mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
a87c8c972e
Committer: Bill Situ <Bill.Situ@.oracle.com> On branch cna/Oracle/CPU2022Jan3rd Changes to be committed: modified: 2013/6xxx/CVE-2013-6440.json modified: 2016/7xxx/CVE-2016-7103.json modified: 2017/5xxx/CVE-2017-5645.json modified: 2018/11xxx/CVE-2018-11771.json modified: 2018/1xxx/CVE-2018-1311.json modified: 2018/1xxx/CVE-2018-1324.json modified: 2019/10xxx/CVE-2019-10086.json modified: 2019/10xxx/CVE-2019-10219.json modified: 2019/11xxx/CVE-2019-11358.json modified: 2019/13xxx/CVE-2019-13734.json modified: 2019/17xxx/CVE-2019-17091.json modified: 2019/17xxx/CVE-2019-17195.json modified: 2019/17xxx/CVE-2019-17495.json modified: 2019/17xxx/CVE-2019-17566.json modified: 2020/10xxx/CVE-2020-10543.json modified: 2020/10xxx/CVE-2020-10683.json modified: 2020/10xxx/CVE-2020-10878.json modified: 2020/11xxx/CVE-2020-11022.json modified: 2020/11xxx/CVE-2020-11023.json modified: 2020/11xxx/CVE-2020-11979.json modified: 2020/11xxx/CVE-2020-11987.json modified: 2020/12xxx/CVE-2020-12723.json modified: 2020/13xxx/CVE-2020-13817.json modified: 2020/13xxx/CVE-2020-13934.json modified: 2020/13xxx/CVE-2020-13935.json modified: 2020/13xxx/CVE-2020-13936.json modified: 2020/13xxx/CVE-2020-13949.json modified: 2020/13xxx/CVE-2020-13956.json modified: 2020/14xxx/CVE-2020-14340.json modified: 2020/15xxx/CVE-2020-15824.json modified: 2020/17xxx/CVE-2020-17521.json modified: 2020/17xxx/CVE-2020-17527.json modified: 2020/17xxx/CVE-2020-17530.json modified: 2020/1xxx/CVE-2020-1945.json modified: 2020/1xxx/CVE-2020-1963.json modified: 2020/24xxx/CVE-2020-24616.json modified: 2020/24xxx/CVE-2020-24750.json modified: 2020/25xxx/CVE-2020-25649.json modified: 2020/26xxx/CVE-2020-26217.json modified: 2020/27xxx/CVE-2020-27216.json modified: 2020/27xxx/CVE-2020-27618.json modified: 2020/28xxx/CVE-2020-28052.json modified: 2020/28xxx/CVE-2020-28469.json modified: 2020/28xxx/CVE-2020-28500.json modified: 2020/29xxx/CVE-2020-29582.json modified: 2020/35xxx/CVE-2020-35490.json modified: 2020/35xxx/CVE-2020-35491.json modified: 2020/35xxx/CVE-2020-35728.json modified: 2020/36xxx/CVE-2020-36179.json modified: 2020/36xxx/CVE-2020-36180.json modified: 2020/36xxx/CVE-2020-36181.json modified: 2020/36xxx/CVE-2020-36182.json modified: 2020/36xxx/CVE-2020-36183.json modified: 2020/36xxx/CVE-2020-36184.json modified: 2020/36xxx/CVE-2020-36185.json modified: 2020/36xxx/CVE-2020-36186.json modified: 2020/36xxx/CVE-2020-36187.json modified: 2020/36xxx/CVE-2020-36188.json modified: 2020/36xxx/CVE-2020-36189.json modified: 2020/5xxx/CVE-2020-5258.json modified: 2020/5xxx/CVE-2020-5421.json modified: 2020/6xxx/CVE-2020-6950.json modified: 2020/7xxx/CVE-2020-7712.json modified: 2020/8xxx/CVE-2020-8177.json modified: 2020/8xxx/CVE-2020-8203.json modified: 2020/8xxx/CVE-2020-8284.json modified: 2020/8xxx/CVE-2020-8285.json modified: 2020/8xxx/CVE-2020-8554.json modified: 2020/8xxx/CVE-2020-8908.json modified: 2020/9xxx/CVE-2020-9281.json modified: 2020/9xxx/CVE-2020-9484.json modified: 2021/20xxx/CVE-2021-20718.json modified: 2021/21xxx/CVE-2021-21341.json modified: 2021/21xxx/CVE-2021-21342.json modified: 2021/21xxx/CVE-2021-21343.json modified: 2021/21xxx/CVE-2021-21344.json modified: 2021/21xxx/CVE-2021-21345.json modified: 2021/21xxx/CVE-2021-21346.json modified: 2021/21xxx/CVE-2021-21347.json modified: 2021/21xxx/CVE-2021-21348.json modified: 2021/21xxx/CVE-2021-21349.json modified: 2021/21xxx/CVE-2021-21350.json modified: 2021/21xxx/CVE-2021-21351.json modified: 2021/21xxx/CVE-2021-21409.json modified: 2021/21xxx/CVE-2021-21703.json modified: 2021/21xxx/CVE-2021-21705.json modified: 2021/21xxx/CVE-2021-21783.json modified: 2021/22xxx/CVE-2021-22118.json modified: 2021/22xxx/CVE-2021-22119.json modified: 2021/22xxx/CVE-2021-22298.json modified: 2021/22xxx/CVE-2021-22897.json modified: 2021/22xxx/CVE-2021-22898.json modified: 2021/22xxx/CVE-2021-22901.json modified: 2021/22xxx/CVE-2021-22924.json modified: 2021/22xxx/CVE-2021-22925.json modified: 2021/22xxx/CVE-2021-22926.json modified: 2021/22xxx/CVE-2021-22931.json modified: 2021/22xxx/CVE-2021-22939.json modified: 2021/22xxx/CVE-2021-22940.json modified: 2021/22xxx/CVE-2021-22946.json modified: 2021/22xxx/CVE-2021-22947.json modified: 2021/22xxx/CVE-2021-22959.json modified: 2021/22xxx/CVE-2021-22960.json modified: 2021/23xxx/CVE-2021-23017.json modified: 2021/23xxx/CVE-2021-23336.json modified: 2021/23xxx/CVE-2021-23337.json modified: 2021/23xxx/CVE-2021-23440.json modified: 2021/23xxx/CVE-2021-23840.json modified: 2021/25xxx/CVE-2021-25122.json modified: 2021/25xxx/CVE-2021-25329.json modified: 2021/26xxx/CVE-2021-26272.json modified: 2021/26xxx/CVE-2021-26691.json modified: 2021/27xxx/CVE-2021-27568.json modified: 2021/28xxx/CVE-2021-28163.json modified: 2021/28xxx/CVE-2021-28164.json modified: 2021/28xxx/CVE-2021-28165.json modified: 2021/28xxx/CVE-2021-28169.json modified: 2021/29xxx/CVE-2021-29425.json modified: 2021/29xxx/CVE-2021-29505.json modified: 2021/29xxx/CVE-2021-29921.json modified: 2021/29xxx/CVE-2021-29923.json modified: 2021/30xxx/CVE-2021-30639.json modified: 2021/30xxx/CVE-2021-30640.json modified: 2021/31xxx/CVE-2021-31684.json modified: 2021/31xxx/CVE-2021-31811.json modified: 2021/31xxx/CVE-2021-31812.json modified: 2021/32xxx/CVE-2021-32012.json modified: 2021/32xxx/CVE-2021-32013.json modified: 2021/32xxx/CVE-2021-32014.json modified: 2021/32xxx/CVE-2021-32723.json modified: 2021/32xxx/CVE-2021-32808.json modified: 2021/32xxx/CVE-2021-32809.json modified: 2021/32xxx/CVE-2021-32827.json modified: 2021/33xxx/CVE-2021-33037.json modified: 2021/33xxx/CVE-2021-33193.json modified: 2021/33xxx/CVE-2021-33560.json modified: 2021/33xxx/CVE-2021-33880.json modified: 2021/33xxx/CVE-2021-33909.json modified: 2021/34xxx/CVE-2021-34428.json modified: 2021/34xxx/CVE-2021-34429.json modified: 2021/34xxx/CVE-2021-34558.json modified: 2021/34xxx/CVE-2021-34798.json modified: 2021/35xxx/CVE-2021-35043.json modified: 2021/35xxx/CVE-2021-35515.json modified: 2021/35xxx/CVE-2021-35516.json modified: 2021/35xxx/CVE-2021-35517.json modified: 2021/36xxx/CVE-2021-36090.json modified: 2021/36xxx/CVE-2021-36160.json modified: 2021/36xxx/CVE-2021-36221.json modified: 2021/36xxx/CVE-2021-36373.json modified: 2021/36xxx/CVE-2021-36374.json modified: 2021/36xxx/CVE-2021-36690.json modified: 2021/37xxx/CVE-2021-37136.json modified: 2021/37xxx/CVE-2021-37137.json modified: 2021/37xxx/CVE-2021-37695.json modified: 2021/37xxx/CVE-2021-37714.json modified: 2021/38xxx/CVE-2021-38153.json modified: 2021/39xxx/CVE-2021-39139.json modified: 2021/39xxx/CVE-2021-39140.json modified: 2021/39xxx/CVE-2021-39141.json modified: 2021/39xxx/CVE-2021-39144.json modified: 2021/39xxx/CVE-2021-39145.json modified: 2021/39xxx/CVE-2021-39146.json modified: 2021/39xxx/CVE-2021-39147.json modified: 2021/39xxx/CVE-2021-39148.json modified: 2021/39xxx/CVE-2021-39149.json modified: 2021/39xxx/CVE-2021-39150.json modified: 2021/39xxx/CVE-2021-39151.json modified: 2021/39xxx/CVE-2021-39152.json modified: 2021/39xxx/CVE-2021-39153.json modified: 2021/39xxx/CVE-2021-39154.json modified: 2021/39xxx/CVE-2021-39275.json modified: 2021/3xxx/CVE-2021-3177.json modified: 2021/3xxx/CVE-2021-3326.json modified: 2021/3xxx/CVE-2021-3426.json modified: 2021/3xxx/CVE-2021-3448.json modified: 2021/3xxx/CVE-2021-3516.json modified: 2021/3xxx/CVE-2021-3517.json modified: 2021/3xxx/CVE-2021-3541.json modified: 2021/3xxx/CVE-2021-3634.json modified: 2021/3xxx/CVE-2021-3711.json modified: 2021/3xxx/CVE-2021-3712.json modified: 2021/40xxx/CVE-2021-40438.json modified: 2021/41xxx/CVE-2021-41164.json modified: 2021/41xxx/CVE-2021-41165.json modified: 2021/41xxx/CVE-2021-41355.json modified: 2021/41xxx/CVE-2021-41524.json modified: 2021/41xxx/CVE-2021-41773.json modified: 2021/42xxx/CVE-2021-42013.json modified: 2021/42xxx/CVE-2021-42340.json modified: 2021/42xxx/CVE-2021-42575.json modified: 2021/44xxx/CVE-2021-44224.json modified: 2021/44xxx/CVE-2021-44228.json modified: 2021/44xxx/CVE-2021-44790.json modified: 2021/44xxx/CVE-2021-44832.json modified: 2021/45xxx/CVE-2021-45046.json modified: 2021/45xxx/CVE-2021-45105.json modified: 2021/4xxx/CVE-2021-4104.json
139 lines
4.9 KiB
JSON
139 lines
4.9 KiB
JSON
{
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"data_version": "4.0",
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "report@snyk.io",
|
|
"DATE_PUBLIC": "2021-02-15T11:10:02.896752Z",
|
|
"ID": "CVE-2020-28500",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "Regular Expression Denial of Service (ReDoS)"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "n/a",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Lodash",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "versions prior to 4.17.21"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Regular Expression Denial of Service (ReDoS)"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905",
|
|
"name": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892",
|
|
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893",
|
|
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894",
|
|
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895",
|
|
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896",
|
|
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8",
|
|
"name": "https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://github.com/lodash/lodash/pull/5065",
|
|
"name": "https://github.com/lodash/lodash/pull/5065"
|
|
},
|
|
{
|
|
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
|
|
"refsource": "MISC",
|
|
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://security.netapp.com/advisory/ntap-20210312-0006/",
|
|
"url": "https://security.netapp.com/advisory/ntap-20210312-0006/"
|
|
},
|
|
{
|
|
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
|
|
"refsource": "MISC",
|
|
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
|
|
},
|
|
{
|
|
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions."
|
|
}
|
|
]
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P",
|
|
"baseScore": 5.3,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "LOW"
|
|
}
|
|
},
|
|
"credit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Liyuan Chen"
|
|
}
|
|
]
|
|
} |