JS: bump vulnerable lodash version for prototype pollution

See https://github.com/lodash/lodash/pull/4336
2026-04-28 02:05:14 +02:00 · 2019-07-03 08:18:16 +02:00
parent 01ce34449d
commit ecf367fa65
1 changed files with 1 additions and 1 deletions
--- a/javascript/ql/src/semmle/javascript/security/dataflow/PrototypePollution.qll
+++ b/javascript/ql/src/semmle/javascript/security/dataflow/PrototypePollution.qll
@@ -162,7 +162,7 @@ module PrototypePollution {
      version.maybeBefore("4.0.1")
      or
      id = "lodash" + any(string s) and
-      version.maybeBefore("4.17.11")
+      version.maybeBefore("4.17.12")
      or
      id = "merge" and
      version.maybeBefore("1.2.1")