Underscore

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-27601 HIGH POC PATCH This Week

Unbounded recursion in Underscore.js versions before 1.13.8 enables denial of service attacks when the _.flatten or _.isEqual functions process deeply nested untrusted data structures. An attacker can trigger stack overflow conditions by supplying specially crafted recursive input, causing affected applications to crash. Public exploit code exists for this vulnerability, and patches are available.

Stack Overflow Denial Of Service Underscore Redhat Suse

NVD GitHub

CVSS 3.1

7.5

EPSS

0.0%

CVE-2026-27601

EPSS 0% CVSS 7.5

HIGH POC PATCH This Week

Unbounded recursion in Underscore.js versions before 1.13.8 enables denial of service attacks when the _.flatten or _.isEqual functions process deeply nested untrusted data structures. An attacker can trigger stack overflow conditions by supplying specially crafted recursive input, causing affected applications to crash. Public exploit code exists for this vulnerability, and patches are available.

Stack Overflow Denial Of Service Underscore +2

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy