High severityNVD Advisory· Published Jul 15, 2020· Updated Aug 4, 2024
CVE-2020-8203
CVE-2020-8203
Description
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
lodashnpm | >= 3.7.0, < 4.17.19 | 4.17.19 |
lodash-esnpm | >= 3.7.0, < 4.17.20 | 4.17.20 |
lodash.picknpm | >= 4.0.0, <= 4.4.0 | — |
lodash.setnpm | >= 3.7.0, <= 4.3.2 | — |
lodash.setwithnpm | <= 4.3.2 | — |
lodash.updatenpm | <= 4.10.2 | — |
lodash.updatewithnpm | <= 4.10.2 | — |
lodash-railsRubyGems | >= 3.7.0, < 4.17.19 | 4.17.19 |
Affected products
9- lodash/lodashdescription
- ghsa-coords8 versionspkg:gem/lodash-railspkg:npm/lodashpkg:npm/lodash-espkg:npm/lodash.pickpkg:npm/lodash.setpkg:npm/lodash.setwithpkg:npm/lodash.updatepkg:npm/lodash.updatewith
>= 3.7.0, < 4.17.19+ 7 more
- (no CPE)range: >= 3.7.0, < 4.17.19
- (no CPE)range: >= 3.7.0, < 4.17.19
- (no CPE)range: >= 3.7.0, < 4.17.20
- (no CPE)range: >= 4.0.0, <= 4.4.0
- (no CPE)range: >= 3.7.0, <= 4.3.2
- (no CPE)range: <= 4.3.2
- (no CPE)range: <= 4.10.2
- (no CPE)range: <= 4.10.2
Patches
Vulnerability mechanics
References
17- github.com/advisories/GHSA-p6mc-m468-83gwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-8203ghsaADVISORY
- github.com/github/advisory-database/pull/2884ghsaWEB
- github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12ghsaWEB
- github.com/lodash/lodash/issues/4744ghsaWEB
- github.com/lodash/lodash/issues/4874ghsax_refsource_MISCWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/lodash-rails/CVE-2020-8203.ymlghsaWEB
- hackerone.com/reports/712065ghsax_refsource_MISCWEB
- hackerone.com/reports/864701ghsaWEB
- security.netapp.com/advisory/ntap-20200724-0006ghsaWEB
- security.netapp.com/advisory/ntap-20200724-0006/mitrex_refsource_CONFIRM
- web.archive.org/web/20210914001339/https://github.com/lodash/lodash/issues/4744ghsaWEB
- www.oracle.com//security-alerts/cpujul2021.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpuApr2021.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpuapr2022.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpujan2022.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpuoct2021.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.