CVE-2020-8203 @ Npm-lodash-4.17.11

**Vulnerable Package** issue exists @ **Npm\-lodash\-4\.17\.11** in branch **main**

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

**Namespace:** James-AST
**Repository:** msft
**Repository Url:** https://github.com/James-AST/msft
**CxAST\-Project:** James-AST/msft
**CxAST platform scan:** [d217bf9e\-499c\-4ae8\-a115\-08b6cd62b182](https://ast.checkmarx.net/projects/fada48c7-0c49-472a-994a-763d8a847895/scans?id=d217bf9e-499c-4ae8-a115-08b6cd62b182&branch=main)
**Branch:** main
**Application:** msft
**Severity:** HIGH
**State:** NOT_IGNORED
**Status:** RECURRENT
**CWE:** CWE-1321


----
**Addition Info**
**Attack vector:** NETWORK
**Attack complexity:** HIGH
**Confidentiality impact:** NONE
**Availability impact:** HIGH
**Remediation Upgrade Recommendation:** 4.17.21


----
**References**
[Advisory](https://github.com/advisories/GHSA-p6mc-m468-83gw)
[Pull request](https://github.com/lodash/lodash/pull/4759)
[Commit](https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12)
[Disclosure](https://hackerone.com/reports/712065)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2020-8203 @ Npm-lodash-4.17.11 #50

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2020-8203 @ Npm-lodash-4.17.11 #50

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions