Added vuln

[altearjen]

No description provided.

[semgrep-code-atearjen]

Semgrep found 1 ssc-a4fd0e64-ce76-449c-8e09-743db9edce4e finding:

• routes/index.js
  • L352-356

Risk: lodash 4.17.x before 4.17.12, lodash.defaultsdeep 4.6.x before 4.6.1, lodash.mergewith 4.6.x before 4.6.2, lodash.merge 4.6.x before 4.6.2, and lodash.template 4.5.x before 4.5.0 are vulnerable to improper input validation. Several lodash methods unsafely perform object merges, allowing user input to override object prototypes. Upgrade to lodash 4.17.12, lodash.defaultsdeep 4.6.1, lodash.mergewith 4.6.2, lodash.merge 4.6.2, or lodash.template 4.5.0.

Fix: Upgrade this library to at least version 4.17.12 at nodejs-goof/package-lock.json:16106.

Reference(s): GHSA-jf85-cpcp-j695, CVE-2019-10744

_{Ignore this finding from ssc-a4fd0e64-ce76-449c-8e09-743db9edce4e.}

Semgrep found 1 ssc-29317a8b-48ec-4715-9dc0-a658e559fa23 finding:

• routes/index.js
  • L352-356

Risk: Affected versions of lodash are vulnerable to Uncontrolled Resource Consumption. Vulnerable functions allow a malicious user to cause the addition or modification of an existing proprty that exists on all objects.

Fix: Upgrade this library to at least version 4.17.11 at nodejs-goof/package-lock.json:16106.

Reference(s): GHSA-4xc9-xhrj-v574, CVE-2018-16487

_{Ignore this finding from ssc-29317a8b-48ec-4715-9dc0-a658e559fa23.}