CVE-2020-28500
📊 5.3 MEDIUM⚡ 0.1%🎯 1 exploits
📅 Published Feb 15, 2021
📋 Status: Modified
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
CVSS v3.1 • [email protected]
🎯 Affected Products & Systems
42 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | lodash | lodash | < 4.17.21 Target SW: node.js | Vulnerable | cpe:2.3:a:lodash:lodash:*:*:*:*:*:node.js:*:* |
📱App | oracle | banking corporate lending process management | 14.2.0 | Vulnerable | cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:* |
📱App | oracle | banking corporate lending process management | 14.3.0 | Vulnerable | cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:* |
📱App | oracle | banking corporate lending process management | 14.5.0 | Vulnerable | cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:* |
📱App | oracle | banking credit facilities process management | 14.2.0 | Vulnerable | cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:* |
📱App | oracle | banking credit facilities process management | 14.3.0 | Vulnerable | cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:* |
📱App | oracle | banking credit facilities process management | 14.5.0 | Vulnerable | cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:* |
📱App | oracle | banking extensibility workbench | 14.2.0 | Vulnerable | cpe:2.3:a:oracle:banking_extensibility_workbench:14.2.0:*:*:*:*:*:*:* |
📱App | oracle | banking extensibility workbench | 14.3.0 | Vulnerable | cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:* |
📱App | oracle | banking extensibility workbench | 14.5.0 | Vulnerable | cpe:2.3:a:oracle:banking_extensibility_workbench:14.5.0:*:*:*:*:*:*:* |
📱App | oracle | banking supply chain finance | 14.2.0 | Vulnerable | cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:* |
📱App | oracle | banking supply chain finance | 14.3.0 | Vulnerable | cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:* |
📱App | oracle | banking supply chain finance | 14.5.0 | Vulnerable | cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:* |
📱App | oracle | banking trade finance process management | 14.2.0 | Vulnerable | cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2.0:*:*:*:*:*:*:* |
📱App | oracle | banking trade finance process management | 14.3.0 | Vulnerable | cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3.0:*:*:*:*:*:*:* |
📱App | oracle | banking trade finance process management | 14.5.0 | Vulnerable | cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:* |
📱App | oracle | communications cloud native core policy | 1.11.0 | Vulnerable | cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:* |
📱App | oracle | communications design studio | 7.4.2 | Vulnerable | cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:* |
📱App | oracle | communications services gatekeeper | 7.0 | Vulnerable | cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* |
📱App | oracle | communications session border controller | 8.4 | Vulnerable | cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:* |
📱App | oracle | communications session border controller | 9.0 | Vulnerable | cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:* |
📱App | oracle | enterprise communications broker | 3.2.0 | Vulnerable | cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:* |
📱App | oracle | enterprise communications broker | 3.3.0 | Vulnerable | cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:* |
📱App | oracle | financial services crime and compliance management studio | 8.0.8.2.0 | Vulnerable | cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:* |
📱App | oracle | financial services crime and compliance management studio | 8.0.8.3.0 | Vulnerable | cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:* |
📱App | oracle | health sciences data management workbench | 2.5.2.1 | Vulnerable | cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:* |
📱App | oracle | health sciences data management workbench | 3.0.0.0 | Vulnerable | cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:* |
📱App | oracle | jd edwards enterpriseone tools | < 9.2.6.1 | Vulnerable | cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* |
📱App | oracle | peoplesoft enterprise peopletools | 8.58 | Vulnerable | cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* |
📱App | oracle | peoplesoft enterprise peopletools | 8.59 | Vulnerable | cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* |
📱App | oracle | primavera gateway | ≥ 17.12.0 ∧ ≤ 17.12.11 | Vulnerable | cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* |
📱App | oracle | primavera gateway | ≥ 18.8.0 ∧ ≤ 18.8.12 | Vulnerable | cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* |
📱App | oracle | primavera gateway | ≥ 19.12.0 ∧ ≤ 19.12.11 | Vulnerable | cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* |
📱App | oracle | primavera gateway | ≥ 20.12.0 ∧ ≤ 20.12.7 | Vulnerable | cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* |
📱App | oracle | primavera unifier | ≥ 17.7 ∧ ≤ 17.12 | Vulnerable | cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* |
📱App | oracle | primavera unifier | 18.8 | Vulnerable | cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* |
📱App | oracle | primavera unifier | 19.12 | Vulnerable | cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* |
📱App | oracle | primavera unifier | 20.12 | Vulnerable | cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* |
📱App | oracle | retail customer management and segmentation foundation | 19.0 | Vulnerable | cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* |
📱App | siemens | sinec ins | < 1.0 | Vulnerable | cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:* |
📱App | siemens | sinec ins | 1.0 | Vulnerable | cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:* |
📱App | siemens | sinec ins | 1.0 | Vulnerable | cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:* |
Version: < 4.17.21
Target SW: node.js
CPE:
cpe:2.3:a:lodash:lodash:*:*:*:*:*:node.js:*:*
📱
VulnerableApplication
Version: 14.2.0
CPE:
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 14.3.0
CPE:
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 14.5.0
CPE:
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 14.2.0
CPE:
cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 14.3.0
CPE:
cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 14.5.0
CPE:
cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 14.2.0
CPE:
cpe:2.3:a:oracle:banking_extensibility_workbench:14.2.0:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 14.3.0
CPE:
cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 14.5.0
CPE:
cpe:2.3:a:oracle:banking_extensibility_workbench:14.5.0:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 14.2.0
CPE:
cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 14.3.0
CPE:
cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 14.5.0
CPE:
cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 14.2.0
CPE:
cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2.0:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 14.3.0
CPE:
cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3.0:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 14.5.0
CPE:
cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 1.11.0
CPE:
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 7.4.2
CPE:
cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 7.0
CPE:
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 8.4
CPE:
cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 9.0
CPE:
cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 3.2.0
CPE:
cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 3.3.0
CPE:
cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*
Vulnerable
Version: 8.0.8.2.0
CPE:
cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*
Vulnerable
Version: 8.0.8.3.0
CPE:
cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 2.5.2.1
CPE:
cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 3.0.0.0
CPE:
cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: < 9.2.6.1
CPE:
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 8.58
CPE:
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 8.59
CPE:
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: ≥ 17.12.0 ∧ ≤ 17.12.11
CPE:
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: ≥ 18.8.0 ∧ ≤ 18.8.12
CPE:
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: ≥ 19.12.0 ∧ ≤ 19.12.11
CPE:
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: ≥ 20.12.0 ∧ ≤ 20.12.7
CPE:
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: ≥ 17.7 ∧ ≤ 17.12
CPE:
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 18.8
CPE:
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 19.12
CPE:
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
📱
VulnerableApplication
Version: 20.12
CPE:
cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
📱
VulnerableVersion: 19.0
CPE:
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
Version: < 1.0
CPE:
cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*
Version: 1.0
CPE:
cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*
42 products•scroll for more
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
NONE
User Interaction:
NONE
Confidentiality:
NONE
Integrity:
NONE
Availability:
LOW
Scope:
UNCHANGED
🔍 Technical Details
Analysis Status
ModifiedCVSS Details
5.3 (MEDIUM)v3.1
Source: [email protected]
EPSS Details
0.1% (Minimal)25.4th percentile
Last updated: Nov 1, 2025
Exploitation probability within 30 days
Published Date
Feb 15, 2021 (4 years ago)
Last Modified
Nov 21, 2024 (11 months ago)
Security Weaknesses1
Available exploits (1)
References9
NVDpatchpatch+6