| Release | Version |
|---|---|
| buster | 4.17.11+dfsg-2+deb10u1 |
| bullseye | 4.17.21+dfsg+~cs8.31.173-1 |
| bookworm | 4.17.21+dfsg+~cs8.31.198.20210220-9 |
| trixie | 4.17.21+dfsg+~cs8.31.198.20210220-9 |
| sid | 4.17.21+dfsg+~cs8.31.198.20210220-9 |
| Bug | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2021-23337 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | Lodash versions prior to 4.17.21 are vulnerable to Command Injection v ... |
| CVE-2020-28500 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | Lodash versions prior to 4.17.21 are vulnerable to Regular Expression ... |
| CVE-2020-8203 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | Prototype pollution attack when using _.zipObjectDeep in lodash before ... |
| Bug | Description |
|---|---|
| CVE-2019-1010266 | lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource ... |
| CVE-2019-10744 | Versions of lodash lower than 4.17.12 are vulnerable to Prototype Poll ... |
| CVE-2018-16487 | A prototype pollution vulnerability was found in lodash <4.17.11 where ... |
| CVE-2018-3721 | lodash node module before 4.17.5 suffers from a Modification of Assume ... |