This repository was archived by the owner on Aug 17, 2021. It is now read-only.
Description WS-2020-0070 - High Severity Vulnerability
lodash-3.10.1.tgz , lodash-2.4.2.tgz , lodash-4.17.15.tgz
lodash-3.10.1.tgz
The modern build of lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz
Path to dependency file: /tmp/ws-scm/angular-recaptcha/package.json
Path to vulnerable library: /tmp/ws-scm/angular-recaptcha/node_modules/karma/node_modules/lodash/package.json
Dependency Hierarchy:
karma-1.7.1.tgz (Root Library)
❌ lodash-3.10.1.tgz (Vulnerable Library)
lodash-2.4.2.tgz
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: /tmp/ws-scm/angular-recaptcha/package.json
Path to vulnerable library: /tmp/ws-scm/angular-recaptcha/node_modules/ibrik/node_modules/lodash/package.json
Dependency Hierarchy:
grunt-karma-coveralls-2.5.4.tgz (Root Library)
karma-coverage-0.2.7.tgz
ibrik-2.0.0.tgz
❌ lodash-2.4.2.tgz (Vulnerable Library)
lodash-4.17.15.tgz
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Path to dependency file: /tmp/ws-scm/angular-recaptcha/package.json
Path to vulnerable library: /tmp/ws-scm/angular-recaptcha/node_modules/lodash/package.json
Dependency Hierarchy:
karma-coverage-1.1.2.tgz (Root Library)
❌ lodash-4.17.15.tgz (Vulnerable Library)
Found in HEAD commit: d0c7317c1908251604c4e710c797fdf348d2bc46
a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype
Publish Date: 2020-04-28
URL: WS-2020-0070
8.1 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: None
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High
For more information on CVSS3 Scores, click here .
Reactions are currently unavailable
WS-2020-0070 - High Severity Vulnerability
lodash-3.10.1.tgz
The modern build of lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz
Path to dependency file: /tmp/ws-scm/angular-recaptcha/package.json
Path to vulnerable library: /tmp/ws-scm/angular-recaptcha/node_modules/karma/node_modules/lodash/package.json
Dependency Hierarchy:
lodash-2.4.2.tgz
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: /tmp/ws-scm/angular-recaptcha/package.json
Path to vulnerable library: /tmp/ws-scm/angular-recaptcha/node_modules/ibrik/node_modules/lodash/package.json
Dependency Hierarchy:
lodash-4.17.15.tgz
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Path to dependency file: /tmp/ws-scm/angular-recaptcha/package.json
Path to vulnerable library: /tmp/ws-scm/angular-recaptcha/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: d0c7317c1908251604c4e710c797fdf348d2bc46
a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype
Publish Date: 2020-04-28
URL: WS-2020-0070
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.