[Snyk: High] Command Injection (due 3/19/21) #4766
Description
Command Injection
Vulnerable module: lodash
Introduced through: swagger-tools@0.10.4
Exploit maturity: Proof of concept
Detailed paths
Introduced through: openfec@1.0.0 › swagger-tools@0.10.4 › lodash@4.17.20
Remediation: No remediation path available.
Introduced through: openfec@1.0.0 › swagger-tools@0.10.4 › async@2.6.3 › lodash@4.17.20
Remediation: No remediation path available.
Introduced through: openfec@1.0.0 › swagger-tools@0.10.4 › json-refs@3.0.15 › lodash@4.17.20
Remediation: No remediation path available but possible PR in progress: lodash/lodash#5085
Overview
lodash is a modern JavaScript utility library delivering modularity, performance, & extras.
Affected versions of this package are vulnerable to Command Injection via template.
Completion criteria:
- Determine whether this is necessary work and make recommendations as necessary to address