USN-8411-1 node-lodash vulnerabilities

It was discovered that Lodash was vulnerable to a prototype pollution issue in the zipObjectDeep function. An attacker could possibly use this issue to modify application behavior. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-8203 Liyuan Chen discovered that Lodash was...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the lodash JavaScript library

Summary Due to use of the lodash JavaScript library, DevOps Test Performance and Rational Performance Tester contain a potential denial of service DoS vulnerability. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution...

Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as havin...

Atlassian Jira Service Management Data Center and Server 10.3.x < 10.3.12 / 11.0.x < 11.1.0 (JSDSERVER-16479)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16479 advisory. - Prototype pollution attack when using .zipObjectDeep in lodash before 4.17.20. CVE-2020-8203 Note th...

lodash security vulnerabilities

lodash is an open-source JavaScript utility library developed by Lodash Utilities. Lodash versions 4.17.22 and earlier contained security vulnerabilities. These vulnerabilities stemmed from prototype pollution in the .unset and .omit functions, which could allow attackers to delete global...

Linux Distros Unpatched Vulnerability : CVE-2020-8203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prototype pollution attack when using .zipObjectDeep in lodash before 4.17.20. CVE-2020-8203 Note that Nessus relies on the presence of the package as reported ...

ROS-20240418-08

A vulnerability in the Browserify-sign cryptographic functionality duplication package is related to the upper bound check in the dsaVerify function. Exploitation of the vulnerability could allow an attacker, acting remotely, to create signatures that can be successfully verified by any public ke...

Security Bulletin: Vulnerabilities in lodash library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-1010266, CVE-2020-28500, CVE-2018-16487, CVE-2018-3721, CVE-2020-8203, CVE-2021-23337, CVE-2019-10744)

Summary lodash is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component. The fix includes lodash v4.17.21. Vulnerability Details CVEID: CVE-2019-1010266 DESCRIPTION: Lodash is vulnerable to a denial of service, caused by uncontrolled resource consumption in Date handler. By...

WordPress 5.4 to 5.8 - Lodash Library Update

Description On September 9, 2021 WordPress version 5.8.1 was released fixing three vulnerabilities. The official blog post states: "The Lodash library has been updated to version 4.17.21 in each branch to incorporate upstream security fixes." The Lodash changelog states that a command injection...

WordPress core <= 5.8 - Command injection vulnerability in the Lodash library

Command injection vulnerability in the Lodash library in WordPress core versions = 5.8. Version update list: 5.8 updated to 5.8.1, 5.7.2 updated to 5.7.3, 5.7.1 updated to 5.7.3, 5.7 updated to 5.7.3, 5.6.4 updated to 5.6.5, 5.6.3 updated to 5.6.5, 5.6.2 updated to 5.6.5, 5.6.1 updated to 5.6.5,...

The vulnerability of the toNumber, trim, and trimEnd functions in the lodash library for application software from Aurora Center involves an uncontrolled resource consumption, allowing attackers to cause service failures.

The vulnerability of the toNumber, trim, and trimEnd functions in the lodash library for application software from Aurora Center involves an uncontrolled consumption of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the Lodash application library of Aurora Center lies in the failure to take measures to neutralize special elements used in the operating system’s command set, allowing attackers to execute arbitrary commands.

The vulnerability of the Lodash application library in Aurora Software Solutions relates to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions

A flaw was found in nodejs-lodash. A Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions is possible...

The vulnerability of the _zipObjectDeep() method implementation in the Lodash library allows a attacker to cause a service failure or execute arbitrary code.

The vulnerability of the zipObjectDeep method implementation in the Lodash library is related to the allocation of unlimited memory. Exploiting this vulnerability could allow an attacker to cause service failures or execute arbitrary code...

Regular Expression Denial of Service (ReDoS)

Overview lodash is a modern JavaScript utility library delivering modularity, performance, & extras. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions. POC var lo = require'lodash'; function buildblank n var...

F5 Networks BIG-IP : Lodash library vulnerability (K47105354)

The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.5.2 / 13.1.3.4 / 13.1.3.5 / 14.1.2.5 / 14.1.2.7 / 15.0.1.4 / 15.1.0.5 / 15.1.1 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K47105354 advisory. - Versions of lodash lower than 4.17.12 a...

lodash input validation error vulnerability

lodash is an open source JavaScript utility library . An input validation error vulnerability exists in lodash version 0.0.1 for Node.js. The vulnerability stems from a network system or product that does not properly validate input data. No details of the vulnerability are provided at this time...

GHSA-X5RQ-J2XG-H7QM Regular Expression Denial of Service (ReDoS) in lodash

lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is:...

Unpatched Prototype Pollution Flaw Affects All Versions of Popular Lodash Library

Lodash, a popular npm library used by more than 4 million projects on GitHub alone, is affected by a high severity security vulnerability that could allow attackers to compromise the security of affected services using the library and their respective user base. Lodash is a JavaScript library tha...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. PoC by Snyk const mergeFn = require'lodash'.defaultsDeep; const payload = '"constructor...