[wp-trac] [WordPress Trac] #49732: lodash 4.17.15 The lodash package is vulnerable to Prototype Pollution.
WordPress Trac
noreply at wordpress.org
Wed Apr 1 14:58:34 UTC 2020
#49732: lodash 4.17.15 The lodash package is vulnerable to Prototype Pollution.
--------------------------------+----------------------
Reporter: tlterry | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: External Libraries | Version:
Severity: normal | Resolution: invalid
Keywords: | Focuses:
--------------------------------+----------------------
Changes (by SergeyBiryukov):
* status: new => closed
* resolution: => invalid
* severity: critical => normal
* milestone: Awaiting Review =>
Comment:
Hi there, welcome to WordPress Trac!
4.17.15 is the [https://www.npmjs.com/package/lodash current version of
lodash], so it doesn't look like there are any actionable items for
WordPress core here. When a new version is released, it will be updated as
part of #49707.
For any potential issues in WordPress core, as already noted in
comment:1:ticket:49735, please follow
[https://make.wordpress.org/core/handbook/testing/reporting-security-
vulnerabilities/ Reporting Security Vulnerabilities]. Trac is not the
correct place for these reports.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/49732#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list