You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by GitBox <gi...@apache.org> on 2021/04/14 14:16:50 UTC
[GitHub] [cordova-common] RichardMcSorley opened a new issue #163: Security Vulnerability in underscore <= 1.12.0 CVE-2021-23358
RichardMcSorley opened a new issue #163:
URL: https://github.com/apache/cordova-common/issues/163
A security vulnerability was detected for underscore <= 1.12.0 according to my code scanner.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358
My applications do not use underscore and seems this only came as a potential risk because I'm using this library via cordova.
Any suggestions are appreciated, Thanks!
<!------------^ Click "Preview" for a nicer view! -->
Apache Cordova uses GitHub Issues as a feature request and bug tracker _only_.
For usage and support questions, please check out the resources below. Thanks!
---
You can get answers to your usage and support questions about **Apache Cordova** on:
* Slack Community Chat: https://cordova.slack.com (you can sign-up at http://slack.cordova.io/)
* StackOverflow: https://stackoverflow.com/questions/tagged/cordova using the tag `cordova`
---
If you are using a tool that uses Cordova internally, like e.g. Ionic, check their support channels:
* **Ionic Framework**
* [Ionic Community Forum](https://forum.ionicframework.com/)
* [Ionic Worldwide Slack](https://ionicworldwide.herokuapp.com/)
* **PhoneGap**
* [PhoneGap Developer Community](https://forums.adobe.com/community/phonegap)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-common] RichardMcSorley commented on issue #163: Security Vulnerability in underscore <= 1.12.0 CVE-2021-23358
Posted by GitBox <gi...@apache.org>.
RichardMcSorley commented on issue #163:
URL: https://github.com/apache/cordova-common/issues/163#issuecomment-819594074
@breautek Thanks for the prompt reply.
Thought that was the case and had some trouble with my local npm but now all is as expected.
For those affected by this simply run
```
npm uninstall cordova-android
npm install cordova-android
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-common] RichardMcSorley edited a comment on issue #163: Security Vulnerability in underscore <= 1.12.0 CVE-2021-23358
Posted by GitBox <gi...@apache.org>.
RichardMcSorley edited a comment on issue #163:
URL: https://github.com/apache/cordova-common/issues/163#issuecomment-819594074
@breautek Thanks for the prompt reply.
Thought that was the case and had some trouble with my local npm but now all is as expected.
For those affected by this simply run
```
npm uninstall cordova-android
npm install cordova-android
```
Run for cordova-ios if you are using that dependency also.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-common] breautek commented on issue #163: Security Vulnerability in underscore <= 1.12.0 CVE-2021-23358
Posted by GitBox <gi...@apache.org>.
breautek commented on issue #163:
URL: https://github.com/apache/cordova-common/issues/163#issuecomment-819564208
## Security issues should be reported via https://www.apache.org/security/
This package declares a dependency on `"underscore": "^1.9.2"`
This means the latest version of underscore 1.x will be installed when you install cordova. Because the patch is landed in `1.13.0`, NPM will install this version for Cordova as it satisfies the declared version, therefore Cordova is not affected by this vulnerability. You however may need to reinstall Cordova so that NPM will install the latest versions of each dependency and sub-dependencies.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org
[GitHub] [cordova-common] breautek closed issue #163: Security Vulnerability in underscore <= 1.12.0 CVE-2021-23358
Posted by GitBox <gi...@apache.org>.
breautek closed issue #163:
URL: https://github.com/apache/cordova-common/issues/163
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org