[BSERV-12795] Update lodash to 4.17.20+ due to security vulnerability - CVE-2020-8203 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 7.9.0, 7.6.5, 6.10.10
Affects Version/s: 6.10.4
Component/s: Security - Other
Labels:
None

Fixed in Long Term Support Release/s:

Download 6.10
Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

Issue Summary

lodash is vulnerable to prototype pollution attack. The vulnerability exists due to the ability to inject properties on Object.prototype using the function `zipObjectDeep`, leading to DoS, and possibly other forms of attacks.

More details here: https://snyk.io/vuln/SNYK-JS-LODASH-590103

Steps to Reproduce

N/A

Expected Results

N/A

Actual Results

N/A

Workaround

N/A

Form Name

Assignee:: Unassigned

Reporter:: Aditya Karia

Affected customers:: 0 This affects my team

Watchers:: 1 Start watching this issue

Created:: 23/Mar/2021 12:15 AM

Updated:: 28/Mar/2021 11:44 PM

Resolved:: 23/Mar/2021 12:16 AM

Details

Description

Issue Summary

Steps to Reproduce

Expected Results

Actual Results

Workaround

Attachments

Forms

Activity

[BSERV-12795] Update lodash to 4.17.20+ due to security vulnerability - CVE-2020-8203

People

Dates

Backbone Issue Sync