Uploaded image for project: 'Bitbucket Server'
  1. Bitbucket Server
  2. BSERV-12795

Update lodash to 4.17.20+ due to security vulnerability - CVE-2020-8203

    XMLWordPrintable

    Details

      Description

      Issue Summary

      lodash is vulnerable to prototype pollution attack. The vulnerability exists due to the ability to inject properties on Object.prototype using the function `zipObjectDeep`, leading to DoS, and possibly other forms of attacks.

      More details here: https://snyk.io/vuln/SNYK-JS-LODASH-590103 

      Steps to Reproduce

      N/A

      Expected Results

      N/A

      Actual Results

      N/A

      Workaround

      N/A

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            akaria@atlassian.com Aditya Karia
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Backbone Issue Sync