CVE-2021-23337 lodash versions prior to 4.17.21 are vulnerable to

Command Injection via the template function.
OpenIdentityPlatform · May 12, 2021 · 8035feb · 8035feb
1 parent 85d76cc
commit 8035feb
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/openig-ui/package.json b/openig-ui/package.json
@@ -22,7 +22,7 @@
     "grunt-serve": "0.1.6",
     "grunt-sync": "0.8.1",
     "less-plugin-clean-css": "1.5.1",
-    "lodash": "4.17.19",
+    "lodash": ">=4.17.21",
     "requirejs": "2.3.2"
   },
   "dependencies": {
@@ -34,6 +34,7 @@
     "fresh": ">=0.5.2",
     "send": ">=0.11.1",
     "dot": ">=1.1.3",
-	"grunt": ">=1.3.0"
+    "lodash": ">=4.17.21",
+    "grunt": ">=1.3.0"
   }
 }