Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2018-3721

Source

Debian Bug report logs - #890575
node-lodash: CVE-2018-3721: Prototype pollution in utilities function

Package: src:node-lodash; Maintainer for src:node-lodash is Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Fri, 16 Feb 2018 06:27:02 UTC

Severity: important

Tags: patch, security, upstream

Found in version node-lodash/4.17.4+dfsg-1

Fixed in versions debian/4.17.11+dfsg-1, node-lodash/4.17.11+dfsg-1

Done: Xavier <yadd@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>:
Bug#890575; Package src:node-lodash. (Fri, 16 Feb 2018 06:27:05 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>. (Fri, 16 Feb 2018 06:27:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Source: node-lodash
Version: 4.17.4+dfsg-1
Severity: important
Tags: patch security upstream

Hi,

the following vulnerability was published for node-lodash.

CVE-2018-3721[0]:
Prototype pollution in utilities function

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-3721
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3721
[1] https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>:
Bug#890575; Package src:node-lodash. (Mon, 18 Feb 2019 14:54:03 GMT) (full text, mbox, link).

Acknowledgement sent to Xavier <yadd@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>. (Mon, 18 Feb 2019 14:54:03 GMT) (full text, mbox, link).

Message #10 received at 890575@bugs.debian.org (full text, mbox, reply):

Control: fixed -1 4.17.11+dfsg-1

CVE-2018-3721 has been fixed in lodash 4.17.5.

Cheers,
Xavier

Marked as fixed in versions node-lodash/4.17.11+dfsg-1. Request was from Xavier <yadd@debian.org> to 890575-submit@bugs.debian.org. (Mon, 18 Feb 2019 14:54:03 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>:
Bug#890575; Package src:node-lodash. (Mon, 18 Feb 2019 14:57:02 GMT) (full text, mbox, link).

Acknowledgement sent to Xavier <xavier.guimard@laposte.net>:
Extra info received and forwarded to list. Copy sent to Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>. (Mon, 18 Feb 2019 14:57:02 GMT) (full text, mbox, link).

Message #17 received at 890575@bugs.debian.org (full text, mbox, reply):

Control: fixed -1 debian/4.17.11+dfsg-1

This vulnerability (CVE-2018-3721) has been fixed in lodash 4.17.5.

Cheers,
Xavier

Marked as fixed in versions debian/4.17.11+dfsg-1. Request was from Xavier <xavier.guimard@laposte.net> to 890575-submit@bugs.debian.org. (Mon, 18 Feb 2019 14:57:03 GMT) (full text, mbox, link).

Reply sent to Xavier <yadd@debian.org>:
You have taken responsibility. (Mon, 18 Feb 2019 15:09:03 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Mon, 18 Feb 2019 15:09:03 GMT) (full text, mbox, link).

Message #24 received at 890575-done@bugs.debian.org (full text, mbox, reply):

Closing

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 28 Mar 2019 07:33:06 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:17:05 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

node-lodash: CVE-2018-3721: Prototype pollution in utilities function

Debian Bug report logs - #890575
node-lodash: CVE-2018-3721: Prototype pollution in utilities function

Vulmon Search

About

Products

Connect

node-lodash: CVE-2018-3721: Prototype pollution in utilities function

Debian Bug report logs - #890575 node-lodash: CVE-2018-3721: Prototype pollution in utilities function

Vulmon Search

About

Products

Connect

Debian Bug report logs - #890575
node-lodash: CVE-2018-3721: Prototype pollution in utilities function