14 matches found
OESA-2026-1579 nodejs-underscore security update
Underscore.js is a utility-belt library for JavaScript that provides support for the usual functional suspects each, map, reduce, filter... without extending any core JavaScript objects. Security Fixes: Underscore.js is a utility-belt library for JavaScript. Prior to version 1.13.8, the .flatten...
AZL-79434 CVE-2026-27601 affecting package rsyslog 8.2204.1-4
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
AZL-79404 CVE-2026-27601 affecting package python-sqlalchemy 1.4.32-2
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
AZL-79401 CVE-2026-27601 affecting package python-sphinx 4.4.0-3
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
CVE-2026-27601
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
CVE-2026-27601
CVE-2026-27601 affects Underscore.js prior to 1.13.8. The vulnerability arises when _.flatten or _.isEqual recursively processes deeply nested, untrusted input without a depth limit, enabling a Denial of Service via stack overflow under specific data structures (e.g., inputs created via JSON.pars...
CVE-2026-27601
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
CVE-2026-27601 Underscore.js has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
EUVD-2026-9341
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
CVE-2026-27601 Underscore.js has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
GHSA-QPX9-HPMF-5GMW Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack
Impact In simple words, some programs that use .flatten or .isEqual could be made to crash. Someone who wants to do harm may be able to do this on purpose. This can only be done if the program has special properties. It only works in Underscore versions up to 1.13.7. A more detailed explanation...
Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack
Impact In simple words, some programs that use .flatten or .isEqual could be made to crash. Someone who wants to do harm may be able to do this on purpose. This can only be done if the program has special properties. It only works in Underscore versions up to 1.13.7. A more detailed explanation...
Uncontrolled Recursion
Overview org.webjars.npm:underscore is a JavaScript's functional programming helper library. Affected versions of this package are vulnerable to Uncontrolled Recursion through the .flatten or .isEqual functions that are used without a depth limit. An attacker can cause the application to crash or...
PT-2026-22841
Name of the Vulnerable Software and Affected Versions Underscore.js versions prior to 1.13.8 Description Underscore.js, a JavaScript utility-belt library, contains an issue in the .flatten and .isEqual functions. These functions utilize recursion without a depth limit, potentially leading to a...