CX: CVE-2020-8203 in Npm-lodash and 1.0.2 @ JavaVulnerableLab.master

**Description**

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

**HIGH Vulnerable Package** issue exists @ **lodash** in branch **master**

**Vulnerability ID:** CVE-2020-8203

**Package Name:** lodash

**Severity:** HIGH

**CVSS Score:** 7.4

**Publish Date:** 2020-07-15T17:15:00

**Current Package Version:** 1.0.2

**Remediation Upgrade Recommendation:** 4.17.21

[Link To SCA](https://sca.checkmarx.net/#/projects/d4f2d825-1fb5-49e7-ad6d-fd24d7e6ccd2/reports/2765eccf-f943-43c0-9650-1b1a2e5dbecc/vulnerabilities/CVE-2020-8203%3ANpm-lodash-1.0.2/vulnerabilityDetailsGql)

[Reference – NVD link](https://nvd.nist.gov/vuln/detail/CVE-2020-8203)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CX: CVE-2020-8203 in Npm-lodash and 1.0.2 @ JavaVulnerableLab.master #172

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CX: CVE-2020-8203 in Npm-lodash and 1.0.2 @ JavaVulnerableLab.master #172

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions