VYPR
Moderate severityNVD Advisory· Published Feb 15, 2021· Updated Sep 16, 2024

Regular Expression Denial of Service (ReDoS)

CVE-2020-28500

Description

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
lodashnpm
>= 4.0.0, < 4.17.214.17.21
lodash-esnpm
>= 4.0.0, < 4.17.214.17.21
lodash.trimendnpm
>= 4.0.0, <= 4.5.1
lodash.trimnpm
>= 4.0.0, <= 4.5.1
lodash-railsRubyGems
>= 4.0.0, < 4.17.214.17.21

Affected products

6

Patches

Vulnerability mechanics

References

21

News mentions

0

No linked articles in our index yet.