CVEFinder.io

CVE-2020-8203

⚠️ high
πŸ” Scan for this CVE
Summary

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

CVSS Score
7.4
High
EPSS Score
2.6
Exploit Probability
Published Date
2020-07-15
First Seen: 2026-01-05
πŸ“Š Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 57.4% of all 317,883 vulnerabilities in our database.

#135,331
Above average severity
Severity Percentile
Last Modified 2024-11-21
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE IDs (Weakness Types)
CWE-770 CWE-1321

πŸ“¦ Affected Products 42

Vendor Product Status Affected Versions
oracle peoplesoft_enterprise_peopletools Affected
v8.58
oracle peoplesoft_enterprise_peopletools Affected
v8.59
oracle jd_edwards_enterpriseone_tools Affected
≤ 9.2.6.0
oracle primavera_gateway Affected
≥ 17.12.0 ≤ 17.12.11
oracle primavera_gateway Affected
≥ 18.8.0 ≤ 18.8.12
oracle primavera_gateway Affected
≥ 19.12.0 ≤ 19.12.11
oracle primavera_gateway Affected
≥ 20.12.0 ≤ 20.12.7
oracle communications_session_border_controller Affected
v8.4
oracle communications_session_border_controller Affected
v9.0
oracle communications_session_border_controller Affected
vcz8.4
lodash lodash Affected
< 4.17.20
oracle enterprise_communications_broker Affected
v3.2.0
oracle enterprise_communications_broker Affected
v3.3.0
oracle enterprise_communications_broker Affected
vpcz3.3
oracle communications_billing_and_revenue_management Affected
v12.0.0.3.0
oracle communications_billing_and_revenue_management Affected
v7.5.0.23.0
oracle banking_extensibility_workbench Affected
v14.2.0
oracle banking_extensibility_workbench Affected
v14.3.0
oracle banking_extensibility_workbench Affected
v14.5.0
oracle banking_corporate_lending_process_management Affected
v14.2.0
oracle banking_corporate_lending_process_management Affected
v14.3.0
oracle banking_corporate_lending_process_management Affected
v14.5.0
oracle banking_virtual_account_management Affected
v14.2.0
oracle banking_virtual_account_management Affected
v14.3.0
oracle banking_virtual_account_management Affected
v14.5.0
oracle banking_trade_finance_process_management Affected
v14.2.0
oracle banking_trade_finance_process_management Affected
v14.3.0
oracle banking_trade_finance_process_management Affected
v14.5.0
oracle banking_credit_facilities_process_management Affected
v14.2.0
oracle banking_credit_facilities_process_management Affected
v14.3.0
oracle banking_credit_facilities_process_management Affected
v14.5.0
oracle communications_cloud_native_core_policy Affected
v1.11.0
oracle communications_session_router Affected
vcz8.4
oracle communications_subscriber-aware_load_balancer Affected
vcz8.3
oracle communications_subscriber-aware_load_balancer Affected
vcz8.4
oracle banking_supply_chain_finance Affected
v14.2.0
oracle banking_supply_chain_finance Affected
v14.3.0
oracle banking_supply_chain_finance Affected
v14.5.0
oracle banking_liquidity_management Affected
v14.2.0
oracle banking_liquidity_management Affected
v14.3.0
oracle banking_liquidity_management Affected
v14.5.0
oracle blockchain_platform Affected
< 21.1.2

πŸ”— References 8

https://github.com/lodash/lodash/issues/4874
Issue Tracking Vendor Advisory
https://hackerone.com/reports/712065
Exploit Third Party Advisory
https://security.netapp.com/advisory/ntap-20200724-0...
Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch Third Party Advisory

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-13465 πŸ”Ά medium 5.3 0.0 Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unsetΒ and _.omitΒ functions. An at... 2026-01-21
CVE-2026-21934 πŸ”Ά medium 5.4 0.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Push Notifications). Su... 2026-01-20
CVE-2026-21938 πŸ”Ά medium 6.1 0.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported vers... 2026-01-20
CVE-2026-21951 πŸ”Ά medium 6.1 0.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). Su... 2026-01-20
CVE-2026-21946 πŸ”Ά medium 6.1 0.0 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supporte... 2026-01-20
CVE-2025-53048 πŸ”Ά medium 5.4 0.0 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). Supp... 2025-10-21
These CVEs affect the same products