Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/lodash-rails@4.17.15
Typegem
Namespace
Namelodash-rails
Version4.17.15
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.17.21
Latest_non_vulnerable_version4.17.21
Affected_by_vulnerabilities
0
url VCID-44qf-p2rd-6qay
vulnerability_id VCID-44qf-p2rd-6qay
summary 
Prototype Pollution in lodash
Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The functions `pick`, `set`, `setWith`, `update`, `updateWith`, and `zipObjectDeep` allow a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires manipulating objects based on user-provided property values or arrays.

This vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8203.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8203.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8203
reference_id
reference_type
scores
0
value 0.0322
scoring_system epss
scoring_elements 0.87064
published_at 2026-04-21T12:55:00Z
1
value 0.0322
scoring_system epss
scoring_elements 0.87068
published_at 2026-04-18T12:55:00Z
2
value 0.0357
scoring_system epss
scoring_elements 0.87669
published_at 2026-04-01T12:55:00Z
3
value 0.0357
scoring_system epss
scoring_elements 0.87723
published_at 2026-04-13T12:55:00Z
4
value 0.0357
scoring_system epss
scoring_elements 0.87725
published_at 2026-04-12T12:55:00Z
5
value 0.0357
scoring_system epss
scoring_elements 0.87732
published_at 2026-04-11T12:55:00Z
6
value 0.0357
scoring_system epss
scoring_elements 0.87721
published_at 2026-04-09T12:55:00Z
7
value 0.0357
scoring_system epss
scoring_elements 0.87714
published_at 2026-04-08T12:55:00Z
8
value 0.0357
scoring_system epss
scoring_elements 0.87694
published_at 2026-04-07T12:55:00Z
9
value 0.0357
scoring_system epss
scoring_elements 0.87691
published_at 2026-04-04T12:55:00Z
10
value 0.0357
scoring_system epss
scoring_elements 0.87679
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8203
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8203
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8203
3
reference_url https://github.com/advisories/GHSA-p6mc-m468-83gw
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p6mc-m468-83gw
4
reference_url https://github.com/github/advisory-database/pull/2884
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/2884
5
reference_url https://github.com/lodash/lodash
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash
6
reference_url https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12
7
reference_url https://github.com/lodash/lodash/issues/4744
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/issues/4744
8
reference_url https://github.com/lodash/lodash/issues/4874
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/issues/4874
9
reference_url https://github.com/lodash/lodash/wiki/Changelog#v41719
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/wiki/Changelog#v41719
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-8203.yml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-8203.yml
11
reference_url https://hackerone.com/reports/712065
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/712065
12
reference_url https://hackerone.com/reports/864701
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/864701
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8203
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8203
14
reference_url https://security.netapp.com/advisory/ntap-20200724-0006
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200724-0006
15
reference_url https://web.archive.org/web/20210914001339/https://github.com/lodash/lodash/issues/4744
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210914001339/https://github.com/lodash/lodash/issues/4744
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1857412
reference_id 1857412
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1857412
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965283
reference_id 965283
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965283
18
reference_url https://access.redhat.com/errata/RHSA-2020:3369
reference_id RHSA-2020:3369
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3369
19
reference_url https://access.redhat.com/errata/RHSA-2020:3370
reference_id RHSA-2020:3370
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3370
20
reference_url https://access.redhat.com/errata/RHSA-2020:3807
reference_id RHSA-2020:3807
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3807
21
reference_url https://access.redhat.com/errata/RHSA-2020:4298
reference_id RHSA-2020:4298
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4298
22
reference_url https://access.redhat.com/errata/RHSA-2020:5179
reference_id RHSA-2020:5179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5179
23
reference_url https://access.redhat.com/errata/RHSA-2020:5611
reference_id RHSA-2020:5611
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5611
24
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
fixed_packages
0
url pkg:gem/lodash-rails@4.17.19
purl pkg:gem/lodash-rails@4.17.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/lodash-rails@4.17.19
aliases CVE-2020-8203, GHSA-p6mc-m468-83gw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44qf-p2rd-6qay
1
url VCID-e3y9-r7uz-pkfg
vulnerability_id VCID-e3y9-r7uz-pkfg
summary 
Regular Expression Denial of Service (ReDoS) in lodash
All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the `toNumber`, `trim` and `trimEnd` functions.

Steps to reproduce (provided by reporter Liyuan Chen):
```js
var lo = require('lodash');

function build_blank(n) {
var ret = "1"
for (var i = 0; i < n; i++) {
ret += " "
}
return ret + "1";
}
var s = build_blank(50000) var time0 = Date.now();
lo.trim(s)
var time_cost0 = Date.now() - time0;
console.log("time_cost0: " + time_cost0);
var time1 = Date.now();
lo.toNumber(s) var time_cost1 = Date.now() - time1;
console.log("time_cost1: " + time_cost1);
var time2 = Date.now();
lo.trimEnd(s);
var time_cost2 = Date.now() - time2;
console.log("time_cost2: " + time_cost2);
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28500.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28500.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28500
reference_id
reference_type
scores
0
value 0.00245
scoring_system epss
scoring_elements 0.47815
published_at 2026-04-18T12:55:00Z
1
value 0.00245
scoring_system epss
scoring_elements 0.47823
published_at 2026-04-16T12:55:00Z
2
value 0.00245
scoring_system epss
scoring_elements 0.47768
published_at 2026-04-21T12:55:00Z
3
value 0.00245
scoring_system epss
scoring_elements 0.47758
published_at 2026-04-12T12:55:00Z
4
value 0.00245
scoring_system epss
scoring_elements 0.47782
published_at 2026-04-11T12:55:00Z
5
value 0.00245
scoring_system epss
scoring_elements 0.47761
published_at 2026-04-08T12:55:00Z
6
value 0.00245
scoring_system epss
scoring_elements 0.47706
published_at 2026-04-07T12:55:00Z
7
value 0.00245
scoring_system epss
scoring_elements 0.47757
published_at 2026-04-09T12:55:00Z
8
value 0.00245
scoring_system epss
scoring_elements 0.47737
published_at 2026-04-02T12:55:00Z
9
value 0.00245
scoring_system epss
scoring_elements 0.47699
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28500
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500
4
reference_url https://github.com/github/advisory-database/pull/6139
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/6139
5
reference_url https://github.com/lodash/lodash
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash
6
reference_url https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8
7
reference_url https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a
8
reference_url https://github.com/lodash/lodash/pull/5065
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/pull/5065
9
reference_url https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7
10
reference_url https://security.netapp.com/advisory/ntap-20210312-0006
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210312-0006
11
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896
12
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894
13
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892
14
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895
15
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893
16
reference_url https://snyk.io/vuln/SNYK-JS-LODASH-1018905
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-LODASH-1018905
17
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
18
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
19
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
20
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1928954
reference_id 1928954
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1928954
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985086
reference_id 985086
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985086
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28500
reference_id CVE-2020-28500
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28500
24
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-28500.yml
reference_id CVE-2020-28500.YML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-28500.yml
25
reference_url https://github.com/advisories/GHSA-29mw-wpgm-hmr9
reference_id GHSA-29mw-wpgm-hmr9
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-29mw-wpgm-hmr9
26
reference_url https://access.redhat.com/errata/RHSA-2021:2179
reference_id RHSA-2021:2179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2179
27
reference_url https://access.redhat.com/errata/RHSA-2021:2438
reference_id RHSA-2021:2438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2438
28
reference_url https://access.redhat.com/errata/RHSA-2021:2543
reference_id RHSA-2021:2543
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2543
29
reference_url https://access.redhat.com/errata/RHSA-2021:3459
reference_id RHSA-2021:3459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3459
30
reference_url https://access.redhat.com/errata/RHSA-2022:6429
reference_id RHSA-2022:6429
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6429
fixed_packages
0
url pkg:gem/lodash-rails@4.17.21
purl pkg:gem/lodash-rails@4.17.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/lodash-rails@4.17.21
aliases CVE-2020-28500, GHSA-29mw-wpgm-hmr9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3y9-r7uz-pkfg
2
url VCID-fhw1-4c1k-sfh3
vulnerability_id VCID-fhw1-4c1k-sfh3
summary 
Command Injection in lodash
`lodash` versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23337.json
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23337.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-23337
reference_id
reference_type
scores
0
value 0.00463
scoring_system epss
scoring_elements 0.64288
published_at 2026-04-04T12:55:00Z
1
value 0.00463
scoring_system epss
scoring_elements 0.64248
published_at 2026-04-07T12:55:00Z
2
value 0.00463
scoring_system epss
scoring_elements 0.64203
published_at 2026-04-01T12:55:00Z
3
value 0.00463
scoring_system epss
scoring_elements 0.6426
published_at 2026-04-02T12:55:00Z
4
value 0.04314
scoring_system epss
scoring_elements 0.88899
published_at 2026-04-13T12:55:00Z
5
value 0.04314
scoring_system epss
scoring_elements 0.88893
published_at 2026-04-09T12:55:00Z
6
value 0.04314
scoring_system epss
scoring_elements 0.88905
published_at 2026-04-11T12:55:00Z
7
value 0.04314
scoring_system epss
scoring_elements 0.88908
published_at 2026-04-21T12:55:00Z
8
value 0.04314
scoring_system epss
scoring_elements 0.88911
published_at 2026-04-18T12:55:00Z
9
value 0.04314
scoring_system epss
scoring_elements 0.88913
published_at 2026-04-16T12:55:00Z
10
value 0.04314
scoring_system epss
scoring_elements 0.88888
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-23337
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23337
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23337
4
reference_url https://github.com/advisories/GHSA-35jh-r3h4-6jhm
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-35jh-r3h4-6jhm
5
reference_url https://github.com/lodash/lodash
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash
6
reference_url https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851
7
reference_url https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2021-23337.yml
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2021-23337.yml
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23337
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-23337
10
reference_url https://security.netapp.com/advisory/ntap-20210312-0006
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210312-0006
11
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932
12
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930
13
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928
14
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931
15
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929
16
reference_url https://snyk.io/vuln/SNYK-JS-LODASH-1040724
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-LODASH-1040724
17
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
18
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
19
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
20
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1928937
reference_id 1928937
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1928937
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985086
reference_id 985086
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985086
23
reference_url https://access.redhat.com/errata/RHSA-2021:2179
reference_id RHSA-2021:2179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2179
24
reference_url https://access.redhat.com/errata/RHSA-2021:2438
reference_id RHSA-2021:2438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2438
25
reference_url https://access.redhat.com/errata/RHSA-2021:2543
reference_id RHSA-2021:2543
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2543
26
reference_url https://access.redhat.com/errata/RHSA-2021:3459
reference_id RHSA-2021:3459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3459
27
reference_url https://access.redhat.com/errata/RHSA-2022:6429
reference_id RHSA-2022:6429
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6429
28
reference_url https://access.redhat.com/errata/RHSA-2026:7329
reference_id RHSA-2026:7329
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7329
fixed_packages
0
url pkg:gem/lodash-rails@4.17.21
purl pkg:gem/lodash-rails@4.17.21
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/lodash-rails@4.17.21
aliases CVE-2021-23337, GHSA-35jh-r3h4-6jhm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fhw1-4c1k-sfh3
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/lodash-rails@4.17.15