Several security issues were fixed in Lodash.
Software Description:
- node-lodash: A modern JavaScript utility library delivering modularity, performance, & extras
Details:
It was discovered that Lodash was vulnerable to a prototype pollution
issue in the zipObjectDeep function. An attacker could possibly use this
issue to modify application behavior. This issue only affected Ubuntu
18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-8203)
Liyuan Chen discovered that Lodash was vulnerable to a regular
expression denial of service issue in the toNumber, trim, and trimEnd
functions. An attacker could possibly use this issue to consume
excessive system resources, resulting in a denial of service. This issue
only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-28500)
Marc Hassan discovered that Lodash did not properly sanitize input to
the template function. An attacker could possibly use this issue to
inject and execute arbitrary commands. This issue only affected Ubuntu
16.04 LT...
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
libjs-lodash 4.17.23+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
node-lodash 4.17.23+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
node-lodash-packages 4.17.23+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 25.10
libjs-lodash 4.17.21+dfsg+~cs8.31.198.20210220-9ubuntu0.25.10.1
node-lodash 4.17.21+dfsg+~cs8.31.198.20210220-9ubuntu0.25.10.1
node-lodash-packages 4.17.21+dfsg+~cs8.31.198.20210220-9ubuntu0.25.10.1
Ubuntu 24.04 LTS
libjs-lodash 4.17.21+dfsg+~cs8.31.198.20210220-9ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
node-lodash 4.17.21+dfsg+~cs8.31.198.20210220-9ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
node-lodash-packages 4.17.21+dfsg+~cs8.31.198.20210220-9ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libjs-lodash 4.17.21+dfsg+~cs8.31.198.20210220-5ubuntu0.1~esm1
Available with Ubuntu Pro
node-lodash 4.17.21+dfsg+~cs8.31.198.20210220-5ubuntu0.1~esm1
Available with Ubuntu Pro
node-lodash-packages 4.17.21+dfsg+~cs8.31.198.20210220-5ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libjs-lodash 4.17.15+dfsg-2ubuntu0.1~esm1
Available with Ubuntu Pro
node-lodash 4.17.15+dfsg-2ubuntu0.1~esm1
Available with Ubuntu Pro
node-lodash-packages 4.17.15+dfsg-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libjs-lodash 4.17.4+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
node-lodash 4.17.4+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libjs-lodash 2.4.1+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
node-lodash 2.4.1+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-8411-1
CVE-2020-28500, CVE-2020-8203, CVE-2021-23337, CVE-2025-13465,
CVE-2026-2950, CVE-2026-4800
Get the latest Linux and open source security news straight to your inbox.