678 matches found
Lodash Template - Server-Side Template Injection (RCE)
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. id: CVE-2021-23337 info: name: Lodash Template - Server-Side Template Injection RCE author: DhiyaneshDk severity: high description: | Lodash versions prior to 4.17.21 are vulnerable to Command Injectio...
ROOT-APP-NPM-CVE-2020-8203 CVE-2020-8203 in @rootio/lodash.pick - Patched by Root
Root has patched CVE-2020-8203 in the @rootio/lodash.pick package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2021-23337 CVE-2021-23337 in @rootio/lodash.template - Patched by Root
Root has patched CVE-2021-23337 in the @rootio/lodash.template package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-4800 CVE-2026-4800 in @rootio/lodash - Patched by Root
Root has patched CVE-2026-4800 in the @rootio/lodash package for Root:npm. Multiple fixed versions available...
CVE-2026-58191
Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C WebDriver protocol. Prior to 10.7.0, Appium's base-driver unconditionally mounts the /test/guinea-pig, /test/guinea-pig-scrollable, and /test/guinea-pig-app-banner routes, and compileLodashTemplate...
Security Bulletin: Multiple Vulnerabilities affect IBM Cloud Pak System
Summary Multiple Vulnerabilities have been addressed in IBM Cloud Pak System v2.3.5.1. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable v...
Malicious code in @lodash-en/lodash-en (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ccf4c6fcb3eb02a4b990660b8a47961f0cd393915787990149de40ee1b201a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-6739 Malicious code in @lodash-en/lodash-en (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ccf4c6fcb3eb02a4b990660b8a47961f0cd393915787990149de40ee1b201a0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
lodash: lodash: Arbitrary code execution via untrusted input in template imports
A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. Additionally, .template uses assignInWith to merge imports, whi...
lodash: prototype pollution in _.unset and _.omit functions
A flaw was found in Lodash. A prototype pollution vulnerability in the .unset and .omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service...
lodash: prototype pollution in _.unset and _.omit functions
A flaw was found in Lodash. A prototype pollution vulnerability in the .unset and .omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service...
Security Bulletin: Multiple security vulnerabilities addressed with IBM Business Automation Workflow cumulative fixes June 2026
Summary In addition to updating many operating system level packages, the following security vulnerabilities are addressed with IBM Business Automation Workflow cumulative fixes. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structure...
Security Bulletin: Vulnerabilities in Spring Security, Apache Tomcat, Netty, Lodash, Spring Framework and Node.js might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Security, Apache Tomcat, Netty, Lodash, Spring Framework and Node.js. Vulnerabilities include the authentication, authorization, and other security controls being rendered inactive on intended requests,...
Security Bulletin: Vulnerabilities in lodash, cryptography and axios might affect IBM Storage Defender Sentinel Anomaly Scan Engine.
Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by lodash, cryptography and axios. Vulnerabilities include allowing an attacker to perform prototype pollution, create buffer overflows, improper validation of certificates and connect to internal services. More details are...
Security Bulletin: Multiple vulnerabilities affect IBM® Db2® Big SQL on IBM Software Hub.
Summary Multiple vulnerabilities have been addressed in IBM® Db2® Big SQL on IBM Software Hub. Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465:...
Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software
Summary Open source packages are used as part of the overall processing in DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass...
Security Bulletin: Vulnerability in Lodash affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Lodash has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...
Security Bulletin: Vulnerability in Lodash affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Lodash has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...
Security Bulletin: Vulnerability in Lodash affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Lodash has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...
Siemens RUGGEDCOM RST2428P Prototype Pollution (CVE-2025-13465)
Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unsetand .omitfunctions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original...