Release | Version |
---|---|
buster | 4.17.11+dfsg-2+deb10u1 |
bullseye | 4.17.21+dfsg+~cs8.31.173-1 |
bookworm | 4.17.21+dfsg+~cs8.31.198.20210220-9 |
trixie | 4.17.21+dfsg+~cs8.31.198.20210220-9 |
sid | 4.17.21+dfsg+~cs8.31.198.20210220-9 |
Bug | buster | bullseye | bookworm | trixie | sid | Description |
---|---|---|---|---|---|---|
CVE-2021-23337 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | Lodash versions prior to 4.17.21 are vulnerable to Command Injection v ... |
CVE-2020-28500 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | Lodash versions prior to 4.17.21 are vulnerable to Regular Expression ... |
CVE-2020-8203 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | Prototype pollution attack when using _.zipObjectDeep in lodash before ... |
Bug | Description |
---|---|
CVE-2019-1010266 | lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource ... |
CVE-2019-10744 | Versions of lodash lower than 4.17.12 are vulnerable to Prototype Poll ... |
CVE-2018-16487 | A prototype pollution vulnerability was found in lodash <4.17.11 where ... |
CVE-2018-3721 | lodash node module before 4.17.5 suffers from a Modification of Assume ... |