VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Lodash
> Medium
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2021-02-15
CVE-2020-28500
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
network
low complexity
lodash
oracle
siemens
5.3
5.3
2019-07-17
CVE-2019-1010266
Allocation of Resources Without Limits or Throttling vulnerability in Lodash
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption.
network
low complexity
lodash
CWE-770
6.5
6.5
2019-02-01
CVE-2018-16487
Unspecified vulnerability in Lodash
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
network
high complexity
lodash
5.6
5.6
2018-06-07
CVE-2018-3721
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
network
low complexity
lodash
netapp
6.5
6.5