WS-2018-0210 Low Severity Vulnerability detected by WhiteSource

## WS-2018-0210 - Low Severity Vulnerability
<details><summary><img src='https://www.whitesourcesoftware.com/wp-content/uploads/2018/10/vulnerability_details.png' width=19 height=20> Vulnerable Libraries - lodash-4.17.10.tgz, lodash-4.17.5.tgz</summary>


<details><summary>lodash-4.17.10.tgz</summary>

Lodash modular utilities.
path: /tmp/git/bit/node_modules/eslint-plugin-import/node_modules/lodash/package.json


Library home page: <a href=https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz>https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz</a>

Dependency Hierarchy:
 - eslint-plugin-flowtype-2.47.1.tgz (Root Library)
 - :x: **lodash-4.17.10.tgz** (Vulnerable Library)
</details>
<details><summary>lodash-4.17.5.tgz</summary>

Lodash modular utilities.
path: /tmp/git/bit/node_modules/babel-types/node_modules/lodash/package.json


Library home page: <a href=https://registry.npmjs.org/lodash/-/lodash-4.17.5.tgz>https://registry.npmjs.org/lodash/-/lodash-4.17.5.tgz</a>

Dependency Hierarchy:
 - babel-plugin-transform-builtin-extend-1.1.2.tgz (Root Library)
 - babel-template-6.26.0.tgz
 - babel-traverse-6.26.0.tgz
 - :x: **lodash-4.17.5.tgz** (Vulnerable Library)
</details>

Found in HEAD commit: <a href="https://github.com/habushaws/bit/commit/f7a7c8995c9334f26fb0a7b36b15a2c09421aa02">f7a7c8995c9334f26fb0a7b36b15a2c09421aa02</a>

</details>

<details><summary><img src='https://www.whitesourcesoftware.com/wp-content/uploads/2018/10/low_vul.png' width=19 height=20> Vulnerability Details</summary>
 
 
In the node_module "lodash" before version 4.17.11 the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects.

Publish Date: 2018-11-25
URL: <a href=https://github.com/lodash/lodash/commit/90e6199a161b6445b01454517b40ef65ebecd2ad>WS-2018-0210</a>

</details>

<details><summary><img src='https://www.whitesourcesoftware.com/wp-content/uploads/2018/10/cvss3.png' width=19 height=20> CVSS 2 Score Details (3.5)</summary>


Base Score Metrics not available


</details>

<details><summary><img src='https://www.whitesourcesoftware.com/wp-content/uploads/2018/10/suggested_fix.png' width=19 height=20> Suggested Fix</summary>


Type: Change files
Origin: <a href="https://github.com/lodash/lodash/commit/90e6199a161b6445b01454517b40ef65ebecd2ad">https://github.com/lodash/lodash/commit/90e6199a161b6445b01454517b40ef65ebecd2ad</a>
Release Date: 2018-08-31
Fix Resolution: Replace or update the following files: lodash.js, test.js


</details>


***
Step up your Open Source Security Game with WhiteSource [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2018-0210 Low Severity Vulnerability detected by WhiteSource #2

WS-2018-0210 - Low Severity Vulnerability

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

WS-2018-0210 Low Severity Vulnerability detected by WhiteSource #2

Description

WS-2018-0210 - Low Severity Vulnerability

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions