Seal Security

CVE-2019-1010266

Regular Expression Denial of Service (ReDoS) in lodash

lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.7.11.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading

Vulnerability Details

Score

Score Vector

Affected Versions

lodash < 4.17.11; lodash-es < 4.17.11; lodash-amd < 4.17.11; lodash-rails < 4.17.11

Severity

Ecosystem

Publish Date

July 19, 2019

Modified Date

August 12, 2025