Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:lodash:lodash:4.17.14::~~~node.js~~
There are 3 matching records.
Displaying matches 1 through 3.
Vuln ID Summary CVSS Severity
CVE-2021-23337

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

Published: February 15, 2021; 8:15:12 AM -0500
V3.1: 7.2 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-28500

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

Published: February 15, 2021; 6:15:12 AM -0500
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2020-8203

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

Published: July 15, 2020; 1:15:11 PM -0400
V3.1: 7.4 HIGH
V2.0: 5.8 MEDIUM