Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Ubuntu 26.04 LTS Lodash Critical Prototype Pollution Vuln USN-8411-1

ubuntu
Calendar Grey June 9, 2026
Dist Ubuntu Esm H88
Security issues in Lodash fixed for multiple Ubuntu releases, requiring updates for protection against potential exploits.
Several security issues were fixed in Lodash.

Summary

Several security issues were fixed in Lodash.

Software Description:

- node-lodash: A modern JavaScript utility library delivering modularity, performance, & extras

Details:

It was discovered that Lodash was vulnerable to a prototype pollution

issue in the zipObjectDeep function. An attacker could possibly use this

issue to modify application behavior. This issue only affected Ubuntu

18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-8203)

Liyuan Chen discovered that Lodash was vulnerable to a regular

expression denial of service issue in the toNumber, trim, and trimEnd

functions. An attacker could possibly use this issue to consume

excessive system resources, resulting in a denial of service. This issue

only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-28500)

Marc Hassan discovered that Lodash did not properly sanitize input to

the template function. An attacker could possibly use this issue to

inject and execute arbitrary commands. This issue only affected Ubuntu

16.04 LT...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  libjs-lodash                    4.17.23+dfsg-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  node-lodash                     4.17.23+dfsg-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  node-lodash-packages            4.17.23+dfsg-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 25.10
  libjs-lodash                    4.17.21+dfsg+~cs8.31.198.20210220-9ubuntu0.25.10.1
  node-lodash                     4.17.21+dfsg+~cs8.31.198.20210220-9ubuntu0.25.10.1
  node-lodash-packages            4.17.21+dfsg+~cs8.31.198.20210220-9ubuntu0.25.10.1

Ubuntu 24.04 LTS
  libjs-lodash                    4.17.21+dfsg+~cs8.31.198.20210220-9ubuntu0.24.04.1~esm1
                                  Available with Ubuntu Pro
  node-lodash                     4.17.21+dfsg+~cs8.31.198.20210220-9ubuntu0.24.04.1~esm1
                                  Available with Ubuntu Pro
  node-lodash-packages            4.17.21+dfsg+~cs8.31.198.20210220-9ubuntu0.24.04.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  libjs-lodash                    4.17.21+dfsg+~cs8.31.198.20210220-5ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  node-lodash                     4.17.21+dfsg+~cs8.31.198.20210220-5ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  node-lodash-packages            4.17.21+dfsg+~cs8.31.198.20210220-5ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  libjs-lodash                    4.17.15+dfsg-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  node-lodash                     4.17.15+dfsg-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  node-lodash-packages            4.17.15+dfsg-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libjs-lodash                    4.17.4+dfsg-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  node-lodash                     4.17.4+dfsg-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libjs-lodash                    2.4.1+dfsg-3ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  node-lodash                     2.4.1+dfsg-3ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8411-1

CVE-2020-28500, CVE-2020-8203, CVE-2021-23337, CVE-2025-13465,

CVE-2026-2950, CVE-2026-4800

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8411-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here