Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/lodash@4.17.21
Typenpm
Namespace
Namelodash
Version4.17.21
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.18.0
Latest_non_vulnerable_version4.18.0
Affected_by_vulnerabilities
0
url VCID-jsc5-qvjm-6kek
vulnerability_id VCID-jsc5-qvjm-6kek
summary 
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions
### Impact

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the `_.unset` and `_.omit` functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. 

The issue permits deletion of properties but does not allow overwriting their original behavior.  

### Patches

This issue is patched on 4.17.23.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13465.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13465.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-13465
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.0826
published_at 2026-04-18T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08279
published_at 2026-04-16T12:55:00Z
2
value 0.00029
scoring_system epss
scoring_elements 0.08387
published_at 2026-04-13T12:55:00Z
3
value 0.00029
scoring_system epss
scoring_elements 0.08402
published_at 2026-04-12T12:55:00Z
4
value 0.00029
scoring_system epss
scoring_elements 0.08421
published_at 2026-04-21T12:55:00Z
5
value 0.00029
scoring_system epss
scoring_elements 0.08341
published_at 2026-04-07T12:55:00Z
6
value 0.00029
scoring_system epss
scoring_elements 0.0843
published_at 2026-04-09T12:55:00Z
7
value 0.00029
scoring_system epss
scoring_elements 0.08366
published_at 2026-04-02T12:55:00Z
8
value 0.00029
scoring_system epss
scoring_elements 0.08413
published_at 2026-04-08T12:55:00Z
9
value 0.00029
scoring_system epss
scoring_elements 0.08419
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-13465
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13465
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13465
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/lodash/lodash
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash
5
reference_url https://github.com/lodash/lodash/commit/edadd452146f7e4bad4ea684e955708931d84d81
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/commit/edadd452146f7e4bad4ea684e955708931d84d81
6
reference_url https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-21T19:43:10Z/
url https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13465
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-13465
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126265
reference_id 1126265
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126265
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2431740
reference_id 2431740
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2431740
10
reference_url https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
reference_id GHSA-xxjr-mmjv-4gpg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
11
reference_url https://access.redhat.com/errata/RHSA-2026:1845
reference_id RHSA-2026:1845
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1845
12
reference_url https://access.redhat.com/errata/RHSA-2026:2078
reference_id RHSA-2026:2078
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2078
13
reference_url https://access.redhat.com/errata/RHSA-2026:2119
reference_id RHSA-2026:2119
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2119
14
reference_url https://access.redhat.com/errata/RHSA-2026:2145
reference_id RHSA-2026:2145
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2145
15
reference_url https://access.redhat.com/errata/RHSA-2026:2147
reference_id RHSA-2026:2147
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2147
16
reference_url https://access.redhat.com/errata/RHSA-2026:2148
reference_id RHSA-2026:2148
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2148
17
reference_url https://access.redhat.com/errata/RHSA-2026:2149
reference_id RHSA-2026:2149
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2149
18
reference_url https://access.redhat.com/errata/RHSA-2026:2438
reference_id RHSA-2026:2438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2438
19
reference_url https://access.redhat.com/errata/RHSA-2026:2452
reference_id RHSA-2026:2452
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2452
20
reference_url https://access.redhat.com/errata/RHSA-2026:2462
reference_id RHSA-2026:2462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2462
21
reference_url https://access.redhat.com/errata/RHSA-2026:2465
reference_id RHSA-2026:2465
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2465
22
reference_url https://access.redhat.com/errata/RHSA-2026:2469
reference_id RHSA-2026:2469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2469
23
reference_url https://access.redhat.com/errata/RHSA-2026:2484
reference_id RHSA-2026:2484
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2484
24
reference_url https://access.redhat.com/errata/RHSA-2026:2651
reference_id RHSA-2026:2651
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2651
25
reference_url https://access.redhat.com/errata/RHSA-2026:2661
reference_id RHSA-2026:2661
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2661
26
reference_url https://access.redhat.com/errata/RHSA-2026:2672
reference_id RHSA-2026:2672
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2672
27
reference_url https://access.redhat.com/errata/RHSA-2026:2675
reference_id RHSA-2026:2675
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2675
28
reference_url https://access.redhat.com/errata/RHSA-2026:2694
reference_id RHSA-2026:2694
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2694
29
reference_url https://access.redhat.com/errata/RHSA-2026:2816
reference_id RHSA-2026:2816
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2816
30
reference_url https://access.redhat.com/errata/RHSA-2026:2817
reference_id RHSA-2026:2817
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2817
31
reference_url https://access.redhat.com/errata/RHSA-2026:2818
reference_id RHSA-2026:2818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2818
32
reference_url https://access.redhat.com/errata/RHSA-2026:2819
reference_id RHSA-2026:2819
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2819
33
reference_url https://access.redhat.com/errata/RHSA-2026:2900
reference_id RHSA-2026:2900
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2900
34
reference_url https://access.redhat.com/errata/RHSA-2026:2926
reference_id RHSA-2026:2926
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2926
35
reference_url https://access.redhat.com/errata/RHSA-2026:2984
reference_id RHSA-2026:2984
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2984
36
reference_url https://access.redhat.com/errata/RHSA-2026:2990
reference_id RHSA-2026:2990
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2990
37
reference_url https://access.redhat.com/errata/RHSA-2026:3087
reference_id RHSA-2026:3087
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3087
38
reference_url https://access.redhat.com/errata/RHSA-2026:3422
reference_id RHSA-2026:3422
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3422
39
reference_url https://access.redhat.com/errata/RHSA-2026:3710
reference_id RHSA-2026:3710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3710
40
reference_url https://access.redhat.com/errata/RHSA-2026:3712
reference_id RHSA-2026:3712
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3712
41
reference_url https://access.redhat.com/errata/RHSA-2026:3782
reference_id RHSA-2026:3782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3782
42
reference_url https://access.redhat.com/errata/RHSA-2026:3825
reference_id RHSA-2026:3825
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3825
43
reference_url https://access.redhat.com/errata/RHSA-2026:3869
reference_id RHSA-2026:3869
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3869
44
reference_url https://access.redhat.com/errata/RHSA-2026:3870
reference_id RHSA-2026:3870
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3870
45
reference_url https://access.redhat.com/errata/RHSA-2026:3874
reference_id RHSA-2026:3874
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3874
46
reference_url https://access.redhat.com/errata/RHSA-2026:3884
reference_id RHSA-2026:3884
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3884
47
reference_url https://access.redhat.com/errata/RHSA-2026:3958
reference_id RHSA-2026:3958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3958
48
reference_url https://access.redhat.com/errata/RHSA-2026:3960
reference_id RHSA-2026:3960
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3960
49
reference_url https://access.redhat.com/errata/RHSA-2026:3962
reference_id RHSA-2026:3962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3962
50
reference_url https://access.redhat.com/errata/RHSA-2026:4423
reference_id RHSA-2026:4423
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4423
51
reference_url https://access.redhat.com/errata/RHSA-2026:4466
reference_id RHSA-2026:4466
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4466
52
reference_url https://access.redhat.com/errata/RHSA-2026:4467
reference_id RHSA-2026:4467
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4467
53
reference_url https://access.redhat.com/errata/RHSA-2026:4630
reference_id RHSA-2026:4630
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4630
54
reference_url https://access.redhat.com/errata/RHSA-2026:4782
reference_id RHSA-2026:4782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4782
55
reference_url https://access.redhat.com/errata/RHSA-2026:5636
reference_id RHSA-2026:5636
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5636
56
reference_url https://access.redhat.com/errata/RHSA-2026:6192
reference_id RHSA-2026:6192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6192
57
reference_url https://access.redhat.com/errata/RHSA-2026:6288
reference_id RHSA-2026:6288
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6288
58
reference_url https://access.redhat.com/errata/RHSA-2026:6497
reference_id RHSA-2026:6497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6497
59
reference_url https://access.redhat.com/errata/RHSA-2026:6567
reference_id RHSA-2026:6567
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6567
60
reference_url https://access.redhat.com/errata/RHSA-2026:8218
reference_id RHSA-2026:8218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8218
61
reference_url https://access.redhat.com/errata/RHSA-2026:8229
reference_id RHSA-2026:8229
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8229
fixed_packages
0
url pkg:npm/lodash@4.17.23
purl pkg:npm/lodash@4.17.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-an5j-y3cq-gbfx
1
vulnerability VCID-hjed-8rnm-kkbk
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/lodash@4.17.23
aliases CVE-2025-13465, GHSA-xxjr-mmjv-4gpg
risk_score 3.7
exploitability 0.5
weighted_severity 7.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jsc5-qvjm-6kek
Fixing_vulnerabilities
0
url VCID-e3y9-r7uz-pkfg
vulnerability_id VCID-e3y9-r7uz-pkfg
summary 
Regular Expression Denial of Service (ReDoS) in lodash
All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the `toNumber`, `trim` and `trimEnd` functions.

Steps to reproduce (provided by reporter Liyuan Chen):
```js
var lo = require('lodash');

function build_blank(n) {
var ret = "1"
for (var i = 0; i < n; i++) {
ret += " "
}
return ret + "1";
}
var s = build_blank(50000) var time0 = Date.now();
lo.trim(s)
var time_cost0 = Date.now() - time0;
console.log("time_cost0: " + time_cost0);
var time1 = Date.now();
lo.toNumber(s) var time_cost1 = Date.now() - time1;
console.log("time_cost1: " + time_cost1);
var time2 = Date.now();
lo.trimEnd(s);
var time_cost2 = Date.now() - time2;
console.log("time_cost2: " + time_cost2);
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28500.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28500.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28500
reference_id
reference_type
scores
0
value 0.00245
scoring_system epss
scoring_elements 0.47815
published_at 2026-04-18T12:55:00Z
1
value 0.00245
scoring_system epss
scoring_elements 0.47823
published_at 2026-04-16T12:55:00Z
2
value 0.00245
scoring_system epss
scoring_elements 0.47768
published_at 2026-04-21T12:55:00Z
3
value 0.00245
scoring_system epss
scoring_elements 0.47758
published_at 2026-04-12T12:55:00Z
4
value 0.00245
scoring_system epss
scoring_elements 0.47782
published_at 2026-04-11T12:55:00Z
5
value 0.00245
scoring_system epss
scoring_elements 0.47761
published_at 2026-04-08T12:55:00Z
6
value 0.00245
scoring_system epss
scoring_elements 0.47706
published_at 2026-04-07T12:55:00Z
7
value 0.00245
scoring_system epss
scoring_elements 0.47757
published_at 2026-04-09T12:55:00Z
8
value 0.00245
scoring_system epss
scoring_elements 0.47737
published_at 2026-04-02T12:55:00Z
9
value 0.00245
scoring_system epss
scoring_elements 0.47699
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28500
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500
4
reference_url https://github.com/github/advisory-database/pull/6139
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/6139
5
reference_url https://github.com/lodash/lodash
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash
6
reference_url https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8
7
reference_url https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a
8
reference_url https://github.com/lodash/lodash/pull/5065
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/pull/5065
9
reference_url https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7
10
reference_url https://security.netapp.com/advisory/ntap-20210312-0006
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210312-0006
11
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896
12
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894
13
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892
14
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895
15
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893
16
reference_url https://snyk.io/vuln/SNYK-JS-LODASH-1018905
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-LODASH-1018905
17
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
18
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
19
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
20
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1928954
reference_id 1928954
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1928954
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985086
reference_id 985086
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985086
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28500
reference_id CVE-2020-28500
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28500
24
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-28500.yml
reference_id CVE-2020-28500.YML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-28500.yml
25
reference_url https://github.com/advisories/GHSA-29mw-wpgm-hmr9
reference_id GHSA-29mw-wpgm-hmr9
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-29mw-wpgm-hmr9
26
reference_url https://access.redhat.com/errata/RHSA-2021:2179
reference_id RHSA-2021:2179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2179
27
reference_url https://access.redhat.com/errata/RHSA-2021:2438
reference_id RHSA-2021:2438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2438
28
reference_url https://access.redhat.com/errata/RHSA-2021:2543
reference_id RHSA-2021:2543
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2543
29
reference_url https://access.redhat.com/errata/RHSA-2021:3459
reference_id RHSA-2021:3459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3459
30
reference_url https://access.redhat.com/errata/RHSA-2022:6429
reference_id RHSA-2022:6429
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6429
fixed_packages
0
url pkg:npm/lodash@4.17.21
purl pkg:npm/lodash@4.17.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jsc5-qvjm-6kek
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/lodash@4.17.21
aliases CVE-2020-28500, GHSA-29mw-wpgm-hmr9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3y9-r7uz-pkfg
1
url VCID-fhw1-4c1k-sfh3
vulnerability_id VCID-fhw1-4c1k-sfh3
summary 
Command Injection in lodash
`lodash` versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23337.json
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23337.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-23337
reference_id
reference_type
scores
0
value 0.00463
scoring_system epss
scoring_elements 0.64288
published_at 2026-04-04T12:55:00Z
1
value 0.00463
scoring_system epss
scoring_elements 0.64248
published_at 2026-04-07T12:55:00Z
2
value 0.00463
scoring_system epss
scoring_elements 0.64203
published_at 2026-04-01T12:55:00Z
3
value 0.00463
scoring_system epss
scoring_elements 0.6426
published_at 2026-04-02T12:55:00Z
4
value 0.04314
scoring_system epss
scoring_elements 0.88899
published_at 2026-04-13T12:55:00Z
5
value 0.04314
scoring_system epss
scoring_elements 0.88893
published_at 2026-04-09T12:55:00Z
6
value 0.04314
scoring_system epss
scoring_elements 0.88905
published_at 2026-04-11T12:55:00Z
7
value 0.04314
scoring_system epss
scoring_elements 0.88908
published_at 2026-04-21T12:55:00Z
8
value 0.04314
scoring_system epss
scoring_elements 0.88911
published_at 2026-04-18T12:55:00Z
9
value 0.04314
scoring_system epss
scoring_elements 0.88913
published_at 2026-04-16T12:55:00Z
10
value 0.04314
scoring_system epss
scoring_elements 0.88888
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-23337
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23337
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23337
4
reference_url https://github.com/advisories/GHSA-35jh-r3h4-6jhm
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-35jh-r3h4-6jhm
5
reference_url https://github.com/lodash/lodash
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash
6
reference_url https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851
7
reference_url https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2021-23337.yml
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2021-23337.yml
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-23337
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-23337
10
reference_url https://security.netapp.com/advisory/ntap-20210312-0006
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210312-0006
11
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932
12
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930
13
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928
14
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931
15
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929
16
reference_url https://snyk.io/vuln/SNYK-JS-LODASH-1040724
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-LODASH-1040724
17
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
18
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
19
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
20
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1928937
reference_id 1928937
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1928937
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985086
reference_id 985086
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985086
23
reference_url https://access.redhat.com/errata/RHSA-2021:2179
reference_id RHSA-2021:2179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2179
24
reference_url https://access.redhat.com/errata/RHSA-2021:2438
reference_id RHSA-2021:2438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2438
25
reference_url https://access.redhat.com/errata/RHSA-2021:2543
reference_id RHSA-2021:2543
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2543
26
reference_url https://access.redhat.com/errata/RHSA-2021:3459
reference_id RHSA-2021:3459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3459
27
reference_url https://access.redhat.com/errata/RHSA-2022:6429
reference_id RHSA-2022:6429
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6429
28
reference_url https://access.redhat.com/errata/RHSA-2026:7329
reference_id RHSA-2026:7329
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7329
fixed_packages
0
url pkg:npm/lodash@4.17.21
purl pkg:npm/lodash@4.17.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jsc5-qvjm-6kek
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/lodash@4.17.21
aliases CVE-2021-23337, GHSA-35jh-r3h4-6jhm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fhw1-4c1k-sfh3
Risk_score3.7
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/lodash@4.17.21