Lucene search
K

6 matches found

Snyk
Snyk
added 2026/03/31 11:2 p.m.12 views

Arbitrary Code Injection

Overview lodash-rails is a lodash for the Rails asset pipeline. Affected versions of this package are vulnerable to Arbitrary Code Injection due the improper validation of options.imports key names in .template. An attacker can execute arbitrary code at template compilation time by injecting...

9.8CVSS6.2AI score0.2241EPSS
Exploits3References2
Snyk
Snyk
added 2020/11/17 1:2 p.m.4 views

Code Injection

Overview lodash-rails is a lodash for the Rails asset pipeline. Affected versions of this package are vulnerable to Code Injection due the improper validation of options.variable key names in .template. An attacker can execute arbitrary code at template compilation time by injecting malicious...

7.2CVSS7.2AI score0.2241EPSS
Exploits3References2
Snyk
Snyk
added 2020/04/27 10:14 p.m.3 views

Prototype Pollution

Overview lodash-rails is a lodash for the Rails asset pipeline. Affected versions of this package are vulnerable to Prototype Pollution. The function zipObjectDeep can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects. PoC js...

8.2CVSS7.7AI score0.05213EPSS
Exploits1References3
Snyk
Snyk
added 2019/06/19 11:45 a.m.4 views

Prototype Pollution

Overview lodash-rails is a lodash for the Rails asset pipeline. Affected versions of this package are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. PoC by Snyk const mergeFn =...

9.1CVSS8.3AI score0.05006EPSS
Exploits2References3
Snyk
Snyk
added 2018/08/31 6:21 p.m.4 views

Prototype Pollution

Overview lodash-rails is a lodash for the Rails asset pipeline. Affected versions of this package are vulnerable to Prototype Pollution. The functions merge, mergeWith, and defaultsDeep could be tricked into adding or modifying properties of Object.prototype. This is due to an incomplete fix to...

7.3CVSS6.9AI score0.02413EPSS
Exploits3References6
Snyk
Snyk
added 2018/01/30 10:28 p.m.4 views

Prototype Pollution

Overview lodash-rails is a lodash for the Rails asset pipeline. Affected versions of this package are vulnerable to Prototype Pollution. The utilities function allow modification of the Object prototype. If an attacker can control part of the structure passed to this function, they could add or...

6.5CVSS7.1AI score0.02413EPSS
Exploits2References6
Rows per page
Query Builder