Regular Expression Denial of Service (ReDoS) in lodash

All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions. Steps to reproduce provided by reporter Liyuan Chen: js var lo = require'lodash'; function buildblankn var ret = "1" for var i = 0; i n; i++ r...

nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions

A flaw was found in nodejs-lodash. A Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions is possible...

DEBIAN-CVE-2020-28500

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions...

UBUNTU-CVE-2020-28500

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions. POC var lo = require'lodash'; function buildblank n var ret = "1" for var i = 0; i n; i++ ret += " " return ret + "1"; var s = buildblank50000 var...