You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: .retireignore.json
+5Lines changed: 5 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -4,6 +4,11 @@
4
4
"version": "1.12.4",
5
5
"justification": "CVE issues (CVE-2019-11358, CVE-2020-11023) have been mitigated with a patched version of jQuery (packages/@okta/courage-dist/esm/src/courage/vendor/lib/jquery-1.12.4.js)"
6
6
},
7
+
{
8
+
"component": "underscore.js",
9
+
"version": "1.13.1",
10
+
"justification": "CVE-2026-27601: _.flatten and _.isEqual DoS via unbounded recursion. Mitigated - the widget does not pass untrusted external input to these functions. Upstream fix requires rebuilding courage-dist with underscore 1.13.8."
0 commit comments