Published: 15/02/2021 Updated: 13/09/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Lodash versions before 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lodash lodash
oracle primavera unifier 18.8
oracle primavera unifier
oracle peoplesoft enterprise peopletools 8.58
oracle primavera unifier 19.12
oracle retail customer management and segmentation foundation 19.0
oracle communications services gatekeeper 7.0
oracle enterprise communications broker 3.2.0
oracle primavera unifier 20.12
oracle banking extensibility workbench 14.3.0
oracle banking trade finance process management 14.3.0
oracle banking credit facilities process management 14.3.0
oracle banking corporate lending process management 14.3.0
oracle peoplesoft enterprise peopletools 8.59
oracle primavera gateway
oracle communications session border controller 8.4
oracle communications session border controller 9.0
oracle banking supply chain finance 14.2.0
oracle banking trade finance process management 14.5.0
oracle banking credit facilities process management 14.2.0
oracle banking credit facilities process management 14.5.0
oracle banking corporate lending process management 14.2.0
oracle banking corporate lending process management 14.5.0
oracle banking supply chain finance 14.5.0
oracle banking supply chain finance 14.3.0
oracle banking trade finance process management 14.2.0
oracle communications design studio 7.4.2
oracle banking extensibility workbench 14.2.0
oracle banking extensibility workbench 14.5.0
oracle enterprise communications broker 3.3.0
oracle communications cloud native core policy 1.11.0
oracle jd edwards enterpriseone tools
oracle health sciences data management workbench 2.5.2.1
oracle health sciences data management workbench 3.0.0.0
oracle financial services crime and compliance management studio 8.0.8.3.0
oracle financial services crime and compliance management studio 8.0.8.2.0
siemens sinec ins 1.0
siemens sinec ins

Synopsis Important: Migration Toolkit for Containers (MTC) 174 security and bug fix update Type/Severity Security Advisory: Important Topic The Migration Toolkit for Containers (MTC) 174 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ba ...

Debian Bug report logs - #985086 CVE-2021-23337 CVE-2020-28500 Package: node-lodash; Maintainer for node-lodash is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Source for node-lodash is src:node-lodash (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 1 ...

A sample application with known vulnerabilities - JavaScript, Express

A sample application with known vulnerabilities - JavaScript, Express A sample application with known issues for testing various linters, scanners, and scan automation This project uses: Component In Use Platform NodeJS Language(s) JavaScript (ECMAScript) Build npm Framework Express Security issues Vulnerability Type Description Location PoC Command Cros

NVD-CWE-Other https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8 https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892 https://snyk.io/vuln/SNYK-JS-LODASH-1018905 https://github.com/lodash/lodash/pull/5065 https://security.netapp.com/advisory/ntap-20210312-0006/https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuoct2021.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf https://access.redhat.com/errata/RHSA-2022:6429 https://nvd.nist.gov https://github.com/the-scan-project/tsp-vulnerable-app-nodejs-express https://www.cisa.gov/uscert/ics/advisories/icsa-22-258-05

CVE-2020-28500

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect