VDB
RHSA-2020%3A3370
RHSA-2020%3A3370
PUBLISHED
CVSS 7.400000095367432 HIGH
A flaw was found in nodejs-lodash in versions 4.17.15 and earlier. A prototype pollution attack is possible which can lead to arbitrary code execution. The primary threat from this vulnerability is to data integrity and system availability.
Risk Scores
CVSS 3.1
7.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | distributed-tracing/jaeger-es-rollover-rhel7@sha256:a2c413202eb52d172dc15722c20cc0e29ae5276f0ba1eefd1d62f05c2b86915b_amd64 as a component of Red Hat OpenShift Jaeger 1.17 | distributed-tracing/jaeger-es-rollover-rhel7@sha256:a2c413202eb52d172dc15722c20cc0e29ae5276f0ba1eefd1d62f05c2b86915b_amd64 |
| Red Hat | distributed-tracing/jaeger-agent-rhel7@sha256:abad0b25b8d40fae71970c581029afc128d9a8ab2439d560d0b715c3ec287e14_amd64 as a component of Red Hat OpenShift Jaeger 1.17 | distributed-tracing/jaeger-agent-rhel7@sha256:abad0b25b8d40fae71970c581029afc128d9a8ab2439d560d0b715c3ec287e14_amd64 |
| Red Hat | distributed-tracing/jaeger-query-rhel7@sha256:2fe0840c5c88f0c7f01415e5661d8a32450a827cac555f93accf779d0ededb29_amd64 as a component of Red Hat OpenShift Jaeger 1.17 | *, distributed-tracing/jaeger-query-rhel7@sha256:2fe0840c5c88f0c7f01415e5661d8a32450a827cac555f93accf779d0ededb29_amd64 |
| Red Hat | distributed-tracing/jaeger-rhel7-operator@sha256:e561e5ad5940ecaac80ec803843329166b44dcf27d713e6259114a01d61b66f5_amd64 as a component of Red Hat OpenShift Jaeger 1.17 | *, distributed-tracing/jaeger-rhel7-operator@sha256:e561e5ad5940ecaac80ec803843329166b44dcf27d713e6259114a01d61b66f5_amd64 |
| Red Hat | distributed-tracing/jaeger-query-rhel7@sha256:2fe0840c5c88f0c7f01415e5661d8a32450a827cac555f93accf779d0ededb29_amd64 as a component of Red Hat OpenShift Jaeger 1.17 | distributed-tracing/jaeger-query-rhel7@sha256:2fe0840c5c88f0c7f01415e5661d8a32450a827cac555f93accf779d0ededb29_amd64 |
| Red Hat | distributed-tracing/jaeger-all-in-one-rhel7@sha256:2e3f471079a34e9c497045a4c1f805c648cac28bd550b91471c7fb6c7d7b9774_amd64 as a component of Red Hat OpenShift Jaeger 1.17 | distributed-tracing/jaeger-all-in-one-rhel7@sha256:2e3f471079a34e9c497045a4c1f805c648cac28bd550b91471c7fb6c7d7b9774_amd64 |
| Red Hat | distributed-tracing/jaeger-es-index-cleaner-rhel7@sha256:8f0893cad468eaae61081b5b9d78fe512877bb1e1922dd5fff00df45731b79a2_amd64 as a component of Red Hat OpenShift Jaeger 1.17 | distributed-tracing/jaeger-es-index-cleaner-rhel7@sha256:8f0893cad468eaae61081b5b9d78fe512877bb1e1922dd5fff00df45731b79a2_amd64 |
| Red Hat | distributed-tracing/jaeger-collector-rhel7@sha256:5acdc905cdf19b06463eca5f7a3e9260e8618c644bbc43e925f003296cb7bdf6_amd64 as a component of Red Hat OpenShift Jaeger 1.17 | distributed-tracing/jaeger-collector-rhel7@sha256:5acdc905cdf19b06463eca5f7a3e9260e8618c644bbc43e925f003296cb7bdf6_amd64, * |
| Red Hat | distributed-tracing/jaeger-es-rollover-rhel7@sha256:a2c413202eb52d172dc15722c20cc0e29ae5276f0ba1eefd1d62f05c2b86915b_amd64 as a component of Red Hat OpenShift Jaeger 1.17 | *, * |
| Red Hat | distributed-tracing/jaeger-collector-rhel7@sha256:5acdc905cdf19b06463eca5f7a3e9260e8618c644bbc43e925f003296cb7bdf6_amd64 as a component of Red Hat OpenShift Jaeger 1.17 | distributed-tracing/jaeger-collector-rhel7@sha256:5acdc905cdf19b06463eca5f7a3e9260e8618c644bbc43e925f003296cb7bdf6_amd64 |
| Red Hat | distributed-tracing/jaeger-ingester-rhel7@sha256:66f850d0de9ab915e5b9683fc6e82a3426df41b8c308972e81fefae00eb3a8d9_amd64 as a component of Red Hat OpenShift Jaeger 1.17 | distributed-tracing/jaeger-ingester-rhel7@sha256:66f850d0de9ab915e5b9683fc6e82a3426df41b8c308972e81fefae00eb3a8d9_amd64 |
| Red Hat | distributed-tracing/jaeger-agent-rhel7@sha256:abad0b25b8d40fae71970c581029afc128d9a8ab2439d560d0b715c3ec287e14_amd64 as a component of Red Hat OpenShift Jaeger 1.17 | *, distributed-tracing/jaeger-agent-rhel7@sha256:abad0b25b8d40fae71970c581029afc128d9a8ab2439d560d0b715c3ec287e14_amd64 |
| Red Hat | distributed-tracing/jaeger-rhel7-operator@sha256:e561e5ad5940ecaac80ec803843329166b44dcf27d713e6259114a01d61b66f5_amd64 as a component of Red Hat OpenShift Jaeger 1.17 | distributed-tracing/jaeger-rhel7-operator@sha256:e561e5ad5940ecaac80ec803843329166b44dcf27d713e6259114a01d61b66f5_amd64 |
| Red Hat | distributed-tracing/jaeger-es-index-cleaner-rhel7@sha256:8f0893cad468eaae61081b5b9d78fe512877bb1e1922dd5fff00df45731b79a2_amd64 as a component of Red Hat OpenShift Jaeger 1.17 | *, * |
| Red Hat | distributed-tracing/jaeger-ingester-rhel7@sha256:66f850d0de9ab915e5b9683fc6e82a3426df41b8c308972e81fefae00eb3a8d9_amd64 as a component of Red Hat OpenShift Jaeger 1.17 | distributed-tracing/jaeger-ingester-rhel7@sha256:66f850d0de9ab915e5b9683fc6e82a3426df41b8c308972e81fefae00eb3a8d9_amd64, * |
| Red Hat | distributed-tracing/jaeger-all-in-one-rhel7@sha256:2e3f471079a34e9c497045a4c1f805c648cac28bd550b91471c7fb6c7d7b9774_amd64 as a component of Red Hat OpenShift Jaeger 1.17 | *, distributed-tracing/jaeger-all-in-one-rhel7@sha256:2e3f471079a34e9c497045a4c1f805c648cac28bd550b91471c7fb6c7d7b9774_amd64 |
Timeline
- Aug 6, 2020 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 15, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2020:3370 advisory
- https://access.redhat.com/security/updates/classification/#low advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1804533 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1857412 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3370.json advisory
- https://access.redhat.com/security/cve/CVE-2020-8203 advisory
- https://www.cve.org/CVERecord?id=CVE-2020-8203 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-8203 advisory
- https://hackerone.com/reports/712065 advisory
- https://www.npmjs.com/advisories/1523 advisory
- https://access.redhat.com/security/cve/CVE-2020-9283 advisory
- https://www.cve.org/CVERecord?id=CVE-2020-9283 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-9283 advisory
- https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY advisory