CVE-2019-1010266

Regular Expression Denial of Service (ReDoS) in lodash

Description

lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.7.11.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

6.5

Severity

Medium

Ecosystem

JavaScript

Publish Date

July 19, 2019

Modified Date

March 13, 2026

Score Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Versions