EUVD-2019-0610

Malware in sbrugna...

Lodash < 4.17.11 Prototype Pollution

According to its self-reported version number, Lodash is prior to 4.17.11. It is, therefore, affected by a prototype pollution vulnerability in the functions merge, mergeWith and defaultsDeep which could be tricked into adding or modifying properties of Object.prototype using a constructor payloa...

CVE-2019-1010266

lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is:...

AZL-45159 CVE-2019-1010266 affecting package js-jquery 3.5.0-4

lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is:...

Denial of service

lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is:...

UBUNTU-CVE-2019-1010266

lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is:...

CVE-2019-1010266

lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is:...

CVE-2019-1010266

lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is:...

CVE-2019-1010266

CVE-2019-1010266 is a lodash vulnerability affecting versions before 4.17.11, caused by Uncontrolled Resource Consumption (ReDoS) in the Date handling code. The attack relies on the library matching very long strings with a regular expression, leading to a Denial of Service. The fix is to upgrade...

10by10-react-app (=1.2.1), 1k-utils (>=1.0.0 <=1.0.1) +8628 more potentially affected by CVE-2019-10744 via lodash (>=4.0.0 <=4.17.11)

lodash NPM version =4.0.0, =1.0.0, =0.0.2, =0.1.1, =1.0.0, =0.2.0, =0.1.0, =0.1.0, =0.0.1, =0.2.1, =0.0.2, =0.0.7, =0.4.20, =1.0.7, =1.13.10 and more Source cves: CVE-2019-10744 Source advisory: SNYK:JS-LODASH-450202...

GHSA-4XC9-XHRJ-V574 Prototype Pollution in lodash

Versions of lodash before 4.17.11 are vulnerable to prototype pollution. The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing propert...

Prototype Pollution in lodash

Versions of lodash before 4.17.11 are vulnerable to prototype pollution. The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing propert...

Fedora 28 : kernel / kernel-headers (2018-cc812838fb)

The 4.17.11 stable update contains a number of important fixes across the tree. Also of note, starting with this release, kernel-headers is built from a different srpm. The contents should be the same, but there were some benefits to breaking it from the kernel build. ---- The 4.17.10 stable kern...

PT-2018-3812

Name of the Vulnerable Software and Affected Versions lodash versions prior to 4.17.11 Description A prototype pollution issue was discovered in the merge, mergeWith, and defaultsDeep functions of the lodash library. This issue can be exploited to add or modify properties of Object.prototype. The...

Parrot Security 4.2.2 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Updated kernel and core packages Parrot 4.2 is powered by the latestLinux 4.18 debianized kernel with all the usual wireless patches. A new version of the Debian-Installer now powers our netinstall images and the standard Parrot images. Firmware packages were updated to add broader hardware...

Fedora 27 : kernel / kernel-headers (2018-49bda79bd5)

The 4.17.11 stable update contains a number of important fixes across the tree. Also of note, starting with this release, kernel-headers is built from a different srpm. The contents should be the same, but there were some benefits to breaking it from the kernel build. ---- The 4.17.10 stable kern...

[SECURITY] Fedora 28 Update: kernel-4.17.11-200.fc28

The kernel meta package...

[SECURITY] Fedora 27 Update: kernel-4.17.11-100.fc27

The kernel meta package...