Description

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

Remediation

References

CVE-2019-10744

Related Vulnerabilities

Oracle Database Server CVE-2008-2605 Vulnerability (CVE-2008-2605)

Lighttpd Resource Management Errors Vulnerability (CVE-2012-5533)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17309)

WordPress Plugin MW WP Form Cross-Site Scripting (2.10.0)

Oracle Database Server CVE-2011-0799 Vulnerability (CVE-2011-0799)

Severity

Critical

Classification

CVE-2019-10744 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Tags

Missing Update Known Vulnerabilities