Vulnerabilities > Lodash

DATE CVE VULNERABILITY TITLE RISK
2021-02-15 CVE-2021-23337 Code Injection vulnerability in multiple products
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
network
low complexity
lodash oracle netapp siemens CWE-94
6.5
6.5
2021-02-15 CVE-2020-28500 Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
network
low complexity
lodash oracle siemens
5.0
5.0
2020-07-15 CVE-2020-8203 Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
network
high complexity
lodash oracle
7.4
7.4
2019-07-26 CVE-2019-10744 Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution.
network
low complexity
lodash netapp redhat oracle f5
critical
 9.1
9.1
2019-07-17 CVE-2019-1010266 Resource Exhaustion vulnerability in Lodash
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption.
network
low complexity
lodash CWE-400
4.0
4.0
2019-02-01 CVE-2018-16487 Resource Exhaustion vulnerability in Lodash
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
network
low complexity
lodash CWE-400
6.8
6.8
2018-06-07 CVE-2018-3721 lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
network
low complexity
lodash netapp
6.5
6.5