Vulnerabilities / Underscore.js library with known vulnerabilities
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
↓
Severity
Low
CWE Name
Underscore.js library with known vulnerabilities
CWE ID
CWE-1035
CVSS Score
4.8
Compliance
OWASP TOP10 -> A5, A6
PCI-DSS -> 6.2
ISO27001 -> A.8.9
PCI-DSS -> 6.2
ISO27001 -> A.8.9
The application uses an outdated version of the Underscore.js library, which has known vulnerabilities.
How to fix
-
To fix this issue, you just need to update Underscore.js to the latest version available on their website.
Do not forget to update all the Underscore.js files you have on the server.