This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{"type":"auditAdvisory","data":{"resolution":{"id":782,"path":"lodash","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.2.0","paths":["lodash"],"dev":false,"optional":false,"bundled":false}],"id":782,"created":"2019-02-13T16:16:53.770Z","updated":"2019-02-13T16:16:53.770Z","deleted":null,"title":"Prototype Pollution","found_by":{"link":"","name":"asgerf"},"reported_by":{"link":"","name":"asgerf"},"module_name":"lodash","cves":["CVE-2018-16487"],"vulnerable_versions":"<4.17.11","patched_versions":">=4.17.11","overview":"Versions of `lodash` before 4.17.5 are vulnerable to prototype pollution. \n\nThe vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.\n\n","recommendation":"Update to version 4.17.11 or later.","references":"- [HackerOne Report](https://hackerone.com/r |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"actions": [ | |
{ | |
"action": "install", | |
"module": "lodash", | |
"target": "4.17.11", | |
"isMajor": true, | |
"resolves": [ | |
{ | |
"id": 782, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Audit Request: { | |
"name": "yarn-audit-bug", | |
"version": "0.1.0", | |
"install": [], | |
"remove": [], | |
"metadata": {}, | |
"requires": { | |
"lodash": "1.2.0", | |
"hoek": "2.16.3" | |
}, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Perform installation as root | |
# Install prereqs | |
yum -y install libcurl libcurl-devel rrdtool rrdtool-devel perl-devel libgcrypt-devel gcc make gcc-c++ yajl-devel | |
# Get Collectd, untar it, make it and install | |
wget http://collectd.org/files/collectd-5.4.1.tar.gz | |
tar zxvf collectd-5.4.1.tar.gz |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Perform installation as root | |
# Install prereqs | |
yum -y install libcurl libcurl-devel rrdtool rrdtool-devel perl-devel libgcrypt-devel gcc make gcc-c++ yajl-devel | |
# Get Collectd, untar it, make it and install | |
wget http://collectd.org/files/collectd-5.4.1.tar.gz | |
tar zxvf collectd-5.4.1.tar.gz |