Search for packages
| purl | pkg:npm/lodash-amd@4.17.9 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2bwn-573p-rqay
Aliases: CVE-2019-1010266 GHSA-x5rq-j2xg-h7qm |
Regular Expression Denial of Service (ReDoS) in lodash lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.7.11. |
Affected by 2 other vulnerabilities. |
|
VCID-dzeb-zu9x-g3bq
Aliases: CVE-2019-10744 GHSA-jf85-cpcp-j695 |
Prototype Pollution in lodash Versions of `lodash` before 4.17.12 are vulnerable to Prototype Pollution. The function `defaultsDeep` allows a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects. |
Affected by 1 other vulnerability. |
|
VCID-jsc5-qvjm-6kek
Aliases: CVE-2025-13465 GHSA-xxjr-mmjv-4gpg |
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions ### Impact Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the `_.unset` and `_.omit` functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. ### Patches This issue is patched on 4.17.23. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||