Description
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.
Remediation
References
Related Vulnerabilities
Oracle Application Server Other Vulnerability (CVE-2002-0386)
Drupal Core 4.6.x Multiple Cross-Site Scripting Vulnerabilities (4.6.0 - 4.6.9)
WordPress Plugin TinyMCE Custom Styles Cross-Site Scripting (1.1.2)
WordPress Plugin iFrame Admin Pages 'url' Parameter Cross-Site Scripting (0.1)
WordPress Plugin Social Share Button Cross-Site Scripting (2.1)