[rwth-security] Unpatched Prototype Pollution Flaw Affects All Versions of Popular Lodash Library

9 Jul 2019


      Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] FYI
"Unpatched Prototype Pollution Flaw Affects All Versions of Popular Lodash Library"
"...  a popular npm library used by more than 4 million projects on GitHub alone,
     is affected by a high severity security vulnerability that could allow attackers
     to compromise the security of affected services using the library and their
     respective user base ..."
--> affects all versions of lodash, including the latest version 4.17.11.
VG
Bernd
[0]
https://thehackernews.com/2019/07/lodash-prototype-pollution.html
-- 

Bernd Kohler

IT Center
Abteilung: Netze
RWTH Aachen University
Wendlingweg 10
52074 Aachen
Tel: +49 241 80-29793
Fax: +49 241 80-22666
kohler@itc.rwth-aachen.de
https://www.itc.rwth-aachen.de

2024

2023

2022

2021

2020

2019

2018

[rwth-security] Unpatched Prototype Pollution Flaw Affects All Versions of Popular Lodash Library