5.3

CVE-2020-28500

Exploit

Regular Expression Denial of Service (ReDoS)

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LodashLodash SwPlatformnode.js Version < 4.17.21
OracleJd Edwards Enterpriseone Tools Version < 9.2.6.1
OraclePrimavera Gateway Version >= 17.12.0 <= 17.12.11
OraclePrimavera Gateway Version >= 18.8.0 <= 18.8.12
OraclePrimavera Gateway Version >= 19.12.0 <= 19.12.11
OraclePrimavera Gateway Version >= 20.12.0 <= 20.12.7
OraclePrimavera Unifier Version >= 17.7 <= 17.12
OraclePrimavera Unifier Version18.8
OraclePrimavera Unifier Version19.12
OraclePrimavera Unifier Version20.12
SiemensSinec Ins Version < 1.0
SiemensSinec Ins Version1.0 Update-
SiemensSinec Ins Version1.0 Updatesp1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.34% 0.936
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
report@snyk.io 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://www.oracle.com/security-alerts/cpujan2022.html
Patch
Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
Third Party Advisory
Not Applicable
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Patch
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
Patch
Third Party Advisory
https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8
Broken Link
https://github.com/lodash/lodash/pull/5065
Patch
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210312-0006/
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896
Third Party Advisory
Exploit
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894
Third Party Advisory
Exploit
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892
Third Party Advisory
Exploit
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895
Third Party Advisory
Exploit
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893
Third Party Advisory
Exploit
https://snyk.io/vuln/SNYK-JS-LODASH-1018905
Third Party Advisory
Exploit