Uploaded image for project: 'TrueNAS'
  1. TrueNAS
  2. NAS-109598

Vulenribilty found in Web UI

    XMLWordPrintable

Details

    • Low

    Description

      Current Netsparker scan shows Critial out of date version of Lodash in current version of TrueNAS

      Netsparker Enterprise identified that the target web site is using Lodash and detected that it is out of date.

      Impact

      Since this is an old version of the software, it may be vulnerable to attacks.

      Lodash Prototype Pollution

      Affected versions of this package are vulnerable to Prototype Pollution in zipObjectDeep due to an incomplete fix for CVE-2020- 8203. https://snyk.io/vuln/SNYK-JS-LODASH-590103 

      Affected Versions

      0.1.0

      External References

      -

      Exploits
      lodash Allocation of Resources Without Limits or Throttling Vulnerability

      Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

      Affected Versions

      4.17.9

      External References

      CVE-2020-8203

      Attachments

        Attachments

          JEditor

            Activity

              People

                dbutenko Denys Butenko
                pwerba Peter Werba
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: