Uploaded image for project: 'TrueNAS'
  1. TrueNAS
  2. NAS-109598

Vulenribilty found in Web UI

    XMLWordPrintable

    Details

    • Impact:
      Low

      Description

      Current Netsparker scan shows Critial out of date version of Lodash in current version of TrueNAS

      Netsparker Enterprise identified that the target web site is using Lodash and detected that it is out of date.

      Impact

      Since this is an old version of the software, it may be vulnerable to attacks.

      Lodash Prototype Pollution

      Affected versions of this package are vulnerable to Prototype Pollution in zipObjectDeep due to an incomplete fix for CVE-2020- 8203. https://snyk.io/vuln/SNYK-JS-LODASH-590103 

      Affected Versions

      0.1.0

      External References

      -

      Exploits
      lodash Allocation of Resources Without Limits or Throttling Vulnerability

      Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

      Affected Versions

      4.17.9

      External References

      CVE-2020-8203

        Attachments

          Attachments

            JEditor

              Activity

                People

                Assignee:
                dbutenko Denys Butenko
                Reporter:
                pwerba Peter Werba
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: