CVE-2020-8203 – WordPress Core < 5.8.1 - LoDash Update

https://notcve.org/view.php?id=CVE-2020-8203

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. Un ataque de contaminación de prototipo cuando se utiliza _.zipObjectDeep en lodash versiones anteriores a 4.17.20 A flaw was found in nodejs-lodash in versions 4.17.15 and earlier. A prototype pollution attack is possible which can lead to arbitrary code execution. The primary threat from this vulnerability is to data integrity and system availability. WordPress Core is vulnerable to prototype pollution in various versions less than 5.8.1 due to a vulnerability in the LoDash component which is identified as CVE-2020-8203. • https://github.com/ossf-cve-benchmark/CVE-2020-8203 https://github.com/lodash/lodash/issues/4874 https://hackerone.com/reports/712065 https://security.netapp.com/advisory/ntap-20200724-0006 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat. • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-770: Allocation of Resources Without Limits or Throttling CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •