You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Regular Expression Denial of Service (ReDoS) in lodash
Moderate severity
GitHub Reviewed
Published
Jan 6, 2022
to the GitHub Advisory Database
•
Updated Nov 1, 2023
All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Steps to reproduce (provided by reporter Liyuan Chen):
All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the
toNumber
,trim
andtrimEnd
functions.Steps to reproduce (provided by reporter Liyuan Chen):
References