9 matches found
Lodash < 4.17.11 Prototype Pollution
According to its self-reported version number, Lodash is prior to 4.17.11. It is, therefore, affected by a prototype pollution vulnerability in the functions merge, mergeWith and defaultsDeep which could be tricked into adding or modifying properties of Object.prototype using a constructor payloa...
AZL-45159 CVE-2019-1010266 affecting package js-jquery 3.5.0-4
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is:...
CVE-2019-1010266
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is:...
Denial of service
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is:...
UBUNTU-CVE-2019-1010266
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is:...
CVE-2019-1010266
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is:...
GHSA-4XC9-XHRJ-V574 Prototype Pollution in lodash
Versions of lodash before 4.17.11 are vulnerable to prototype pollution. The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing propert...
PT-2018-3812
Name of the Vulnerable Software and Affected Versions lodash versions prior to 4.17.11 Description A prototype pollution issue was discovered in the merge, mergeWith, and defaultsDeep functions of the lodash library. This issue can be exploited to add or modify properties of Object.prototype. The...
[SECURITY] Fedora 28 Update: kernel-4.17.11-200.fc28
The kernel meta package...