CVE-2020-8203: Allocation of Resources Without Limits or Throttling
(updated )
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
References
- github.com/advisories/GHSA-p6mc-m468-83gw
- github.com/github/advisory-database/pull/2884
- github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12
- github.com/lodash/lodash/issues/4744
- github.com/lodash/lodash/issues/4874
- github.com/lodash/lodash/wiki/Changelog
- hackerone.com/reports/712065
- hackerone.com/reports/864701
- nvd.nist.gov/vuln/detail/CVE-2020-8203
- security.netapp.com/advisory/ntap-20200724-0006/
- web.archive.org/web/20210914001339/https://github.com/lodash/lodash/issues/4744
Code Behaviors & Features
Detect and mitigate CVE-2020-8203 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →