CVE-2020-28500

Exploit

EPSS 0.25%
Veröffentlicht 15.02.2021 11:15:12
Zuletzt bearbeitet 21.11.2024 05:22:55
Quelle report@snyk.io
CVE-Watchlists
Login
Unerledigt
Login

Regular Expression Denial of Service (ReDoS)

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 0 Referenzen 17

NVD 42 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lodash ≫ Lodash SwPlatformnode.js Version < 4.17.21

Oracle ≫ Banking Corporate Lending Process Management Version14.2.0

Oracle ≫ Banking Corporate Lending Process Management Version14.3.0

Oracle ≫ Banking Corporate Lending Process Management Version14.5.0

Oracle ≫ Banking Credit Facilities Process Management Version14.2.0

Oracle ≫ Banking Credit Facilities Process Management Version14.3.0

Oracle ≫ Banking Credit Facilities Process Management Version14.5.0

Oracle ≫ Banking Extensibility Workbench Version14.2.0

Oracle ≫ Banking Extensibility Workbench Version14.3.0

Oracle ≫ Banking Extensibility Workbench Version14.5.0

Oracle ≫ Banking Supply Chain Finance Version14.2.0

Oracle ≫ Banking Supply Chain Finance Version14.3.0

Oracle ≫ Banking Supply Chain Finance Version14.5.0

Oracle ≫ Banking Trade Finance Process Management Version14.2.0

Oracle ≫ Banking Trade Finance Process Management Version14.3.0

Oracle ≫ Banking Trade Finance Process Management Version14.5.0

Oracle ≫ Communications Cloud Native Core Policy Version1.11.0

Oracle ≫ Communications Design Studio Version7.4.2

Oracle ≫ Communications Services Gatekeeper Version7.0

Oracle ≫ Communications Session Border Controller Version8.4

Oracle ≫ Communications Session Border Controller Version9.0

Oracle ≫ Enterprise Communications Broker Version3.2.0

Oracle ≫ Enterprise Communications Broker Version3.3.0

Oracle ≫ Financial Services Crime And Compliance Management Studio Version8.0.8.2.0

Oracle ≫ Financial Services Crime And Compliance Management Studio Version8.0.8.3.0

Oracle ≫ Health Sciences Data Management Workbench Version2.5.2.1

Oracle ≫ Health Sciences Data Management Workbench Version3.0.0.0

Oracle ≫ Jd Edwards Enterpriseone Tools Version < 9.2.6.1

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.59

Oracle ≫ Primavera Gateway Version >= 17.12.0 <= 17.12.11

Oracle ≫ Primavera Gateway Version >= 18.8.0 <= 18.8.12

Oracle ≫ Primavera Gateway Version >= 19.12.0 <= 19.12.11

Oracle ≫ Primavera Gateway Version >= 20.12.0 <= 20.12.7

Oracle ≫ Primavera Unifier Version >= 17.7 <= 17.12

Oracle ≫ Primavera Unifier Version18.8

Oracle ≫ Primavera Unifier Version19.12

Oracle ≫ Primavera Unifier Version20.12

Oracle ≫ Retail Customer Management And Segmentation Foundation Version19.0

Siemens ≫ Sinec Ins Version < 1.0

Siemens ≫ Sinec Ins Version1.0 Update-

Siemens ≫ Sinec Ins Version1.0 Updatesp1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.474

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
report@snyk.io	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://www.oracle.com/security-alerts/cpujan2022.html

Patch

Third Party Advisory

https://www.oracle.com//security-alerts/cpujul2021.html

Third Party Advisory

Not Applicable

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Patch

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

Patch

Third Party Advisory

https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8

Broken Link

https://github.com/lodash/lodash/pull/5065

Patch

Third Party Advisory

https://security.netapp.com/advisory/ntap-20210312-0006/

Third Party Advisory

https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896

Third Party Advisory

Exploit

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894

Third Party Advisory

Exploit

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892

Third Party Advisory

Exploit

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895

Third Party Advisory

Exploit

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893

Third Party Advisory

Exploit

https://snyk.io/vuln/SNYK-JS-LODASH-1018905

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-28500

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-28500

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-28500

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-28500