Описание
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
Ссылки
- Issue TrackingVendor Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingVendor Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.17.20 (исключая)
cpe:2.3:a:lodash:lodash:*:*:*:*:*:node.js:*:*
Конфигурация 2Версия до 21.1.2 (исключая)Версия до 9.2.6.0 (включая)Версия от 17.12.0 (включая) до 17.12.11 (включая)Версия от 18.8.0 (включая) до 18.8.12 (включая)Версия от 19.12.0 (включая) до 19.12.11 (включая)Версия от 20.12.0 (включая) до 20.12.7 (включая)
Одно из
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_extensibility_workbench:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_extensibility_workbench:14.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_liquidity_management:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_liquidity_management:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_liquidity_management:14.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:cz8.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_router:cz8.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:cz8.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_communications_broker:pcz3.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.02053
Низкий
7.4 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-770
CWE-1321
Связанные уязвимости
CVSS3: 7.4
ubuntu
больше 5 лет назад
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
CVSS3: 7.4
redhat
больше 5 лет назад
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
CVSS3: 7.4
debian
больше 5 лет назад
Prototype pollution attack when using _.zipObjectDeep in lodash before ...
CVSS3: 7.4
fstec
больше 5 лет назад
Уязвимость реализации метода _.zipObjectDeep() библиотеки Lodash, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
EPSS
Процентиль: 83%
0.02053
Низкий
7.4 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-770
CWE-1321