4.17.21
9 years ago
3 years ago
Known vulnerabilities in the org.webjars.bower:lodash package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
org.webjars.bower:lodash is a modern JavaScript utility library delivering modularity, performance, & extras. Affected versions of this package are vulnerable to Prototype Pollution through the How to fix Prototype Pollution? Upgrade | [,4.17.21) |
org.webjars.bower:lodash is a modern JavaScript utility library delivering modularity, performance, & extras. Affected versions of this package are vulnerable to Code Injection via PoC
How to fix Code Injection? Upgrade | [,4.17.21) |
org.webjars.bower:lodash is a modern JavaScript utility library delivering modularity, performance, & extras. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the POC
How to fix Regular Expression Denial of Service (ReDoS)? Upgrade | [,4.17.21) |
org.webjars.bower:lodash is a modern JavaScript utility library delivering modularity, performance, & extras. Affected versions of this package are vulnerable to Prototype Pollution via the How to fix Prototype Pollution? Upgrade | [,4.17.17) |
org.webjars.bower:lodash is a modern JavaScript utility library delivering modularity, performance, & extras. Affected versions of this package are vulnerable to Prototype Pollution. The function How to fix Prototype Pollution? Upgrade | [,4.17.12) |
org.webjars.bower:lodash is a modern JavaScript utility library delivering modularity, performance, & extras. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). It parses dates using regex strings, which may cause a slowdown of 2 seconds per 50k characters. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade | [,4.17.11) |
org.webjars.bower:lodash is a modern JavaScript utility library delivering modularity, performance, & extras. Affected versions of this package are vulnerable to Prototype Pollution. The functions How to fix Prototype Pollution? Upgrade | [,4.17.11) |
org.webjars.bower:lodash is a modern JavaScript utility library delivering modularity, performance, & extras. Affected versions of this package are vulnerable to Prototype Pollution. The utilities function allow modification of the How to fix Prototype Pollution? Upgrade | [,4.17.5) |