Description
In Liferay Portal 7.1.3 and possibly earlier unsupported versions, the 'com.liferay.frontend.js.lodash.web' bundle includes Lodash 4.17.4 which has known vulnerabilities.
Severity
Severity 2
Fixed Version(s)
- March 2020 source patch for Liferay Portal 7.1.3. Details for working with source patches can be found on the Patching Liferay Portal page.
Acknowledgments
This issue was reported by Arun
Publication date: Thu, 05 Mar 2020 07:35:00 +0000