Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
No history.
Information
Published : 2021-02-15 11:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-28500
Mitre link : CVE-2020-28500
CVE.ORG link : CVE-2020-28500
JSON object : View
Products Affected
oracle
- banking_corporate_lending_process_management
- primavera_gateway
- primavera_unifier
- retail_customer_management_and_segmentation_foundation
- banking_trade_finance_process_management
- banking_credit_facilities_process_management
- banking_supply_chain_finance
- enterprise_communications_broker
- health_sciences_data_management_workbench
- peoplesoft_enterprise_peopletools
- banking_extensibility_workbench
- jd_edwards_enterpriseone_tools
- communications_services_gatekeeper
- communications_session_border_controller
- financial_services_crime_and_compliance_management_studio
- communications_design_studio
- communications_cloud_native_core_policy
siemens
- sinec_ins
lodash
- lodash
CWE