CVE-2020-8203
published 2020-07-15CVE-2020-8203: Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
high7.4CVSS 3.1
AVNACHPRNUINSUCNIHAH
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
Affected
45 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | node-lodash | < node-lodash 4.17.19+dfsg-1 (bookworm) | node-lodash 4.17.19+dfsg-1 (bookworm) |
| lodash | lodash | < 4.17.20 | 4.17.20 |
| lodash | lodash | — | — |
| lodash | lodash | >= 3.7.0 < 4.17.19 | 4.17.19 |
| oracle | banking_corporate_lending_process_management | — | — |
| oracle | banking_corporate_lending_process_management | — | — |
| oracle | banking_corporate_lending_process_management | — | — |
| oracle | banking_credit_facilities_process_management | — | — |
| oracle | banking_credit_facilities_process_management | — | — |
| oracle | banking_credit_facilities_process_management | — | — |
| oracle | banking_extensibility_workbench | — | — |
| oracle | banking_extensibility_workbench | — | — |
| oracle | banking_extensibility_workbench | — | — |
| oracle | banking_liquidity_management | — | — |
| oracle | banking_liquidity_management | — | — |
| oracle | banking_liquidity_management | — | — |
| oracle | banking_supply_chain_finance | — | — |
| oracle | banking_supply_chain_finance | — | — |
| oracle | banking_supply_chain_finance | — | — |
| oracle | banking_trade_finance_process_management | — | — |
| oracle | banking_trade_finance_process_management | — | — |
| oracle | banking_trade_finance_process_management | — | — |
| oracle | banking_virtual_account_management | — | — |
| oracle | banking_virtual_account_management | — | — |
| oracle | banking_virtual_account_management | — | — |
CVSS provenance
nvdv3.17.4HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
osv7.4HIGH