Command Injection on sub-dependency lodash.template via @oclif/plugin-help

Question

mrjackdavis opened this issue 2 years ago · comments

tldr; please update @oclif/plugin-help to 3.2.14 to fix a vulnerability in zapier-platform-cli

lodash.template package has a security vulnerability. See here https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054. The CVE rating is HIGH 7.2.

@oclif/plugin-help version should be updated. I believe 3.2.14 would suffice.

Please consider ^ syntax so that your dependents can update patch versions without updates required to the repo

Raúl Negrón · Answer 1 · Fri Feb 02 2024 21:20:30 GMT+0800 (China Standard Time)

Fixed in #739.