Security Alert: lodash.trimend vulnerability in botbuilder-dialogs #4579
Labels
bug
Indicates an unexpected problem or an unintended behavior.
needs-triage
The issue has just been created and it has not been reviewed by the team.
Comments
shahrukhalam123
added
bug
|
Should have been corrected in latest release. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description:
Recently, a security scan revealed a vulnerability related to the use of lodash.trimend v4.5.1 in the botbuilder-dialogs library. This poses a potential security risk, and we need to address this issue promptly.
Vulnerability Details:
The vulnerability is related to lodash.trimend v4.5.1 , and it has been flagged in the security scan. More details about the specific vulnerability can be found
Regular Expression Denial of Service (ReDoS)
https://security.snyk.io/vuln/SNYK-JS-LODASH-1018905
lodash/lodash#5643
GHSA-29mw-wpgm-hmr9
Proposed Fix:
To fix this security vulnerability, it is recommended to upgrade lodash.trimend to a version that addresses the reported issue. Please consider updating the dependency to the latest version which resolves the security concern.
Affected Component:
Library: botbuilder-dialogs
Dependency: lodash.trimend v4.5.1
Labels:
security
botbuilder-dialogs
lodash.trimend
The text was updated successfully, but these errors were encountered: