lodash-rails (RubyGems) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the RubyGems package lodash-rails, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2019-10744 — CVSS 9.1 (critical): Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or…
CVE-2021-23337 — CVSS 7.2 (high): Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
CVE-2018-3721 — CVSS 6.5 (medium): lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and…
CVE-2019-1010266 — CVSS 6.5 (medium): lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is…
CVE-2018-16487 — CVSS 5.6 (medium): A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into…
CVE-2020-28500 — CVSS 5.3 (medium): Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd…