Search for packages
| purl | pkg:deb/debian/node-lodash@4.17.11%2Bdfsg-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2bwn-573p-rqay | Regular Expression Denial of Service (ReDoS) in lodash lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.7.11. |
CVE-2019-1010266
GHSA-x5rq-j2xg-h7qm |
| VCID-s532-7mp1-kyeb | Prototype Pollution in lodash Versions of `lodash` before 4.17.11 are vulnerable to prototype pollution. The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects. |
CVE-2018-16487
GHSA-4xc9-xhrj-v574 |
| VCID-sxth-92xw-zbea | Prototype Pollution in lodash Versions of `lodash` before 4.17.5 are vulnerable to prototype pollution. The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of `Object` via `__proto__` causing the addition or modification of an existing property that will exist on all objects. |
CVE-2018-3721
GHSA-fvqr-27wr-82fm |