VulnerableCode Package Details - pkg:gem/lodash-rails@4.7.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/lodash-rails@4.7.0

Essentials
History (2)

purl	pkg:gem/lodash-rails@4.7.0
Tags	Ghost

Next non-vulnerable version	4.17.21
Latest non-vulnerable version	4.17.21
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-2bwn-573p-rqay Aliases: CVE-2019-1010266 GHSA-x5rq-j2xg-h7qm	Regular Expression Denial of Service (ReDoS) in lodash lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.7.11.	4.17.11 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-02T12:35:55.698668+00:00	GitLab Importer	Affected by	VCID-2bwn-573p-rqay	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/lodash-rails/CVE-2019-1010266.yml	38.0.0
2026-04-01T15:57:36.373327+00:00	GHSA Importer	Affected by	VCID-2bwn-573p-rqay	https://github.com/advisories/GHSA-x5rq-j2xg-h7qm	38.0.0