Описание
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | |
| disco | not-affected | 4.17.11+dfsg-1 |
| eoan | not-affected | |
| esm-apps/bionic | needed | |
| esm-apps/focal | not-affected | |
| esm-apps/jammy | not-affected | |
| esm-apps/noble | not-affected | |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | DNE |
Показывать по
EPSS
4 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource ...
Regular Expression Denial of Service (ReDoS) in lodash
EPSS
4 Medium
CVSS2
6.5 Medium
CVSS3