EUVD-2019-0610

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

lodash before 4.17.11 is vulnerable to denial of service via uncontrolled resource consumption.

Reporter	Title	Published	Views	Family All 34
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in lodash shipped with PowerAI	20 Dec 201908:47	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Verify Governance has multiple vulnerabilities	18 Jul 202306:14	–	ibm
IBM Security Bulletins	Security Bulletin: DevOps Test Performance contains vulnerabilities related to use of the lodash library	17 Apr 202613:08	–	ibm
IBM Security Bulletins	Security Bulletin: A Security Vulnerability affects IBM Cloud Private - lodash (CVE-2019-1010266)	18 Feb 202021:02	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform	26 Jan 202317:01	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Spring WebFlux, Jenkins, Spring Securiy, Spring Framework, and Node.js lodash might affect IBM Storage Defender Copy Data Management.	5 May 202618:22	–	ibm
IBM Security Bulletins	Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	18 Oct 202213:51	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in lodash library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-1010266, CVE-2020-28500, CVE-2018-16487, CVE-2018-3721, CVE-2020-8203, CVE-2021-23337, CVE-2019-10744)	27 Jun 202203:53	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services 4.15.0 shipped with IBM Cloud Pak for Business Automation iFixes for December 2025.	7 Jan 202612:30	–	ibm
IBM Security Bulletins	Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for October 2025.	3 Nov 202522:14	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "000b50c0-272e-3d7c-bd7f-492fe61872c4",
        "vendor": {
          "name": "lodash"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "7d09bb88-e6ee-3701-8703-ebe8d93dc727",
        "product": {
          "name": "lodash"
        },
        "product_version": "<4.17.11 [fixed: 4.7.11]"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-1010266
github	www.github.com/lodash/lodash/issues/3359
github	www.github.com/lodash/lodash/commit/5c08f18d365b64063bfbfa686cbb97cdd6267347
github	www.github.com/lodash/lodash/wiki/Changelog
security	www.security.netapp.com/advisory/ntap-20190919-0004
snyk	www.snyk.io/vuln/SNYK-JS-LODASH-73639
access	www.access.redhat.com/errata/RHSA-2021:3917
security	www.security.netapp.com/advisory/ntap-20190919-0004/
github	www.github.com/github/advisory-database/pull/6138
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2019-1010266.yml

07 Oct 2025 00:30Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.16.5

CVSS 24

EPSS0.00207

cwe-400 denial of service date handler vulnerability 4.17.11 attack vector