Moderate severityNVD Advisory· Published Jul 17, 2019· Updated Aug 5, 2024
CVE-2019-1010266
CVE-2019-1010266
Description
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
lodashnpm | >= 4.7.0, < 4.17.11 | 4.17.11 |
lodash-esnpm | >= 4.7.0, < 4.17.11 | 4.17.11 |
lodash-amdnpm | >= 4.7.0, < 4.17.11 | 4.17.11 |
lodash-railsRubyGems | >= 4.7.0, < 4.17.11 | 4.17.11 |
Affected products
5- ghsa-coords4 versions
>= 4.7.0, < 4.17.11+ 3 more
- (no CPE)range: >= 4.7.0, < 4.17.11
- (no CPE)range: >= 4.7.0, < 4.17.11
- (no CPE)range: >= 4.7.0, < 4.17.11
- (no CPE)range: >= 4.7.0, < 4.17.11
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-x5rq-j2xg-h7qmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-1010266ghsaADVISORY
- github.com/github/advisory-database/pull/6138ghsaWEB
- github.com/lodash/lodash/commit/5c08f18d365b64063bfbfa686cbb97cdd6267347ghsaWEB
- github.com/lodash/lodash/issues/3359ghsax_refsource_MISCWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2019-1010266.ymlghsaWEB
- security.netapp.com/advisory/ntap-20190919-0004ghsaWEB
- security.netapp.com/advisory/ntap-20190919-0004/mitrex_refsource_CONFIRM
- snyk.io/vuln/SNYK-JS-LODASH-73639ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.