Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lodash lodash vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-1010266
lodash before 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed...
Lodash Lodash
1 Github repository
5.6
CVSSv3
CVE-2018-16487
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
Lodash Lodash
6 Github repositories
6.5
CVSSv3
CVE-2018-3721
lodash node module prior to 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modif...
Lodash Lodash
Netapp Active Iq Unified Manager -
Netapp System Manager 9.0
3 Github repositories
9.1
CVSSv3
CVE-2019-10744
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Lodash Lodash
Netapp Service Level Manager -
Netapp Active Iq Unified Manager -
Redhat Virtualization Manager 4.3
Oracle Banking Extensibility Workbench 14.4.0
Oracle Banking Extensibility Workbench 14.3.0
F5 Big-iq Centralized Management
F5 Iworkflow 2.3.0
F5 Big-iq Centralized Management 7.0.0
F5 Big-ip Analytics
F5 Big-ip Local Traffic Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Edge Gateway
F5 Big-ip Webaccelerator
6 Github repositories
7.4
CVSSv3
CVE-2020-8203
Prototype pollution attack when using _.zipObjectDeep in lodash prior to 4.17.20.
Lodash Lodash
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Communications Billing And Revenue Management 12.0.0.3.0
Oracle Communications Billing And Revenue Management 7.5.0.23.0
Oracle Enterprise Communications Broker 3.2.0
Oracle Banking Extensibility Workbench 14.3.0
Oracle Banking Virtual Account Management 14.3.0
Oracle Banking Trade Finance Process Management 14.3.0
Oracle Banking Credit Facilities Process Management 14.3.0
Oracle Banking Corporate Lending Process Management 14.3.0
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Primavera Gateway
Oracle Enterprise Communications Broker Pcz3.3
Oracle Communications Subscriber-aware Load Balancer Cz8.3
Oracle Communications Subscriber-aware Load Balancer Cz8.4
Oracle Communications Session Router Cz8.4
Oracle Communications Session Border Controller Cz8.4
Oracle Communications Session Border Controller 8.4
Oracle Communications Session Border Controller 9.0
Oracle Banking Virtual Account Management 14.2.0
Oracle Banking Virtual Account Management 14.5.0
Oracle Banking Supply Chain Finance 14.2.0
2 Github repositories
5.3
CVSSv3
CVE-2020-28500
Lodash versions before 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Lodash Lodash
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Primavera Unifier 19.12
Oracle Retail Customer Management And Segmentation Foundation 19.0
Oracle Communications Services Gatekeeper 7.0
Oracle Enterprise Communications Broker 3.2.0
Oracle Primavera Unifier 20.12
Oracle Banking Extensibility Workbench 14.3.0
Oracle Banking Trade Finance Process Management 14.3.0
Oracle Banking Credit Facilities Process Management 14.3.0
Oracle Banking Corporate Lending Process Management 14.3.0
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Primavera Gateway
Oracle Communications Session Border Controller 8.4
Oracle Communications Session Border Controller 9.0
Oracle Banking Supply Chain Finance 14.2.0
Oracle Banking Trade Finance Process Management 14.5.0
Oracle Banking Credit Facilities Process Management 14.2.0
Oracle Banking Credit Facilities Process Management 14.5.0
Oracle Banking Corporate Lending Process Management 14.2.0
1 Github repository
7.2
CVSSv3
CVE-2021-23337
Lodash versions before 4.17.21 are vulnerable to Command Injection via the template function.
Lodash Lodash
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Primavera Unifier 19.12
Oracle Retail Customer Management And Segmentation Foundation 19.0
Oracle Communications Services Gatekeeper 7.0
Oracle Enterprise Communications Broker 3.2.0
Oracle Primavera Unifier 20.12
Oracle Banking Extensibility Workbench 14.3.0
Oracle Banking Trade Finance Process Management 14.3.0
Oracle Banking Credit Facilities Process Management 14.3.0
Oracle Banking Corporate Lending Process Management 14.3.0
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Primavera Gateway
Oracle Communications Session Border Controller 8.4
Oracle Communications Session Border Controller 9.0
Oracle Banking Supply Chain Finance 14.2.0
Oracle Banking Trade Finance Process Management 14.5.0
Oracle Banking Credit Facilities Process Management 14.2.0
Oracle Banking Credit Facilities Process Management 14.5.0
Oracle Banking Corporate Lending Process Management 14.2.0
8 Github repositories
5.4
CVSSv3
CVE-2020-10790
openITCOCKPIT prior to 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS.
It-novum Openitcockpit
8.8
CVSSv3
CVE-2019-19771
The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurrency wallets.
Lodahs Project Lodahs 1.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started