CVE-2020-8203
15.07.2020, 17:15
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
| Vendor | Product | Version |
|---|---|---|
| lodash | lodash | 𝑥 < 4.17.20 |
| oracle | banking_corporate_lending_process_management | 14.2.0 |
| oracle | banking_corporate_lending_process_management | 14.3.0 |
| oracle | banking_corporate_lending_process_management | 14.5.0 |
| oracle | banking_credit_facilities_process_management | 14.2.0 |
| oracle | banking_credit_facilities_process_management | 14.3.0 |
| oracle | banking_credit_facilities_process_management | 14.5.0 |
| oracle | banking_extensibility_workbench | 14.2.0 |
| oracle | banking_extensibility_workbench | 14.3.0 |
| oracle | banking_extensibility_workbench | 14.5.0 |
| oracle | banking_liquidity_management | 14.2.0 |
| oracle | banking_liquidity_management | 14.3.0 |
| oracle | banking_liquidity_management | 14.5.0 |
| oracle | banking_supply_chain_finance | 14.2.0 |
| oracle | banking_supply_chain_finance | 14.3.0 |
| oracle | banking_supply_chain_finance | 14.5.0 |
| oracle | banking_trade_finance_process_management | 14.2.0 |
| oracle | banking_trade_finance_process_management | 14.3.0 |
| oracle | banking_trade_finance_process_management | 14.5.0 |
| oracle | banking_virtual_account_management | 14.2.0 |
| oracle | banking_virtual_account_management | 14.3.0 |
| oracle | banking_virtual_account_management | 14.5.0 |
| oracle | blockchain_platform | 𝑥 < 21.1.2 |
| oracle | communications_billing_and_revenue_management | 7.5.0.23.0 |
| oracle | communications_billing_and_revenue_management | 12.0.0.3.0 |
| oracle | communications_cloud_native_core_policy | 1.11.0 |
| oracle | communications_session_border_controller | 8.4 |
| oracle | communications_session_border_controller | 9.0 |
| oracle | enterprise_communications_broker | 3.2.0 |
| oracle | enterprise_communications_broker | 3.3.0 |
| oracle | jd_edwards_enterpriseone_tools | 𝑥 ≤ 9.2.6.0 |
| oracle | peoplesoft_enterprise_peopletools | 8.58 |
| oracle | peoplesoft_enterprise_peopletools | 8.59 |
| oracle | primavera_gateway | 17.12.0 ≤ 𝑥 ≤ 17.12.11 |
| oracle | primavera_gateway | 18.8.0 ≤ 𝑥 ≤ 18.8.12 |
| oracle | primavera_gateway | 19.12.0 ≤ 𝑥 ≤ 19.12.11 |
| oracle | primavera_gateway | 20.12.0 ≤ 𝑥 ≤ 20.12.7 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
- CWE-770 - Allocation of Resources Without Limits or ThrottlingThe software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
References