Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lodash lodash vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-1010266
lodash before 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed...
Lodash Lodash
1 Github repository
5.6
CVSSv3
CVE-2018-16487
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
Lodash Lodash
4 Github repositories
6.5
CVSSv3
CVE-2018-3721
lodash node module prior to 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modif...
Lodash Lodash
Netapp Active Iq Unified Manager -
Netapp System Manager 9.0
2 Github repositories
9.1
CVSSv3
CVE-2019-10744
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Lodash Lodash
Netapp Active Iq Unified Manager -
Netapp Service Level Manager -
Redhat Virtualization Manager 4.3
Oracle Banking Extensibility Workbench 14.3.0
Oracle Banking Extensibility Workbench 14.4.0
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Analytics
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Application Visibility And Reporting
4 Github repositories
5.3
CVSSv3
CVE-2020-28500
Lodash versions before 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Lodash Lodash
Oracle Banking Corporate Lending Process Management 14.2.0
Oracle Banking Corporate Lending Process Management 14.3.0
Oracle Banking Corporate Lending Process Management 14.5.0
Oracle Banking Credit Facilities Process Management 14.2.0
Oracle Banking Credit Facilities Process Management 14.3.0
Oracle Banking Credit Facilities Process Management 14.5.0
Oracle Banking Extensibility Workbench 14.2.0
Oracle Banking Extensibility Workbench 14.3.0
Oracle Banking Extensibility Workbench 14.5.0
Oracle Banking Supply Chain Finance 14.2.0
Oracle Banking Supply Chain Finance 14.3.0
1 Github repository
7.4
CVSSv3
CVE-2020-8203
Prototype pollution attack when using _.zipObjectDeep in lodash prior to 4.17.20.
Lodash Lodash
Oracle Banking Corporate Lending Process Management 14.2.0
Oracle Banking Corporate Lending Process Management 14.3.0
Oracle Banking Corporate Lending Process Management 14.5.0
Oracle Banking Credit Facilities Process Management 14.2.0
Oracle Banking Credit Facilities Process Management 14.3.0
Oracle Banking Credit Facilities Process Management 14.5.0
Oracle Banking Extensibility Workbench 14.2.0
Oracle Banking Extensibility Workbench 14.3.0
Oracle Banking Extensibility Workbench 14.5.0
Oracle Banking Liquidity Management 14.2.0
Oracle Banking Liquidity Management 14.3.0
1 Github repository
7.2
CVSSv3
CVE-2021-23337
Lodash versions before 4.17.21 are vulnerable to Command Injection via the template function.
Lodash Lodash
Oracle Banking Corporate Lending Process Management 14.2.0
Oracle Banking Corporate Lending Process Management 14.3.0
Oracle Banking Corporate Lending Process Management 14.5.0
Oracle Banking Credit Facilities Process Management 14.2.0
Oracle Banking Credit Facilities Process Management 14.3.0
Oracle Banking Credit Facilities Process Management 14.5.0
Oracle Banking Extensibility Workbench 14.2.0
Oracle Banking Extensibility Workbench 14.3.0
Oracle Banking Extensibility Workbench 14.5.0
Oracle Banking Supply Chain Finance 14.2.0
Oracle Banking Supply Chain Finance 14.3.0
6 Github repositories
5.4
CVSSv3
CVE-2020-10790
openITCOCKPIT prior to 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS.
It-novum Openitcockpit
9.8
CVSSv3
CVE-2024-38986
Prototype Pollution in 75lb deep-merge 1.1.1 allows malicious users to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via merge methods of lodash to merge objects.
75lb Deep-merge 1.1.1
8.8
CVSSv3
CVE-2019-19771
The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurrency wallets.
Lodahs Project Lodahs 1.0.0
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
dos
cente tcp/ipv4
CVE-2025-26568
hard-coded
CVE-2025-25898
heart health ios mobile application
myscada
CVE-2025-24016
arbitrary
CVE-2023-34402
CVE-2024-37602
130.8005
CVE-2025-24200
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
Vulmon