VulnerableCode Package Details - pkg:npm/lodash-amd@4.17.11

Search for packages

Vulnerability	Summary	Fixed by
VCID-dzeb-zu9x-g3bq Aliases: CVE-2019-10744 GHSA-jf85-cpcp-j695	Prototype Pollution in lodash Versions of `lodash` before 4.17.12 are vulnerable to Prototype Pollution. The function `defaultsDeep` allows a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.	4.17.13 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-jsc5-qvjm-6kek Aliases: CVE-2025-13465 GHSA-xxjr-mmjv-4gpg	Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions ### Impact Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the `_.unset` and `_.omit` functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. ### Patches This issue is patched on 4.17.23.	4.17.23 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-dzeb-zu9x-g3bq
Aliases:
CVE-2019-10744
GHSA-jf85-cpcp-j695

Prototype Pollution in lodash Versions of `lodash` before 4.17.12 are vulnerable to Prototype Pollution. The function `defaultsDeep` allows a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.

4.17.13
Affected by 1 other vulnerability.

VCID-jsc5-qvjm-6kek
Aliases:
CVE-2025-13465
GHSA-xxjr-mmjv-4gpg

Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions ### Impact Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the `_.unset` and `_.omit` functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. ### Patches This issue is patched on 4.17.23.

4.17.23
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2bwn-573p-rqay	Regular Expression Denial of Service (ReDoS) in lodash lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.7.11.	CVE-2019-1010266 GHSA-x5rq-j2xg-h7qm

Vulnerability

Summary

Aliases

VCID-2bwn-573p-rqay

Regular Expression Denial of Service (ReDoS) in lodash lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.7.11.

CVE-2019-1010266
GHSA-x5rq-j2xg-h7qm

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-17T00:11:42.823650+00:00	GitLab Importer	Affected by	VCID-jsc5-qvjm-6kek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2025-13465.yml	38.4.0
2026-04-16T20:56:16.586517+00:00	GitLab Importer	Fixing	VCID-2bwn-573p-rqay	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2019-1010266.yml	38.4.0
2026-04-16T20:56:01.661550+00:00	GitLab Importer	Affected by	VCID-dzeb-zu9x-g3bq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2019-10744.yml	38.4.0
2026-04-16T01:29:36.481755+00:00	GHSA Importer	Fixing	VCID-2bwn-573p-rqay	https://github.com/advisories/GHSA-x5rq-j2xg-h7qm	38.4.0
2026-04-12T01:35:30.195025+00:00	GitLab Importer	Affected by	VCID-jsc5-qvjm-6kek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2025-13465.yml	38.3.0
2026-04-11T22:07:17.280866+00:00	GitLab Importer	Fixing	VCID-2bwn-573p-rqay	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2019-1010266.yml	38.3.0
2026-04-11T22:07:03.216192+00:00	GitLab Importer	Affected by	VCID-dzeb-zu9x-g3bq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2019-10744.yml	38.3.0
2026-04-11T12:58:54.662820+00:00	GHSA Importer	Fixing	VCID-2bwn-573p-rqay	https://github.com/advisories/GHSA-x5rq-j2xg-h7qm	38.3.0
2026-04-03T01:44:30.258132+00:00	GitLab Importer	Affected by	VCID-jsc5-qvjm-6kek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2025-13465.yml	38.1.0
2026-04-02T22:20:04.308955+00:00	GitLab Importer	Fixing	VCID-2bwn-573p-rqay	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2019-1010266.yml	38.1.0
2026-04-02T22:19:50.404277+00:00	GitLab Importer	Affected by	VCID-dzeb-zu9x-g3bq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2019-10744.yml	38.1.0
2026-04-02T13:51:07.930812+00:00	GHSA Importer	Fixing	VCID-2bwn-573p-rqay	https://github.com/advisories/GHSA-x5rq-j2xg-h7qm	38.1.0
2026-04-01T16:37:49.972750+00:00	GitLab Importer	Fixing	VCID-2bwn-573p-rqay	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2019-1010266.yml	38.0.0
2026-04-01T16:37:37.226002+00:00	GitLab Importer	Affected by	VCID-dzeb-zu9x-g3bq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2019-10744.yml	38.0.0
2026-04-01T15:57:36.275518+00:00	GHSA Importer	Fixing	VCID-2bwn-573p-rqay	https://github.com/advisories/GHSA-x5rq-j2xg-h7qm	38.0.0
2026-04-01T13:04:37.731677+00:00	GithubOSV Importer	Fixing	VCID-2bwn-573p-rqay	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/07/GHSA-x5rq-j2xg-h7qm/GHSA-x5rq-j2xg-h7qm.json	38.0.0