CVE-2020-28500
MEDIUMlodash < 4.17.21 - Regular Expression Denial of Service via toNumber trim and trimEnd
Title source: llmDescription
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
References (14)
Core 14
Core References
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-LODASH-1018905
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896
Broken Link x_refsource_misc
https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8
Patch, Third Party Advisory x_refsource_misc
https://github.com/lodash/lodash/pull/5065
Not Applicable, Third Party Advisory x_refsource_misc
https://www.oracle.com//security-alerts/cpujul2021.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210312-0006/
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2022.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2022.html
Patch, Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
Scores
CVSS v3
5.3
EPSS
0.0024
EPSS Percentile
47.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
Status
published
Products (43)
lodash/lodash
< 4.17.21
npm/lodash
4.0.0 - 4.17.21npm
npm/lodash-es
4.0.0 - 4.17.21npm
npm/lodash.trim
4.0.0npm
npm/lodash.trimend
4.0.0npm
oracle/banking_corporate_lending_process_management
14.2.0
oracle/banking_corporate_lending_process_management
14.3.0
oracle/banking_corporate_lending_process_management
14.5.0
oracle/banking_credit_facilities_process_management
14.2.0
oracle/banking_credit_facilities_process_management
14.3.0
... and 33 more
Published
Feb 15, 2021
Tracked Since
Feb 18, 2026