CVE-2021-23337
- EPSS 0.86%
- Published 15.02.2021 13:15:12
- Last modified 21.11.2024 05:51:31
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
CVE-2020-28500
- EPSS 0.2%
- Published 15.02.2021 11:15:12
- Last modified 21.11.2024 05:22:55
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
CVE-2020-8203
- EPSS 2.44%
- Published 15.07.2020 17:15:11
- Last modified 21.11.2024 05:38:29
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
CVE-2019-10744
- EPSS 3.41%
- Published 26.07.2019 00:15:11
- Last modified 21.11.2024 04:19:50
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
CVE-2019-1010266
- EPSS 0.2%
- Published 17.07.2019 21:15:10
- Last modified 21.11.2024 04:18:06
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using...
CVE-2018-16487
- EPSS 0.41%
- Published 01.02.2019 18:29:00
- Last modified 21.11.2024 03:52:51
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
CVE-2018-3721
- EPSS 0.22%
- Published 07.06.2018 02:29:08
- Last modified 21.11.2024 04:05:56
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the...