28 matches found
ROOT-APP-NPM-CVE-2020-8203 CVE-2020-8203 in @rootio/lodash.pick - Patched by Root
Root has patched CVE-2020-8203 in the @rootio/lodash.pick package for Root:npm. Multiple fixed versions available...
Prototype Pollution loadash.pick Dependency Vulnerability in Jira Software Data Center and Server
This High severity Prototype Pollution vulnerability known as CVE-2020-8203 was introduced in 10.3.0 of Jira Software Data Center and Server. This vulnerability with a CVSS Score of 7.4 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H allows an unauthenticated attacker to take...
Security Bulletin: Watson Machine Learning Accelerator on Cloud Pak for Data Version is affected by multiple vulnerabilties
Summary Mutiple open source vulnerabilties affects Watson Machine Learning Accelerator on Cloud Pak for Data Version 2.3.3 and have been addressed in version 2.3.4. Vulnerability Details CVEID:CVE-2021-23566 DESCRIPTION: Nanoid could allow a local attacker to obtain sensitive information, caused ...
Security Bulletin: Vulnerabilities found in Turf.js which is shipped with IBM® Intelligent Operations Center [CVE-2020-28500, CVE-2020-8203, CVE-2019-1010266, CVE-2019-10744, CVE-2021-23337 and CVE-2018-16487]
Summary Multiple vulnerabilities have been identified in Turf.js which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203
Summary There are vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2020-9281 DESCRIPTION: CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...
Lodash 4.17.15 in use which is vulnerable to CVE-2020-8203
Description Lodash 4.17.15 in use which is vulnerable to CVE-2020-8203 Proof of Concept 1 Go to https://localhost/Cockpit/modules/App/assets/vendor/lodash.js?ver=2.3.9-1676855050 and note that lodash version is 4.17.15 2 Go to https://localhost/Cockpit/ 3 Open Web Devloper tools Ctrl+Shift+I usin...
Security Bulletin: CVE-2020-8203
Summary Prototype pollution attack when using .zipObjectDeep in lodash before 4.17.20. Vulnerability Details CVEID: CVE-2020-8203 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack. A remote attacker could exploit this vulnerability usi...
Security Bulletin: Vulnerabilities in lodash library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-1010266, CVE-2020-28500, CVE-2018-16487, CVE-2018-3721, CVE-2020-8203, CVE-2021-23337, CVE-2019-10744)
Summary lodash is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component. The fix includes lodash v4.17.21. Vulnerability Details CVEID: CVE-2019-1010266 DESCRIPTION: Lodash is vulnerable to a denial of service, caused by uncontrolled resource consumption in Date handler. By...
Oracle Primavera Gateway (Jul 2021 CPU)
The 17.12.11, 18.8.11, 19.12.10, and 20.12.0 versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2021 CPU advisory. - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering component: Admin...
RHEL 8 : Red Hat Virtualization (RHSA-2020:5179)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5179 advisory. The org.ovirt.engine-root is a core component of oVirt. The following packages have been upgraded to a later upstream version: engine-db-que...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.6.1 image security update
An update is now available for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Node.js (CVE-2020-8203)
Summary Security Vulnerabilities affect IBM Cloud Pak for Data - Node.js CVE-2020-8203 Vulnerability Details Third Party Entry: 183560 DESCRIPTION: Node.js lodash module denial of service CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183560 fo...
Moderate: Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update
An update is now available for Red Hat Virtualization Engine 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh security update
An update is now available for OpenShift Service Mesh 1.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links ...
CVE-2020-8203
A flaw was found in nodejs-lodash in versions 4.17.15 and earlier. A prototype pollution attack is possible which can lead to arbitrary code execution. The primary threat from this vulnerability is to data integrity and system availability...
@braneframe/plugin-github (>=0.1.53-main.0b45885 <=0.6.7-staging.e9eb1ed), @dxos/plugin-github (>=0.6.8 <=0.7.4-staging.f7e8224) +26 more potentially affected by CVE-2020-8203 via lodash.update (=4.10.2)
lodash.update NPM version =4.10.2 is affected by a known vulnerability. The following packages have a transitive dependency on lodash.update and may be impacted: - @braneframe/plugin-github =0.1.53-main.0b45885, =0.6.8, =0.2.19, =0.0.1, =5.5.0, =22.1.0, =5.2.0, =4.0.0, =1.0.0, =1.12.0, =1.0.0,...
0-dd-trace-init-first-production (>=1.0.0 <=1.0.1), 0.extends.wechat (>=1.0.51 <=1.0.65) +14394 more potentially affected by CVE-2020-8203 via lodash.pick (>=4.0.1 <=4.4.0)
lodash.pick NPM version =4.0.1, =1.0.0, =1.0.51, =1.0.3, =1.0.0, =1.0.0, =4.11.0, =1.0.0, =1.0.1-6.1, =1.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2020-8203 Source advisory: OSV:GHSA-P6MC-M468-83GW...
@across-ui/example (>=0.0.1-alpha.4 <=0.0.4-alpha.5), @agreejs/api (>=0.0.1 <=3.2.14) +709 more potentially affected by CVE-2020-8203 via lodash-es (>=4.0.0 <=4.17.2)
lodash-es NPM version =4.0.0, =0.0.1-alpha.4, =0.0.1, =0.0.2, =3.2.1, =3.2.1, =3.2.1, =0.0.1, =3.2.1, =3.2.1, =0.3.14, =0.4.63, =0.1.1, =0.5.23 and more Source cves: CVE-2020-8203 Source advisory: OSV:GHSA-P6MC-M468-83GW...
0-logger (>=1.1.0 <=1.1.1), 0xsodium (>=0.2.0 <=0.14.0) +9313 more potentially affected by CVE-2020-8203 via lodash.set (>=3.7.4 <=4.3.2)
lodash.set NPM version =3.7.4, =1.1.0, =0.2.0, =2.0.0, =1.1.0, =1.0.0, =1.0.1, =4.11.0, =4.11.46 - 88slot-ap =1.0.0 and more Source cves: CVE-2020-8203 Source advisory: OSV:GHSA-P6MC-M468-83GW...
10by10-react-app (=1.2.1), 1k-utils (>=1.0.0 <=1.0.1) +14517 more potentially affected by CVE-2020-8203 via lodash (>=3.7.0 <=4.17.18)
lodash NPM version =3.7.0, =1.0.0, =0.0.2, =0.1.1, =3.0.2, =1.0.0, =0.2.0, =0.1.0, =0.1.0, =1.0.23, =4.11.0, =0.0.1, =0.2.1, =0.3.44 and more Source cves: CVE-2020-8203 Source advisory: OSV:GHSA-P6MC-M468-83GW...