Published: 15/07/2020 Updated: 21/01/2024

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2

VMScore: 517

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Prototype pollution attack when using _.zipObjectDeep in lodash prior to 4.17.20.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lodash lodash
oracle peoplesoft enterprise peopletools 8.58
oracle communications billing and revenue management 12.0.0.3.0
oracle communications billing and revenue management 7.5.0.23.0
oracle enterprise communications broker 3.2.0
oracle banking extensibility workbench 14.3.0
oracle banking virtual account management 14.3.0
oracle banking trade finance process management 14.3.0
oracle banking credit facilities process management 14.3.0
oracle banking corporate lending process management 14.3.0
oracle peoplesoft enterprise peopletools 8.59
oracle primavera gateway
oracle enterprise communications broker pcz3.3
oracle communications subscriber-aware load balancer cz8.3
oracle communications subscriber-aware load balancer cz8.4
oracle communications session router cz8.4
oracle communications session border controller cz8.4
oracle communications session border controller 8.4
oracle communications session border controller 9.0
oracle banking virtual account management 14.2.0
oracle banking virtual account management 14.5.0
oracle banking supply chain finance 14.2.0
oracle banking trade finance process management 14.5.0
oracle banking credit facilities process management 14.2.0
oracle banking credit facilities process management 14.5.0
oracle banking corporate lending process management 14.2.0
oracle banking corporate lending process management 14.5.0
oracle banking supply chain finance 14.5.0
oracle banking supply chain finance 14.3.0
oracle banking trade finance process management 14.2.0
oracle banking extensibility workbench 14.2.0
oracle banking extensibility workbench 14.5.0
oracle enterprise communications broker 3.3.0
oracle communications cloud native core policy 1.11.0
oracle banking liquidity management 14.2.0
oracle banking liquidity management 14.5.0
oracle banking liquidity management 14.3.0
oracle jd edwards enterpriseone tools
oracle blockchain platform

Debian Bug report logs - #965283 node-lodash: CVE-2020-8203 Package: src:node-lodash; Maintainer for src:node-lodash is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 18 Jul 2020 20:09:02 UTC Severity: grave Tags: security ...

Synopsis Important: Red Hat Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for cockpit-ovirt, redhat-release-virtualization-host, redhat-virtualization-host, and v2v-conversion-host is now available for Red Hat Virtualization 4 for Red Hat ...

Synopsis Low: Red Hat Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic An update is now available for Red Hat Virtualization Engine 44Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System ...

Synopsis Moderate: Red Hat OpenShift Service Mesh security update Type/Severity Security Advisory: Moderate Topic An update is now available for OpenShift Service Mesh 11Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) bas ...

Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...

Synopsis Moderate: Red Hat Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Virtualization Engine 44Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...

A Node.js interface to the Elm compiler binaries.

node-elm-compiler Wraps Elm and exposes a Node API to compile Elm 019 sources Example $ npm install $ cd examples $ node compileHelloWorldjs Releases 505 Upgrade find-elm-dependencies and lodash dependencies to fix CVE-2020-8203 vulnerability 502 Upgrade lodash dependency to fix security audit warning (#93) 501 Add helpful er

Resolução Resolução desse CTF e bem simples, ele nos mostra como se aproveitar de uma falha chamada Prototype Pollution wwwcveorg/CVERecord?id=CVE-2020-8203 Pra resolver basta fazer uma requisição post com o objeto proto Ex: curl --location 'invisible-inkcctf-snykio/echo' --header 'Content-Type: appl

CWE-1321 https://hackerone.com/reports/712065 https://security.netapp.com/advisory/ntap-20200724-0006/https://github.com/lodash/lodash/issues/4874 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuoct2021.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpuapr2022.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965283 https://nvd.nist.gov https://github.com/rtfeldman/node-elm-compiler

CVE-2020-8203

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect