lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.7.11.

Repository: OpenNMS/opennms-compass (https://github.com/OpenNMS/opennms-compass)
Dependabot: https://github.com/OpenNMS/opennms-compass/security/dependabot/6
CVE: CVE-2019-1010266
CVSS:
GHSA: GHSA-x5rq-j2xg-h7qm
Severity: medium
Ecosystem: npm
Package Name: lodash
Vulnerable Version Range: < 4.17.11
First Patched Version: 4.17.11