| Release | Version |
|---|---|
| bullseye | 4.17.21+dfsg+~cs8.31.173-1 |
| bookworm | 4.17.21+dfsg+~cs8.31.198.20210220-9 |
| trixie | 4.17.21+dfsg+~cs8.31.198.20210220-9 |
| forky | 4.18.1+dfsg-1 |
| sid | 4.18.1+dfsg-2 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2026-4800 | vulnerable | vulnerable | vulnerable | fixed | fixed | Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHS ... |
| CVE-2026-2950 | vulnerable | vulnerable | vulnerable | fixed | fixed | Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototy ... |
| CVE-2025-13465 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype poll ... |
| Bug | Description |
|---|---|
| CVE-2021-23337 | Lodash versions prior to 4.17.21 are vulnerable to Command Injection v ... |
| CVE-2020-28500 | Lodash versions prior to 4.17.21 are vulnerable to Regular Expression ... |
| CVE-2020-8203 | Prototype pollution attack when using _.zipObjectDeep in lodash before ... |
| CVE-2019-1010266 | lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource ... |
| CVE-2019-10744 | Versions of lodash lower than 4.17.12 are vulnerable to Prototype Poll ... |
| CVE-2018-16487 | A prototype pollution vulnerability was found in lodash <4.17.11 where ... |
| CVE-2018-3721 | lodash node module before 4.17.5 suffers from a Modification of Assume ... |