5.3
CVSSv3

CVE-2020-28500

CVSSv4: NA | CVSSv3: 5.3 | CVSSv2: 5 | VMScore: 630 | EPSS: 0.00204 | KEV: Not Included
Published: 15/02/2021 Updated: 21/11/2024

Vulnerability Summary

Lodash versions before 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

lodash lodash

oracle banking corporate lending process management 14.2.0

oracle banking corporate lending process management 14.3.0

oracle banking corporate lending process management 14.5.0

oracle banking credit facilities process management 14.2.0

oracle banking credit facilities process management 14.3.0

oracle banking credit facilities process management 14.5.0

oracle banking extensibility workbench 14.2.0

oracle banking extensibility workbench 14.3.0

oracle banking extensibility workbench 14.5.0

oracle banking supply chain finance 14.2.0

oracle banking supply chain finance 14.3.0

oracle banking supply chain finance 14.5.0

oracle banking trade finance process management 14.2.0

oracle banking trade finance process management 14.3.0

oracle banking trade finance process management 14.5.0

oracle communications cloud native core policy 1.11.0

oracle communications design studio 7.4.2

oracle communications services gatekeeper 7.0

oracle communications session border controller 8.4

oracle communications session border controller 9.0

oracle enterprise communications broker 3.2.0

oracle enterprise communications broker 3.3.0

oracle financial services crime and compliance management studio 8.0.8.2.0

oracle financial services crime and compliance management studio 8.0.8.3.0

oracle health sciences data management workbench 2.5.2.1

oracle health sciences data management workbench 3.0.0.0

oracle jd edwards enterpriseone tools

oracle peoplesoft enterprise peopletools 8.58

oracle peoplesoft enterprise peopletools 8.59

oracle primavera gateway

oracle primavera unifier

oracle primavera unifier 18.8

oracle primavera unifier 19.12

oracle primavera unifier 20.12

oracle retail customer management and segmentation foundation 19.0

siemens sinec ins

siemens sinec ins 1.0

Vendor Advisories

Synopsis Important: Migration Toolkit for Containers (MTC) 174 security and bug fix update Type/Severity Security Advisory: Important Topic The Migration Toolkit for Containers (MTC) 174 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ba ...
Debian Bug report logs - #985086 CVE-2021-23337 CVE-2020-28500 Package: node-lodash; Maintainer for node-lodash is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Source for node-lodash is src:node-lodash (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 1 ...

ICS Advisories

Github Repositories

A sample application with known vulnerabilities - JavaScript, Express

A sample application with known vulnerabilities - JavaScript, Express A sample application with known issues for testing various linters, scanners, and scan automation This project uses: Component In Use Platform NodeJS Language(s) JavaScript (ECMAScript) Build npm Framework Express Security issues Vulnerability Type Description Location PoC Command Cros

A sample application with known vulnerabilities - JavaScript, Express A sample application with known issues for testing various linters, scanners, and scan automation This project uses: Component In Use Platform NodeJS Language(s) JavaScript (ECMAScript) Build npm Framework Express Security issues Vulnerability Type Description Location PoC Command Cros

A sample application with known vulnerabilities - JavaScript, Express A sample application with known issues for testing various linters, scanners, and scan automation This project uses: Component In Use Platform NodeJS Language(s) JavaScript (ECMAScript) Build npm Framework Express Security issues Vulnerability Type Description Location PoC Command Cros

A sample application with known vulnerabilities - JavaScript, Express A sample application with known issues for testing various linters, scanners, and scan automation This project uses: Component In Use Platform NodeJS Language(s) JavaScript (ECMAScript) Build npm Framework Express Security issues Vulnerability Type Description Location PoC Command Cros

A sample application with known vulnerabilities - JavaScript, Express A sample application with known issues for testing various linters, scanners, and scan automation This project uses: Component In Use Platform NodeJS Language(s) JavaScript (ECMAScript) Build npm Framework Express Security issues Vulnerability Type Description Location PoC Command Cros

A sample application with known vulnerabilities - JavaScript, Express A sample application with known issues for testing various linters, scanners, and scan automation This project uses: Component In Use Platform NodeJS Language(s) JavaScript (ECMAScript) Build npm Framework Express Security issues Vulnerability Type Description Location PoC Command Cros

A sample application with known vulnerabilities - JavaScript, Express A sample application with known issues for testing various linters, scanners, and scan automation This project uses: Component In Use Platform NodeJS Language(s) JavaScript (ECMAScript) Build npm Framework Express Security issues Vulnerability Type Description Location PoC Command Cros

References

NVD-CWE-Otherhttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2022:6429https://www.cisa.gov/uscert/ics/advisories/icsa-22-258-05https://github.com/the-scan-project/tsp-vulnerable-app-nodejs-expresshttps://www.first.org/epsshttps://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdfhttps://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8https://github.com/lodash/lodash/pull/5065https://security.netapp.com/advisory/ntap-20210312-0006/https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893https://snyk.io/vuln/SNYK-JS-LODASH-1018905https://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdfhttps://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8https://github.com/lodash/lodash/pull/5065https://security.netapp.com/advisory/ntap-20210312-0006/https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893https://snyk.io/vuln/SNYK-JS-LODASH-1018905https://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.html