Closed
17 tasks
char0n added a commit that referenced this issue Sep 10, 2021
@char0n
fix(security): bump swagger-client to v3.16.1
b671fa4 
Refs #7473
@char0n char0n mentioned this issue Sep 10, 2021
Merged
17 tasks
char0n added a commit that referenced this issue Sep 10, 2021
@char0n
fix(security): bump swagger-client to v3.16.1
5029b81 
Refs #7473
char0n added a commit that referenced this issue Sep 10, 2021
@char0n
fix(security): bump swagger-client to v3.16.1
b47174f 
Refs #7473
@char0n
Copy link
Member

char0n commented Sep 10, 2021

Released in https://github.com/swagger-api/swagger-ui/releases/tag/v4.0.0-rc.0

@char0n char0n closed this as completed Sep 10, 2021
char0n added a commit that referenced this issue Sep 13, 2021
@char0n
fix(security): bump swagger-client to v3.16.1
fc5c1ed 
Refs #7473
char0n added a commit that referenced this issue Sep 13, 2021
@char0n
fix(security): bump swagger-client to v3.16.1
92c92e3 
Refs #7473
char0n added a commit that referenced this issue Sep 15, 2021
@char0n
fix(security): bump swagger-client to v3.16.1
e184b34 
Refs #7473
char0n added a commit that referenced this issue Sep 20, 2021
@char0n
fix(security): bump swagger-client to v3.16.1
488b45d 
Refs #7473
char0n added a commit that referenced this issue Oct 8, 2021
@char0n
fix(security): bump swagger-client to v3.16.1
720f271 
Refs #7473
char0n added a commit that referenced this issue Oct 12, 2021
@char0n
fix(security): bump swagger-client to v3.16.1
57af624 
Refs #7473
char0n added a commit that referenced this issue Oct 22, 2021
@char0n
fix(security): bump swagger-client to v3.16.1
bfb7c07 
Refs #7473
char0n added a commit that referenced this issue Nov 2, 2021
@char0n
fix(security): bump swagger-client to v3.16.1
e821c09 
Refs #7473
char0n added a commit that referenced this issue Nov 3, 2021
@char0n
fix(security): bump swagger-client to v3.16.1
5f35b94 
Refs #7473
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@char0n char0n

Labels
cat: security dependencies Pull requests that update a dependency file version: 4.x
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@char0n @alexec