Skip to content

Commit acad9f3

Browse files
dependabot[bot]dependabot[bot]
authored
CVE-2026-4800 CVE-2026-2950 lodash vulnerable to Code Injection via _.template imports key names lodash vulnerable to Prototype Pollution via array path bypass in _.unset and _.omit (#978)
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent 8bbca3a commit acad9f3

File tree

4 files changed

+33
-11
lines changed

4 files changed

+33
-11
lines changed

openam-ui/openam-ui-api/package-lock.json

Lines changed: 6 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

openam-ui/openam-ui-api/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
"grunt": "^1.6.1",
1111
"grunt-cli": "1.4.3",
1212
"grunt-contrib-copy": "1.0.0",
13-
"lodash": "^4.17.23"
13+
"lodash": "^4.18.1"
1414
},
1515
"dependencies": {
1616
"swagger-ui-dist": ">=5.29.0"

openam-ui/openam-ui-ria/package-lock.json

Lines changed: 25 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

openam-ui/openam-ui-ria/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@
4444
"karma-nyan-reporter": "0.2.4",
4545
"karma-requirejs": "1.1.0",
4646
"less-plugin-clean-css": "1.5.1",
47-
"lodash": "4.17.23",
47+
"lodash": "4.18.1",
4848
"mocha": "7.2.0",
4949
"requirejs": "2.3.7",
5050
"rimraf": "2.5.4",

0 commit comments

Comments
 (0)