43 matches found
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in underscore-1.13.7.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in underscore-1.13.7.tgz Vulnerability Details CVEID:CVE-2026-27601 DESCRIPTION: Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under...
Security Bulletin: Due to the use of Underscore.js, IBM DevOps Solution Workbench is affected by a Denial of Service (CVE-2026-27601)
Summary Underscore.js is used internally within IBM DevOps Solution Workbench Vulnerability Details CVEID:CVE-2026-27601 DESCRIPTION: Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specif...
OESA-2026-1581 nodejs-underscore security update
Underscore.js is a utility-belt library for JavaScript that provides support for the usual functional suspects each, map, reduce, filter... without extending any core JavaScript objects. Security Fixes: Underscore.js is a utility-belt library for JavaScript. Prior to version 1.13.8, the .flatten...
OESA-2026-1580 nodejs-underscore security update
Underscore.js is a utility-belt library for JavaScript that provides support for the usual functional suspects each, map, reduce, filter... without extending any core JavaScript objects. Security Fixes: Underscore.js is a utility-belt library for JavaScript. Prior to version 1.13.8, the .flatten...
OESA-2026-1578 nodejs-underscore security update
Underscore.js is a utility-belt library for JavaScript that provides support for the usual functional suspects each, map, reduce, filter... without extending any core JavaScript objects. Security Fixes: Underscore.js is a utility-belt library for JavaScript. Prior to version 1.13.8, the .flatten...
DEBIAN-CVE-2026-27601
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
AZL-79434 CVE-2026-27601 affecting package rsyslog 8.2204.1-4
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
AZL-79320 CVE-2026-27601 affecting package cyrus-sasl 2.1.28-4
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
AZL-79397 CVE-2026-27601 affecting package krb5 1.21.3-3
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
AZL-79323 CVE-2026-27601 affecting package cyrus-sasl-bootstrap 2.1.28-4
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
AZL-79340 CVE-2026-27601 affecting package cyrus-sasl 2.1.28-8
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
CVE-2026-27601
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
CVE-2026-27601
CVE-2026-27601 affects Underscore.js prior to 1.13.8. The vulnerability arises when _.flatten or _.isEqual recursively processes deeply nested, untrusted input without a depth limit, enabling a Denial of Service via stack overflow under specific data structures (e.g., inputs created via JSON.pars...
CVE-2026-27601 Underscore.js has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
CVE-2026-27601
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
CVE-2026-27601 Underscore.js has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
Uncontrolled Recursion
Overview underscore is a JavaScript's functional programming helper library. Affected versions of this package are vulnerable to Uncontrolled Recursion through the .flatten or .isEqual functions that are used without a depth limit. An attacker can cause the application to crash or become...
PT-2026-22841
Name of the Vulnerable Software and Affected Versions Underscore.js versions prior to 1.13.8 Description Underscore.js, a JavaScript utility-belt library, contains an issue in the .flatten and .isEqual functions. These functions utilize recursion without a depth limit, potentially leading to a...
EUVD-2022-52708
Malicious code in bioql PyPI...
PT-2024-39309 · WordPress · Elementor Addon Elements
Name of the Vulnerable Software and Affected Versions: Elementor Addon Elements plugin for WordPress versions up to, and including, 1.13.8 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data v...