Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
7.4
CVSSv3

CVE-2020-8203

CVSSv4: NA | CVSSv3: 7.4 | CVSSv2: 5.8 | VMScore: 840 | EPSS: 0.01012 | KEV: Not Included
Published: 15/07/2020 Updated: 21/11/2024

Vulnerability Summary

Prototype pollution attack when using _.zipObjectDeep in lodash prior to 4.17.20.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

lodash lodash

oracle banking corporate lending process management 14.2.0

oracle banking corporate lending process management 14.3.0

oracle banking corporate lending process management 14.5.0

oracle banking credit facilities process management 14.2.0

oracle banking credit facilities process management 14.3.0

oracle banking credit facilities process management 14.5.0

oracle banking extensibility workbench 14.2.0

oracle banking extensibility workbench 14.3.0

oracle banking extensibility workbench 14.5.0

oracle banking liquidity management 14.2.0

oracle banking liquidity management 14.3.0

oracle banking liquidity management 14.5.0

oracle banking supply chain finance 14.2.0

oracle banking supply chain finance 14.3.0

oracle banking supply chain finance 14.5.0

oracle banking trade finance process management 14.2.0

oracle banking trade finance process management 14.3.0

oracle banking trade finance process management 14.5.0

oracle banking virtual account management 14.2.0

oracle banking virtual account management 14.3.0

oracle banking virtual account management 14.5.0

oracle blockchain platform

oracle communications billing and revenue management 7.5.0.23.0

oracle communications billing and revenue management 12.0.0.3.0

oracle communications cloud native core policy 1.11.0

oracle communications session border controller 8.4

oracle communications session border controller 9.0

oracle communications session border controller cz8.4

oracle communications session router cz8.4

oracle communications subscriber-aware load balancer cz8.3

oracle communications subscriber-aware load balancer cz8.4

oracle enterprise communications broker 3.2.0

oracle enterprise communications broker 3.3.0

oracle enterprise communications broker pcz3.3

oracle jd edwards enterpriseone tools

oracle peoplesoft enterprise peopletools 8.58

oracle peoplesoft enterprise peopletools 8.59

oracle primavera gateway

Vendor Advisories

Debian CVElist Bug Report Logs: node-lodash: CVE-2020-8203
Debian Bug report logs - #965283 node-lodash: CVE-2020-8203 Package: src:node-lodash; Maintainer for src:node-lodash is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 18 Jul 2020 20:09:02 UTC Severity: grave Tags: security ...
Red Hat: Low: Red Hat Virtualization security, bug fix, and enhancement update
Synopsis Low: Red Hat Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic An update is now available for Red Hat Virtualization Engine 44Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System ...
Red Hat: Important: Red Hat Virtualization security, bug fix, and enhancement update
Synopsis Important: Red Hat Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for cockpit-ovirt, redhat-release-virtualization-host, redhat-virtualization-host, and v2v-conversion-host is now available for Red Hat Virtualization 4 for Red Hat ...
Red Hat: Moderate: Red Hat Virtualization security, bug fix, and enhancement update
Synopsis Moderate: Red Hat Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Virtualization Engine 44Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...
Red Hat: Moderate: Red Hat OpenShift Service Mesh security update
Synopsis Moderate: Red Hat OpenShift Service Mesh security update Type/Severity Security Advisory: Moderate Topic An update is now available for OpenShift Service Mesh 11Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update
Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...

Github Repositories

https://github.com/rtfeldman/node-elm-compiler

A Node.js interface to the Elm compiler binaries.

node-elm-compiler Wraps Elm and exposes a Node API to compile Elm 019 sources Example $ npm install $ cd examples $ node compileHelloWorldjs Releases 505 Upgrade find-elm-dependencies and lodash dependencies to fix CVE-2020-8203 vulnerability 502 Upgrade lodash dependency to fix security audit warning (#93) 501 Add helpful er

https://github.com/IgorNMS/Invisible-Ink

Resolução Resolução desse CTF e bem simples, ele nos mostra como se aproveitar de uma falha chamada Prototype Pollution wwwcveorg/CVERecord?id=CVE-2020-8203 Pra resolver basta fazer uma requisição post com o objeto proto Ex: curl --location 'invisible-inkcctf-snykio/echo' --header 'Content-Type: appl

https://github.com/batteryshark/OSSam

An Agent Team built on smolagents to perform Third-Party Package Analysis

OSSam - Open Source Software Assessment and Management Tool OSSam is a comprehensive toolkit for analyzing open-source software packages for both general information and security concerns It helps developers, security researchers, and organizations make informed decisions about the open-source packages they want to incorporate into their projects Features OSSam provides

References

CWE-770CWE-1321https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965283https://nvd.nist.govhttps://github.com/rtfeldman/node-elm-compilerhttps://www.first.org/epsshttps://github.com/lodash/lodash/issues/4874https://hackerone.com/reports/712065https://security.netapp.com/advisory/ntap-20200724-0006/https://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://github.com/lodash/lodash/issues/4874https://hackerone.com/reports/712065https://security.netapp.com/advisory/ntap-20200724-0006/https://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.html
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-2308typo3CVE-2025-29387CVE-2024-12019cache poisoningCVE-2025-24472fortinacunspecifiedspringboot-openai-chatgptbypassCVE-2024-55591CVE-2025-1624tianocore
Home
/
Search Results
/
CVE-2020-8203
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook