Dependency: grapesjs >=0.21.13 Depends on vulnerable versions of underscore
Question
GrapesJS version
- I confirm to use the latest version of GrapesJS
What browser are you using?
Edge, mozilla
Reproducible demo link
NA
Describe the bug
underscore <=1.13.7
Severity: high
underscore <=1.13.7
Severity: high
Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack - https://github.com/advisories/GHSA-qpx9-hpmf-5gmw
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/underscore
grapesjs >=0.21.13
Depends on vulnerable versions of underscore
node_modules/grapesjs
Code of Conduct
- I agree to follow this project's Code of Conduct
Answers (1)
Thanks for the report @tiburciomzt
The bump was merged and will soon be released.
Related Questions and Answers
Continue research with similar issue discussions.
Issue #6281
BUG: Layer Manager does not allow reordering on same level. only nesting is allowed on top level(right under body) older versions (e.g: 0.21.8
GrapesJS version [X] I confirm to use the latest version of GrapesJS What browser are you using? latest chrome, firefox, edge Reproducible...
Issue #6211
BUG: Too much recursion
GrapesJS version [X] I confirm to use the latest version of GrapesJS What browser are you using? Firefox 131.0.2 Reproducible demo link htt...
Issue #6019
BUG: unable to hide rte in latest versions
GrapesJS version [X] I confirm to use the latest version of GrapesJS What browser are you using? Chrome Reproducible demo link https://code...
Issue #5743
BUG: XSS vulnerability in iframe attribute src
GrapesJS version [X] I confirm to use the latest version of GrapesJS What browser are you using? Edge v122 Reproducible demo link https://j...
Paid Plugins That Match This Issue
Curated by issue keywords and label relevance to help you ship faster.
Loading paid plugin recommendations...
Browse Plugin Categories
Jump directly to plugin category pages on the marketplace.