Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #15125 Bump lodash to 4.17.49
    Actions
    Infos
    #15125
    Thomas Gerbet (tgerbet)
    2020-07-17 09:59
    2020-07-16 18:26
    16387
    Details
    Bump lodash to 4.17.49
    A low level security issue has been identified: https://github.com/advisories/GHSA-p6mc-m468-83gw

    There is little to no risk in the context of Tuleap, to be exploitable is some ways it would require to zip objects with properties defined by users.
    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2020-07-17
    Attachments
    Artifact links

    Releases

    Fixed in

    Artifact ID Project Tracker Summary Status Last Update Date Submitted By Assigned to
    rel #14817 Tuleap Releases 11.17 Delivered 2020-23-07 10:57 Manuel Vacelet (vaceletm)
    Empty
    References
    Referencing request #15125

    Git commit

    tuleap/tuleap/stable

    Merge commit 'refs/changes/50/19550/2' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 1c09973fad
    User avatar Joris MASSON (jmasson) , 2020-07-17 09:56
    request #15125: Bump lodash to 4.17.49 d97bbc93a4
    User avatar Thomas Gerbet (tgerbet) , 2020-07-16 19:47
    Referenced by request #15125

    Artifact Tracker v5

    rel #14817 11.17

    Other

    gerrit #19550
    Display settings

    Follow-ups