Lucene search

K
cveHackeroneCVE-2020-8203
HistoryJul 15, 2020 - 5:15 p.m.

CVE-2020-8203

2020-07-1517:15:11
CWE-770
CWE-1321
hackerone
web.nvd.nist.gov
233
4
cve-2020-8203
prototype pollution
_.zipobjectdeep
lodash
security vulnerability
nvd

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.017

Percentile

87.7%

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

Affected configurations

Nvd
Node
lodashlodashRange<4.17.20node.js
Node
oraclebanking_corporate_lending_process_managementMatch14.2.0
OR
oraclebanking_corporate_lending_process_managementMatch14.3.0
OR
oraclebanking_corporate_lending_process_managementMatch14.5.0
OR
oraclebanking_credit_facilities_process_managementMatch14.2.0
OR
oraclebanking_credit_facilities_process_managementMatch14.3.0
OR
oraclebanking_credit_facilities_process_managementMatch14.5.0
OR
oraclebanking_extensibility_workbenchMatch14.2.0
OR
oraclebanking_extensibility_workbenchMatch14.3.0
OR
oraclebanking_extensibility_workbenchMatch14.5.0
OR
oraclebanking_liquidity_managementMatch14.2.0
OR
oraclebanking_liquidity_managementMatch14.3.0
OR
oraclebanking_liquidity_managementMatch14.5.0
OR
oraclebanking_supply_chain_financeMatch14.2.0
OR
oraclebanking_supply_chain_financeMatch14.3.0
OR
oraclebanking_supply_chain_financeMatch14.5.0
OR
oraclebanking_trade_finance_process_managementMatch14.2.0
OR
oraclebanking_trade_finance_process_managementMatch14.3.0
OR
oraclebanking_trade_finance_process_managementMatch14.5.0
OR
oraclebanking_virtual_account_managementMatch14.2.0
OR
oraclebanking_virtual_account_managementMatch14.3.0
OR
oraclebanking_virtual_account_managementMatch14.5.0
OR
oracleblockchain_platformRange<21.1.2
OR
oraclecommunications_billing_and_revenue_managementMatch7.5.0.23.0
OR
oraclecommunications_billing_and_revenue_managementMatch12.0.0.3.0
OR
oraclecommunications_cloud_native_core_policyMatch1.11.0
OR
oraclecommunications_session_border_controllerMatch8.4
OR
oraclecommunications_session_border_controllerMatch9.0
OR
oraclecommunications_session_border_controllerMatchcz8.4
OR
oraclecommunications_session_routerMatchcz8.4
OR
oraclecommunications_subscriber-aware_load_balancerMatchcz8.3
OR
oraclecommunications_subscriber-aware_load_balancerMatchcz8.4
OR
oracleenterprise_communications_brokerMatch3.2.0
OR
oracleenterprise_communications_brokerMatch3.3.0
OR
oracleenterprise_communications_brokerMatchpcz3.3
OR
oraclejd_edwards_enterpriseone_toolsRange9.2.6.0
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.58
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.59
OR
oracleprimavera_gatewayRange17.12.017.12.11
OR
oracleprimavera_gatewayRange18.8.018.8.12
OR
oracleprimavera_gatewayRange19.12.019.12.11
OR
oracleprimavera_gatewayRange20.12.020.12.7
VendorProductVersionCPE
lodashlodash*cpe:2.3:a:lodash:lodash:*:*:*:*:*:node.js:*:*
oraclebanking_corporate_lending_process_management14.2.0cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*
oraclebanking_corporate_lending_process_management14.3.0cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*
oraclebanking_corporate_lending_process_management14.5.0cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*
oraclebanking_credit_facilities_process_management14.2.0cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*
oraclebanking_credit_facilities_process_management14.3.0cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*
oraclebanking_credit_facilities_process_management14.5.0cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*
oraclebanking_extensibility_workbench14.2.0cpe:2.3:a:oracle:banking_extensibility_workbench:14.2.0:*:*:*:*:*:*:*
oraclebanking_extensibility_workbench14.3.0cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*
oraclebanking_extensibility_workbench14.5.0cpe:2.3:a:oracle:banking_extensibility_workbench:14.5.0:*:*:*:*:*:*:*
Rows per page:
1-10 of 391

CNA Affected

[
  {
    "product": "lodash",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Not Fixed"
      }
    ]
  }
]

Social References

More

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.017

Percentile

87.7%