RobertMickleCx / NodeGoat

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
https://www.owasp.org/index.php/Projects/OWASP_Node_js_Goat_Project
Apache License 2.0
1 stars 0 forks source link

CVE-2020-28500 @ Npm-lodash-4.17.11 #392

Open RobertMickleCx opened 1 year ago

RobertMickleCx commented 1 year ago

Vulnerable Package issue exists @ Npm-lodash-4.17.11 in branch master

Lodash before 4.17.21 is vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

Namespace: RobertMickleCx Repository: NodeGoat Repository Url: https://github.com/RobertMickleCx/NodeGoat CxAST-Project: RobertMickleCx/NodeGoat CxAST platform scan: e7941f4d-fb14-4e6e-9cdc-c12dbbe3cdc7 Branch: master Application: NodeGoat Severity: MEDIUM State: NOT_IGNORED Status: RECURRENT CWE: CWE-400


Additional Info Attack vector: NETWORK Attack complexity: LOW Confidentiality impact: NONE Availability impact: LOW


References Advisory Pull request Commit