漏洞信息详情
lodash 安全漏洞
- CNNVD编号:CNNVD-202102-1168 <!--
- 危害等级: 中危-->
- 危害等级: 中危
- CVE编号: CVE-2020-28500
- 漏洞类型: 其他
- 发布时间: 2021-02-15
- 威胁类型: 远程
- 更新时间: 2021-10-21
- 厂 商:
- 漏洞来源: Red Hat
-
漏洞简介
lodash是一款开源的JavaScript实用程序库。
lodash 存在安全漏洞,该漏洞源于容易受到正则表达式拒绝服务(ReDoS)的攻击。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://github.com/lodash/lodash/pull/5065
参考网址
来源:CONFIRM
链接:https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8
来源:CONFIRM
链接:https://snyk.io/vuln/SNYK-JS-LODASH-1018905
来源:CONFIRM
链接:https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895
来源:CONFIRM
链接:https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896
来源:N/A
链接:https://www.oracle.com//security-alerts/cpujul2021.html
来源:CONFIRM
链接:https://github.com/lodash/lodash/pull/5065
来源:CONFIRM
链接:https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893
来源:CONFIRM
链接:https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892
来源:MISC
链接:https://www.oracle.com/security-alerts/cpuoct2021.html
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20210312-0006/
来源:CONFIRM
链接:https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-node-js-3/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2657
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1225
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162901/Red-Hat-Security-Advisory-2021-2179-01.html
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-multiple-vulnerabilities-5/
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6486341
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163747/Red-Hat-Security-Advisory-2021-3016-01.html
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-lodash-module-affects-ibm-cloud-automation-manager-2/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-ibm-app-connect-enterprise-v11-are-affected-by-vulnerabilities-in-node-js-cve-2020-28500/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164090/Red-Hat-Security-Advisory-2021-3459-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1871
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3036
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021090922
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163276/Red-Hat-Security-Advisory-2021-2543-01.html
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6483681
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162151/Red-Hat-Security-Advisory-2021-1168-01.html
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021062702
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2020-28500
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2232
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163690/Red-Hat-Security-Advisory-2021-2438-01.html
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-in-node-js-lodash-module-affects-ibm-cloud-pak-for-multicloud-management-managed-service/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-potential-vulnerability-with-node-js-lodash-module-2/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2555
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/lodash-denial-of-service-via-toNumber-trim-36225
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-node-js-lodash-vulnerability-cve-2020-28500/
受影响实体
暂无
补丁
- lodash 安全漏洞的修复措施<!--2021-2-15-->
还没有评论,来说两句吧...