Known Vulnerabilities for products from Lodash
Listed below are 8 of the newest known vulnerabilities associated with the vendor "Lodash".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-2950 | Not Provided | 2026-03-31 | 2026-04-01 | |
| CVE-2021-41720 | ** DISPUTED ** A command injection vulnerability in Lodash 4.17.21 allows attackers to achieve arbitrary code execution via t... | Not Provided | 2021-09-30 | 2023-11-07 |
| CVE-2021-23337 | Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. | 7.2 - HIGH | 2021-02-15 | 2022-09-13 |
| CVE-2020-28500 | Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and tr... | 5.3 - MEDIUM | 2021-02-15 | 2022-09-13 |
| CVE-2020-8203 | Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. | 7.4 - HIGH | 2020-07-15 | 2024-01-21 |
| CVE-2019-1010266 | lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The com... | 6.5 - MEDIUM | 2019-07-17 | 2020-09-30 |
| CVE-2019-10744 | Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into ... | 9.1 - CRITICAL | 2019-07-26 | 2024-01-21 |
| CVE-2018-16487 | A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can b... | 5.6 - MEDIUM | 2019-02-01 | 2020-09-18 |
| CVE-2018-3721 | lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep,... | 6.5 - MEDIUM | 2018-06-07 | 2019-10-03 |
Known software with vulnerabilities from Lodash
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Lodash | Lodash | 0.1.0 |