| Component Details | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Type | npm | ||||||||||||||||||
| Namespace | @types | ||||||||||||||||||
| Name | lodash | ||||||||||||||||||
| Version | 4.14.172 | ||||||||||||||||||
| Package URL | pkg:npm/%40types/lodash@4.14.172 | ||||||||||||||||||
| Vulnerability Details | |||||||||||||||||||
| Raitings |
|
||||||||||||||||||
| Description | lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11. | ||||||||||||||||||
| Recommendation | state: fixed fix versions: 4.17.11 | ||||||||||||||||||
| References | GHSA-x5rq-j2xg-h7qm | ||||||||||||||||||
| Found By | Anchore Grype | ||||||||||||||||||
| Urls | |||||||||||||||||||