CVE-2019-1010266

State: PUBLISHED · Published: 2019-07-17 · Updated: 2024-08-05 · Assigner: dwf

Description

lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.

CWE

CWE-400 — CWE-400: Uncontrolled Resource Consumption

Affected

lodash / lodash — v=<4.17.11 [fixed: 4.7.11] [affected]

CVSS

(none)

References

https://snyk.io/vuln/SNYK-JS-LODASH-73639 x_refsource_MISC
https://github.com/lodash/lodash/issues/3359 x_refsource_MISC
https://github.com/lodash/lodash/wiki/Changelog x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20190919-0004/ x_refsource_CONFIRM

Source

cvelistV5-main/cves/2019/1010xxx/CVE-2019-1010266.json