PT-2024-40855 · Jq · Jq

Name of the Vulnerable Software and Affected Versions: jq affected versions not specified Description: The issue is related to a heap buffer overflow read, which occurs in the jq software. The crash state indicates that the functions jv parse, f tonumber, and jq next are involved in the issue...

Regular Expression Denial of Service (ReDoS) in lodash

All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions. Steps to reproduce provided by reporter Liyuan Chen: js var lo = require'lodash'; function buildblankn var ret = "1" for var i = 0; i n; i++ r...

nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions

A flaw was found in nodejs-lodash. A Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions is possible...

DEBIAN-CVE-2020-28500

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions. POC var lo = require'lodash'; function buildblank n var ret = "1" for var i = 0; i n; i++ ret += " " return ret + "1"; var s = buildblank50000 var...