Regular Expression Denial of Service (ReDoS) in lodash
Description
Activity
Show:
Details
Assignee
UnassignedUnassignedReporter
onms security jiraonms security jiraLabels
Priority
Trivial
Details
Details
Assignee
Unassigned
UnassignedReporter
onms security jiraLabels
Priority
TrivialPagerDuty
PagerDuty Incident
PagerDuty
PagerDuty Incident
PagerDuty
PagerDuty Incident
Created July 21, 2023 at 10:45 PM
Updated July 21, 2023 at 10:45 PM
lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.7.11.
Repository: OpenNMS/opennms-compass (https://github.com/OpenNMS/opennms-compass)
Dependabot: https://github.com/OpenNMS/opennms-compass/security/dependabot/6
CVE: CVE-2019-1010266
CVSS:
GHSA: GHSA-x5rq-j2xg-h7qm
Severity: medium
Ecosystem: npm
Package Name: lodash
Vulnerable Version Range: < 4.17.11
First Patched Version: 4.17.11