Details
-
Type:
Bug
-
Status: Done (View Workflow)
-
Priority:
Low
-
Resolution: Complete
-
Affects Version/s: 12.0-U2.1
-
Fix Version/s: SCALE-21.04-ALPHA.1, 12.0-U3
-
Labels:
-
Impact:Low
Description
Current Netsparker scan shows Critial out of date version of Lodash in current version of TrueNAS
Netsparker Enterprise identified that the target web site is using Lodash and detected that it is out of date.
Impact
Since this is an old version of the software, it may be vulnerable to attacks.
Lodash Prototype Pollution
Affected versions of this package are vulnerable to Prototype Pollution in zipObjectDeep due to an incomplete fix for CVE-2020- 8203. https://snyk.io/vuln/SNYK-JS-LODASH-590103
Affected Versions
0.1.0
External References
-
Exploits
lodash Allocation of Resources Without Limits or Throttling Vulnerability
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
Affected Versions
4.17.9
External References
CVE-2020-8203