Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/lodash-es@3.10.0
Typenpm
Namespace
Namelodash-es
Version3.10.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.18.0
Latest_non_vulnerable_version4.18.0
Affected_by_vulnerabilities
0
url VCID-44qf-p2rd-6qay
vulnerability_id VCID-44qf-p2rd-6qay
summary 
Prototype Pollution in lodash
Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The functions `pick`, `set`, `setWith`, `update`, `updateWith`, and `zipObjectDeep` allow a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires manipulating objects based on user-provided property values or arrays.

This vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8203.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8203.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8203
reference_id
reference_type
scores
0
value 0.0322
scoring_system epss
scoring_elements 0.87064
published_at 2026-04-21T12:55:00Z
1
value 0.0322
scoring_system epss
scoring_elements 0.87068
published_at 2026-04-18T12:55:00Z
2
value 0.0357
scoring_system epss
scoring_elements 0.87669
published_at 2026-04-01T12:55:00Z
3
value 0.0357
scoring_system epss
scoring_elements 0.87723
published_at 2026-04-13T12:55:00Z
4
value 0.0357
scoring_system epss
scoring_elements 0.87725
published_at 2026-04-12T12:55:00Z
5
value 0.0357
scoring_system epss
scoring_elements 0.87732
published_at 2026-04-11T12:55:00Z
6
value 0.0357
scoring_system epss
scoring_elements 0.87721
published_at 2026-04-09T12:55:00Z
7
value 0.0357
scoring_system epss
scoring_elements 0.87714
published_at 2026-04-08T12:55:00Z
8
value 0.0357
scoring_system epss
scoring_elements 0.87694
published_at 2026-04-07T12:55:00Z
9
value 0.0357
scoring_system epss
scoring_elements 0.87691
published_at 2026-04-04T12:55:00Z
10
value 0.0357
scoring_system epss
scoring_elements 0.87679
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8203
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8203
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8203
3
reference_url https://github.com/advisories/GHSA-p6mc-m468-83gw
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p6mc-m468-83gw
4
reference_url https://github.com/github/advisory-database/pull/2884
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/2884
5
reference_url https://github.com/lodash/lodash
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash
6
reference_url https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12
7
reference_url https://github.com/lodash/lodash/issues/4744
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/issues/4744
8
reference_url https://github.com/lodash/lodash/issues/4874
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/issues/4874
9
reference_url https://github.com/lodash/lodash/wiki/Changelog#v41719
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/wiki/Changelog#v41719
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-8203.yml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-8203.yml
11
reference_url https://hackerone.com/reports/712065
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/712065
12
reference_url https://hackerone.com/reports/864701
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/864701
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8203
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8203
14
reference_url https://security.netapp.com/advisory/ntap-20200724-0006
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200724-0006
15
reference_url https://web.archive.org/web/20210914001339/https://github.com/lodash/lodash/issues/4744
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210914001339/https://github.com/lodash/lodash/issues/4744
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1857412
reference_id 1857412
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1857412
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965283
reference_id 965283
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965283
18
reference_url https://access.redhat.com/errata/RHSA-2020:3369
reference_id RHSA-2020:3369
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3369
19
reference_url https://access.redhat.com/errata/RHSA-2020:3370
reference_id RHSA-2020:3370
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3370
20
reference_url https://access.redhat.com/errata/RHSA-2020:3807
reference_id RHSA-2020:3807
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3807
21
reference_url https://access.redhat.com/errata/RHSA-2020:4298
reference_id RHSA-2020:4298
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4298
22
reference_url https://access.redhat.com/errata/RHSA-2020:5179
reference_id RHSA-2020:5179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5179
23
reference_url https://access.redhat.com/errata/RHSA-2020:5611
reference_id RHSA-2020:5611
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5611
24
reference_url https://access.redhat.com/errata/RHSA-2021:3917
reference_id RHSA-2021:3917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3917
fixed_packages
0
url pkg:npm/lodash-es@4.17.20
purl pkg:npm/lodash-es@4.17.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-e3y9-r7uz-pkfg
1
vulnerability VCID-fhw1-4c1k-sfh3
2
vulnerability VCID-jsc5-qvjm-6kek
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/lodash-es@4.17.20
aliases CVE-2020-8203, GHSA-p6mc-m468-83gw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44qf-p2rd-6qay
1
url VCID-dzeb-zu9x-g3bq
vulnerability_id VCID-dzeb-zu9x-g3bq
summary 
Prototype Pollution in lodash
Versions of `lodash` before 4.17.12 are vulnerable to Prototype Pollution.  The function `defaultsDeep` allows a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:3024
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3024
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10744.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10744.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10744
reference_id
reference_type
scores
0
value 0.03254
scoring_system epss
scoring_elements 0.87132
published_at 2026-04-12T12:55:00Z
1
value 0.03254
scoring_system epss
scoring_elements 0.87145
published_at 2026-04-21T12:55:00Z
2
value 0.03254
scoring_system epss
scoring_elements 0.87148
published_at 2026-04-18T12:55:00Z
3
value 0.03254
scoring_system epss
scoring_elements 0.87143
published_at 2026-04-16T12:55:00Z
4
value 0.03254
scoring_system epss
scoring_elements 0.87127
published_at 2026-04-13T12:55:00Z
5
value 0.03254
scoring_system epss
scoring_elements 0.87075
published_at 2026-04-01T12:55:00Z
6
value 0.03254
scoring_system epss
scoring_elements 0.87086
published_at 2026-04-02T12:55:00Z
7
value 0.03254
scoring_system epss
scoring_elements 0.87103
published_at 2026-04-04T12:55:00Z
8
value 0.03254
scoring_system epss
scoring_elements 0.87097
published_at 2026-04-07T12:55:00Z
9
value 0.03254
scoring_system epss
scoring_elements 0.87117
published_at 2026-04-08T12:55:00Z
10
value 0.03254
scoring_system epss
scoring_elements 0.87124
published_at 2026-04-09T12:55:00Z
11
value 0.03254
scoring_system epss
scoring_elements 0.87137
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10744
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10744
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10744
4
reference_url https://github.com/lodash/lodash/pull/4336
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/pull/4336
5
reference_url https://security.netapp.com/advisory/ntap-20191004-0005
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20191004-0005
6
reference_url https://security.netapp.com/advisory/ntap-20191004-0005/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20191004-0005/
7
reference_url https://snyk.io/vuln/SNYK-JS-LODASH-450202
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-LODASH-450202
8
reference_url https://support.f5.com/csp/article/K47105354?utm_source=f5support&amp%3Butm_medium=RSS
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://support.f5.com/csp/article/K47105354?utm_source=f5support&amp%3Butm_medium=RSS
9
reference_url https://support.f5.com/csp/article/K47105354?utm_source=f5support&utm_medium=RSS
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://support.f5.com/csp/article/K47105354?utm_source=f5support&utm_medium=RSS
10
reference_url https://www.npmjs.com/advisories/1065
reference_id
reference_type
scores
url https://www.npmjs.com/advisories/1065
11
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
12
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1739497
reference_id 1739497
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1739497
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933079
reference_id 933079
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933079
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10744
reference_id CVE-2019-10744
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10744
16
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2019-10744.yml
reference_id CVE-2019-10744.YML
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2019-10744.yml
17
reference_url https://github.com/advisories/GHSA-jf85-cpcp-j695
reference_id GHSA-jf85-cpcp-j695
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jf85-cpcp-j695
18
reference_url https://access.redhat.com/errata/RHSA-2020:2362
reference_id RHSA-2020:2362
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2362
19
reference_url https://access.redhat.com/errata/RHSA-2020:2819
reference_id RHSA-2020:2819
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2819
20
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
21
reference_url https://access.redhat.com/errata/RHSA-2022:5101
reference_id RHSA-2022:5101
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5101
fixed_packages
0
url pkg:npm/lodash-es@4.17.14
purl pkg:npm/lodash-es@4.17.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-44qf-p2rd-6qay
1
vulnerability VCID-e3y9-r7uz-pkfg
2
vulnerability VCID-fhw1-4c1k-sfh3
3
vulnerability VCID-jsc5-qvjm-6kek
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/lodash-es@4.17.14
aliases CVE-2019-10744, GHSA-jf85-cpcp-j695
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dzeb-zu9x-g3bq
2
url VCID-fhw1-4c1k-sfh3
vulnerability_id VCID-fhw1-4c1k-sfh3
summary 
Command Injection in lodash
`lodash` versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23337.json
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23337.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-23337
reference_id
reference_type
scores
0
value 0.00463
scoring_system epss
scoring_elements 0.64288
published_at 2026-04-04T12:55:00Z
1
value 0.00463
scoring_system epss
scoring_elements 0.64248
published_at 2026-04-07T12:55:00Z
2
value 0.00463
scoring_system epss
scoring_elements 0.64203
published_at 2026-04-01T12:55:00Z
3
value 0.00463
scoring_system epss
scoring_elements 0.6426
published_at 2026-04-02T12:55:00Z
4
value 0.04314
scoring_system epss
scoring_elements 0.88899
published_at 2026-04-13T12:55:00Z
5
value 0.04314
scoring_system epss
scoring_elements 0.88893
published_at 2026-04-09T12:55:00Z
6
value 0.04314
scoring_system epss
scoring_elements 0.88905
published_at 2026-04-11T12:55:00Z
7
value 0.04314
scoring_system epss
scoring_elements 0.88908
published_at 2026-04-21T12:55:00Z
8
value 0.04314
scoring_system epss
scoring_elements 0.88911
published_at 2026-04-18T12:55:00Z
9
value 0.04314
scoring_system epss
scoring_elements 0.88913
published_at 2026-04-16T12:55:00Z
10
value 0.04314
scoring_system epss
scoring_elements 0.88888
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-23337
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23337
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23337
4
reference_url https://github.com/advisories/GHSA-35jh-r3h4-6jhm
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-35jh-r3h4-6jhm
5
reference_url https://github.com/lodash/lodash
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash
6
reference_url https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851
7
reference_url https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2021-23337.yml
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2021-23337.yml
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23337
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-23337
10
reference_url https://security.netapp.com/advisory/ntap-20210312-0006
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210312-0006
11
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932
12
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930
13
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928
14
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931
15
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929
16
reference_url https://snyk.io/vuln/SNYK-JS-LODASH-1040724
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-LODASH-1040724
17
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
18
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
19
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
20
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1928937
reference_id 1928937
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1928937
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985086
reference_id 985086
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985086
23
reference_url https://access.redhat.com/errata/RHSA-2021:2179
reference_id RHSA-2021:2179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2179
24
reference_url https://access.redhat.com/errata/RHSA-2021:2438
reference_id RHSA-2021:2438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2438
25
reference_url https://access.redhat.com/errata/RHSA-2021:2543
reference_id RHSA-2021:2543
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2543
26
reference_url https://access.redhat.com/errata/RHSA-2021:3459
reference_id RHSA-2021:3459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3459
27
reference_url https://access.redhat.com/errata/RHSA-2022:6429
reference_id RHSA-2022:6429
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6429
28
reference_url https://access.redhat.com/errata/RHSA-2026:7329
reference_id RHSA-2026:7329
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7329
fixed_packages
0
url pkg:npm/lodash-es@4.17.21
purl pkg:npm/lodash-es@4.17.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jsc5-qvjm-6kek
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/lodash-es@4.17.21
aliases CVE-2021-23337, GHSA-35jh-r3h4-6jhm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fhw1-4c1k-sfh3
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/lodash-es@3.10.0