Vulnerabilities > Oracle > Communications Cloud Native Core Policy > 1.11.0

DATE CVE VULNERABILITY TITLE RISK
2021-02-15 CVE-2021-23337 Code Injection vulnerability in multiple products
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
network
low complexity
lodash oracle netapp siemens CWE-94
7.2
7.2
2021-02-15 CVE-2020-28500 Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
network
low complexity
lodash oracle siemens
5.3
5.3
2020-07-15 CVE-2020-8203 Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
network
high complexity
lodash oracle
7.4
7.4