CX: Cxe578f4ea-ca81 in Unknown-lodash and 2.4.2 @ nodegoat_cxflow.master

Description

Versions of constantinople prior to 3.1.1 are vulnerable to a sandbox bypass which can lead to arbitrary code execution.

HIGH Vulnerable Package issue exists @ lodash in branch master

Vulnerability ID: Cxe578f4ea-ca81

Package Name: lodash

Severity: HIGH

CVSS Score: 8.3

Publish Date: 2019-07-25T21:00:00

Current Package Version: 2.4.2

Remediation Upgrade Recommendation: 4.17.20

Link To SCA