{"id":"CVE-2020-8203","details":"Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.","aliases":["GHSA-p6mc-m468-83gw"],"modified":"2026-03-11T07:46:38.536744Z","published":"2020-07-15T17:15:11.797Z","references":[{"type":"WEB"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200724-0006/"},{"type":"REPORT","url":"https://github.com/lodash/lodash/issues/4874"},{"type":"FIX","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"type":"EVIDENCE","url":"https://hackerone.com/reports/712065"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/lodash/lodash","events":[{"introduced":"0"},{"fixed":"f2e7063ee409ff40a60b14370c58dceee1a2efd4"},{"introduced":"0"},{"last_affected":"0847978784a28c9618a827e19220451e1eb5257f"},{"introduced":"0"},{"last_affected":"343b869a6880825a2397427668fbc64d82a060a6"},{"introduced":"0"},{"last_affected":"343b869a6880825a2397427668fbc64d82a060a6"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.17.20"},{"introduced":"0"},{"last_affected":"3.2.0"},{"introduced":"0"},{"last_affected":"3.3.0"},{"introduced":"0"},{"last_affected":"pcz3.3"}]}}],"versions":["3.0.0-npm-packages","3.0.1-npm-packages","3.0.2-npm-packages","3.0.3-npm-packages","3.0.4-npm-packages","3.0.5-npm-packages","3.0.6-npm-packages","3.0.7-npm-packages","3.0.8-npm-packages","3.0.9-npm-packages","3.1.0-npm-packages","3.1.1-npm-packages","3.1.2-npm-packages","3.1.3-npm-packages","3.1.4-npm-packages","3.1.5-npm-packages","3.1.6-npm-packages","3.1.7-npm-packages","3.2.0-npm-packages"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8203.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"14.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.5.0"}]},{"events":[{"introduced":"0"},{"fixed":"21.1.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.5.0.23.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.0.0.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"1.11.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"cz8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"cz8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"cz8.3"}]},{"events":[{"introduced":"0"},{"last_affected":"cz8.4"}]},{"events":[{"introduced":"0"},{"last_affected":"9.2.6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.58"}]},{"events":[{"introduced":"0"},{"last_affected":"8.59"}]},{"events":[{"introduced":"17.12.0"},{"last_affected":"17.12.11"}]},{"events":[{"introduced":"18.8.0"},{"last_affected":"18.8.12"}]},{"events":[{"introduced":"19.12.0"},{"last_affected":"19.12.11"}]},{"events":[{"introduced":"20.12.0"},{"last_affected":"20.12.7"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}]}