3 CVEs categorized as CWE-Other — Uncategorized in Lodash.
CVE-2021-23337HIGH2021
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
CVE-2020-28500MEDIUM2020
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
CVE-2019-10744—2019
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.