Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-28500

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

Published

2021-02-15T11:15:12.397

Last Modified

2024-11-21T05:22:55.053

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application lodash lodash < 4.17.21 Yes
Application oracle banking_corporate_lending_process_management 14.2.0 Yes
Application oracle banking_corporate_lending_process_management 14.3.0 Yes
Application oracle banking_corporate_lending_process_management 14.5.0 Yes
Application oracle banking_credit_facilities_process_management 14.2.0 Yes
Application oracle banking_credit_facilities_process_management 14.3.0 Yes
Application oracle banking_credit_facilities_process_management 14.5.0 Yes
Application oracle banking_extensibility_workbench 14.2.0 Yes
Application oracle banking_extensibility_workbench 14.3.0 Yes
Application oracle banking_extensibility_workbench 14.5.0 Yes
Application oracle banking_supply_chain_finance 14.2.0 Yes
Application oracle banking_supply_chain_finance 14.3.0 Yes
Application oracle banking_supply_chain_finance 14.5.0 Yes
Application oracle banking_trade_finance_process_management 14.2.0 Yes
Application oracle banking_trade_finance_process_management 14.3.0 Yes
Application oracle banking_trade_finance_process_management 14.5.0 Yes
Application oracle communications_cloud_native_core_policy 1.11.0 Yes
Application oracle communications_design_studio 7.4.2 Yes
Application oracle communications_services_gatekeeper 7.0 Yes
Application oracle communications_session_border_controller 8.4 Yes
Application oracle communications_session_border_controller 9.0 Yes
Application oracle enterprise_communications_broker 3.2.0 Yes
Application oracle enterprise_communications_broker 3.3.0 Yes
Application oracle financial_services_crime_and_compliance_management_studio 8.0.8.2.0 Yes
Application oracle financial_services_crime_and_compliance_management_studio 8.0.8.3.0 Yes
Application oracle health_sciences_data_management_workbench 2.5.2.1 Yes
Application oracle health_sciences_data_management_workbench 3.0.0.0 Yes
Application oracle jd_edwards_enterpriseone_tools < 9.2.6.1 Yes
Application oracle peoplesoft_enterprise_peopletools 8.58 Yes
Application oracle peoplesoft_enterprise_peopletools 8.59 Yes
Application oracle primavera_gateway ≤ 17.12.11 Yes
Application oracle primavera_gateway ≤ 18.8.12 Yes
Application oracle primavera_gateway ≤ 19.12.11 Yes
Application oracle primavera_gateway ≤ 20.12.7 Yes
Application oracle primavera_unifier ≤ 17.12 Yes
Application oracle primavera_unifier 18.8 Yes
Application oracle primavera_unifier 19.12 Yes
Application oracle primavera_unifier 20.12 Yes
Application oracle retail_customer_management_and_segmentation_foundation 19.0 Yes
Application siemens sinec_ins < 1.0 Yes
Application siemens sinec_ins 1.0 Yes
Application siemens sinec_ins 1.0 Yes
References