You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Mend Note: After conducting further research, Mend has determined that CVE-2020-28500 only affects environments with versions 4.0.0 to 4.17.20 of Lodash.
mend-bolt-for-githubbot
changed the title
CVE-2020-28500 (Medium) detected in lodash-4.17.20.tgz, lodash-4.17.15.tgz
CVE-2020-28500 (Medium) detected in lodash-4.17.20.js
Jul 6, 2021
mend-bolt-for-githubbot
changed the title
CVE-2020-28500 (Medium) detected in lodash-4.17.20.js
CVE-2020-28500 (Medium) detected in lodash-4.17.20.tgz
Sep 9, 2021
CVE-2020-28500 - Medium Severity Vulnerability
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy:
Found in HEAD commit: df8abeb8e49f7a19502084e835c603107b21e7a3
Found in base branch: master
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Mend Note: After conducting further research, Mend has determined that CVE-2020-28500 only affects environments with versions 4.0.0 to 4.17.20 of Lodash.
Publish Date: 2021-02-15
URL: CVE-2020-28500
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500
Release Date: 2021-02-15
Fix Resolution: lodash - 4.17.21
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: