Regular Expression Denial of Service (ReDoS) in lodash (GHSA-29mw-wpgm-hmr9) 2
- Severity:
- Medium
Description
All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Recommendation
No fix is available yet. Followings are affected versions:
- >= 4.0.0, <= 4.5.1
References
- GHSA-29mw-wpgm-hmr9
- snyk.io
- www.oracle.com
- cert-portal.siemens.com
- security.netapp.com
- CVE-2020-28500
- CWE-1333
- CWE-400
- CAPEC-310
- OWASP 2021-A6
Related Issues
- Regular Expression Denial of Service (ReDoS) in lodash (GHSA-29mw-wpgm-hmr9) - CVE-2020-28500
- Regular Expression Denial of Service (ReDoS) in lodash (GHSA-29mw-wpgm-hmr9) 3 - CVE-2020-28500
- Regular Expression Denial of Service (ReDoS) in lodash - CVE-2020-28500
- Regular Expression Denial of Service (ReDoS) in lodash (GHSA-x5rq-j2xg-h7qm) - CVE-2019-1010266
- Tags:
- npm
- lodash.trim
Anything's wrong? Let us know Last updated on September 29, 2025