Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/lodash.set@4.2.0

Type npm

Namespace

Name lodash.set

Version 4.2.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-44qf-p2rd-6qay

vulnerability_id

VCID-44qf-p2rd-6qay

summary

Prototype Pollution in lodash
Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The functions `pick`, `set`, `setWith`, `update`, `updateWith`, and `zipObjectDeep` allow a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires manipulating objects based on user-provided property values or arrays.

This vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8203.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8203.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8203

reference_id

reference_type

scores

value	0.0322
scoring_system	epss
scoring_elements	0.87064
published_at	2026-04-21T12:55:00Z

value	0.0322
scoring_system	epss
scoring_elements	0.87068
published_at	2026-04-18T12:55:00Z

value	0.0357
scoring_system	epss
scoring_elements	0.87669
published_at	2026-04-01T12:55:00Z

value	0.0357
scoring_system	epss
scoring_elements	0.87723
published_at	2026-04-13T12:55:00Z

value	0.0357
scoring_system	epss
scoring_elements	0.87725
published_at	2026-04-12T12:55:00Z

value	0.0357
scoring_system	epss
scoring_elements	0.87732
published_at	2026-04-11T12:55:00Z

value	0.0357
scoring_system	epss
scoring_elements	0.87721
published_at	2026-04-09T12:55:00Z

value	0.0357
scoring_system	epss
scoring_elements	0.87714
published_at	2026-04-08T12:55:00Z

value	0.0357
scoring_system	epss
scoring_elements	0.87694
published_at	2026-04-07T12:55:00Z

value	0.0357
scoring_system	epss
scoring_elements	0.87691
published_at	2026-04-04T12:55:00Z

value	0.0357
scoring_system	epss
scoring_elements	0.87679
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8203

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8203
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8203

reference_url

https://github.com/advisories/GHSA-p6mc-m468-83gw

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p6mc-m468-83gw

reference_url

https://github.com/github/advisory-database/pull/2884

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/github/advisory-database/pull/2884

reference_url

https://github.com/lodash/lodash

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/lodash/lodash

reference_url

https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12

reference_url

https://github.com/lodash/lodash/issues/4744

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/lodash/lodash/issues/4744

reference_url

https://github.com/lodash/lodash/issues/4874

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/lodash/lodash/issues/4874

reference_url

https://github.com/lodash/lodash/wiki/Changelog#v41719

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/lodash/lodash/wiki/Changelog#v41719

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-8203.yml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-8203.yml

reference_url

https://hackerone.com/reports/712065

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/712065

reference_url

https://hackerone.com/reports/864701

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/864701

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-8203

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8203

reference_url

https://security.netapp.com/advisory/ntap-20200724-0006

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200724-0006

reference_url

https://web.archive.org/web/20210914001339/https://github.com/lodash/lodash/issues/4744

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210914001339/https://github.com/lodash/lodash/issues/4744

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1857412
reference_id	1857412
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1857412

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965283
reference_id	965283
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965283

reference_url	https://access.redhat.com/errata/RHSA-2020:3369
reference_id	RHSA-2020:3369
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3369

reference_url	https://access.redhat.com/errata/RHSA-2020:3370
reference_id	RHSA-2020:3370
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3370

reference_url	https://access.redhat.com/errata/RHSA-2020:3807
reference_id	RHSA-2020:3807
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3807

reference_url	https://access.redhat.com/errata/RHSA-2020:4298
reference_id	RHSA-2020:4298
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4298

reference_url	https://access.redhat.com/errata/RHSA-2020:5179
reference_id	RHSA-2020:5179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5179

reference_url	https://access.redhat.com/errata/RHSA-2020:5611
reference_id	RHSA-2020:5611
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5611

reference_url	https://access.redhat.com/errata/RHSA-2021:3917
reference_id	RHSA-2021:3917
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3917

fixed_packages

aliases

CVE-2020-8203, GHSA-p6mc-m468-83gw

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-44qf-p2rd-6qay

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/lodash.set@4.2.0

Package Instance