Issues
- Prototype Pollution in handlebarsCOMPASS-286
- XSS via JQLite DOM manipulation functions in AngularJSCOMPASS-285
- Prototype Pollution in lodash.mergeCOMPASS-284
- Prototype Pollution in lodash.mergeCOMPASS-283
- Denial of Service in node-sassCOMPASS-282
- Denial of Service in handlebarsCOMPASS-281
- Arbitrary Code Execution in handlebarsCOMPASS-280
- Prototype Pollution in handlebarsCOMPASS-279
- Arbitrary Code Execution in handlebarsCOMPASS-278
- Regular Expression Denial of Service in npm-user-validateCOMPASS-277
- ReDOS vulnerabities: multiple grammarsCOMPASS-276
- Improper Privilege Management in shelljsCOMPASS-275
- Memory Exposure in tunnel-agentCOMPASS-274
- Memory Exposure in concat-streamCOMPASS-273
- Code Injection in js-yamlCOMPASS-272
- Denial of Service in js-yamlCOMPASS-271
- Regular Expression Denial of Service in clean-cssCOMPASS-270
- Regular Expression Denial of Service in bracesCOMPASS-269
- Command Injection in openCOMPASS-268
- Prototype Pollution in handlebarsCOMPASS-267
- XSS via JQLite DOM manipulation functions in AngularJSCOMPASS-266
- Prototype Pollution in lodash.mergeCOMPASS-265
- Prototype Pollution in lodash.mergeCOMPASS-264
- Denial of Service in node-sassCOMPASS-263
- Denial of Service in handlebarsCOMPASS-262
- Arbitrary Code Execution in handlebarsCOMPASS-261
- Prototype Pollution in handlebarsCOMPASS-260
- Arbitrary Code Execution in handlebarsCOMPASS-259
- Regular Expression Denial of Service in npm-user-validateCOMPASS-258
- ReDOS vulnerabities: multiple grammarsCOMPASS-257
- Improper Privilege Management in shelljsCOMPASS-256
- Memory Exposure in tunnel-agentCOMPASS-255
- Memory Exposure in concat-streamCOMPASS-254
- Code Injection in js-yamlCOMPASS-253
- Denial of Service in js-yamlCOMPASS-252
- Regular Expression Denial of Service in clean-cssCOMPASS-251
- Regular Expression Denial of Service in bracesCOMPASS-250
- Command Injection in openCOMPASS-249
- Prototype Pollution in lodashCOMPASS-248
- Prototype Pollution in lodashCOMPASS-247
- Prototype Pollution in lodashCOMPASS-246
- Prototype Pollution in handlebarsCOMPASS-245
- Regular Expression Denial of Service (ReDoS) in lodashCOMPASS-244
- Arbitrary File Overwrite in tarCOMPASS-243
- Prototype Pollution in angularCOMPASS-242
- npm symlink reference outside of node_modulesCOMPASS-241
- Arbitrary File Write in npmCOMPASS-240
- npm Vulnerable to Global node_modules Binary OverwriteCOMPASS-239
- Prototype Pollution in handlebarsCOMPASS-238
- Prototype Pollution in minimistCOMPASS-237
50 of 282
Regular Expression Denial of Service (ReDoS) in lodash
Description
Details
Assignee
UnassignedUnassignedReporter
onms security jiraonms security jiraLabels
Priority
Trivial
Details
Details
Assignee
Unassigned
UnassignedReporter
onms security jira
onms security jira
Labels
Priority
TrivialPagerDuty
PagerDuty
PagerDuty
Created July 21, 2023 at 10:45 PM
Updated July 21, 2023 at 10:45 PM
Activity
Show:
lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.7.11.
Repository: OpenNMS/opennms-compass (https://github.com/OpenNMS/opennms-compass)
Dependabot: https://github.com/OpenNMS/opennms-compass/security/dependabot/6
CVE: CVE-2019-1010266
CVSS:
GHSA: GHSA-x5rq-j2xg-h7qm
Severity: medium
Ecosystem: npm
Package Name: lodash
Vulnerable Version Range: < 4.17.11
First Patched Version: 4.17.11