Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/lodash-rails@4.17.21
purl pkg:gem/lodash-rails@4.17.21
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-e3y9-r7uz-pkfg Regular Expression Denial of Service (ReDoS) in lodash All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the `toNumber`, `trim` and `trimEnd` functions. Steps to reproduce (provided by reporter Liyuan Chen): ```js var lo = require('lodash'); function build_blank(n) { var ret = "1" for (var i = 0; i < n; i++) { ret += " " } return ret + "1"; } var s = build_blank(50000) var time0 = Date.now(); lo.trim(s) var time_cost0 = Date.now() - time0; console.log("time_cost0: " + time_cost0); var time1 = Date.now(); lo.toNumber(s) var time_cost1 = Date.now() - time1; console.log("time_cost1: " + time_cost1); var time2 = Date.now(); lo.trimEnd(s); var time_cost2 = Date.now() - time2; console.log("time_cost2: " + time_cost2); ``` CVE-2020-28500
GHSA-29mw-wpgm-hmr9
VCID-fhw1-4c1k-sfh3 Command Injection in lodash `lodash` versions prior to 4.17.21 are vulnerable to Command Injection via the template function. CVE-2021-23337
GHSA-35jh-r3h4-6jhm

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:37:02.428302+00:00 GitLab Importer Fixing VCID-e3y9-r7uz-pkfg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/lodash-rails/CVE-2020-28500.yml 38.4.0
2026-04-16T17:38:44.907204+00:00 Ruby Importer Fixing VCID-e3y9-r7uz-pkfg https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-28500.yml 38.4.0
2026-04-11T22:50:58.792447+00:00 GitLab Importer Fixing VCID-e3y9-r7uz-pkfg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/lodash-rails/CVE-2020-28500.yml 38.3.0
2026-04-11T21:35:48.491074+00:00 Ruby Importer Fixing VCID-e3y9-r7uz-pkfg https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-28500.yml 38.3.0
2026-04-02T23:00:23.542596+00:00 GitLab Importer Fixing VCID-e3y9-r7uz-pkfg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/lodash-rails/CVE-2020-28500.yml 38.1.0
2026-04-02T19:34:05.262739+00:00 Ruby Importer Fixing VCID-e3y9-r7uz-pkfg https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-28500.yml 38.1.0
2026-04-02T16:56:35.237684+00:00 GHSA Importer Fixing VCID-fhw1-4c1k-sfh3 https://github.com/advisories/GHSA-35jh-r3h4-6jhm 38.1.0
2026-04-02T12:38:21.864783+00:00 GitLab Importer Fixing VCID-fhw1-4c1k-sfh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/lodash-rails/CVE-2021-23337.yml 38.0.0
2026-04-01T15:59:13.890124+00:00 GHSA Importer Fixing VCID-e3y9-r7uz-pkfg https://github.com/advisories/GHSA-29mw-wpgm-hmr9 38.0.0
2026-04-01T15:50:59.363973+00:00 Ruby Importer Fixing VCID-e3y9-r7uz-pkfg https://github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-28500.yml 38.0.0
2026-04-01T13:05:42.969790+00:00 GithubOSV Importer Fixing VCID-e3y9-r7uz-pkfg https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-29mw-wpgm-hmr9/GHSA-29mw-wpgm-hmr9.json 38.0.0
2026-04-01T13:02:36.759502+00:00 GithubOSV Importer Fixing VCID-fhw1-4c1k-sfh3 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-35jh-r3h4-6jhm/GHSA-35jh-r3h4-6jhm.json 38.0.0
2026-04-01T12:49:14.236598+00:00 GitLab Importer Fixing VCID-e3y9-r7uz-pkfg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/lodash-rails/CVE-2020-28500.yml 38.0.0