{"containers": {"cna": {"affected": [{"product": "lodash", "vendor": "Snyk", "versions": [{"status": "affected", "version": "All versions prior to 4.17.12"}]}], "descriptions": [{"lang": "en", "value": "Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload."}], "problemTypes": [{"descriptions": [{"description": "Prototype Pollution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-20T14:42:00", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"name": "RHSA-2019:3024", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3024"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://snyk.io/vuln/SNYK-JS-LODASH-450202"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20191004-0005/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K47105354?utm_source=f5support&amp%3Butm_medium=RSS"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "ID": "CVE-2019-10744", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "lodash", "version": {"version_data": [{"version_value": "All versions prior to 4.17.12"}]}}]}, "vendor_name": "Snyk"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Prototype Pollution"}]}]}, "references": {"reference_data": [{"name": "RHSA-2019:3024", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3024"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"name": "https://snyk.io/vuln/SNYK-JS-LODASH-450202", "refsource": "CONFIRM", "url": "https://snyk.io/vuln/SNYK-JS-LODASH-450202"}, {"name": "https://security.netapp.com/advisory/ntap-20191004-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20191004-0005/"}, {"name": "https://support.f5.com/csp/article/K47105354?utm_source=f5support&utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K47105354?utm_source=f5support&utm_medium=RSS"}, {"name": "https://www.oracle.com/security-alerts/cpujan2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:32:01.271Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2019:3024", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3024"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JS-LODASH-450202"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20191004-0005/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K47105354?utm_source=f5support&amp%3Butm_medium=RSS"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}]}]}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2019-10744", "datePublished": "2019-07-25T23:43:03", "dateReserved": "2019-04-03T00:00:00", "dateUpdated": "2024-08-04T22:32:01.271Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lodash:lodash:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "5C21E48F-F34A-4124-9EF1-C106EB3B2209", "versionEndExcluding": "4.17.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", "matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "7081652A-D28B-494E-94EF-CA88117F23EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "9FA1A18F-D997-4121-A01B-FD9B3BF266CF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "EABAFD73-150F-4DFE-B721-29EB4475D979", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE57039D-E2EE-4014-A7B1-D7380D26098E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE0532FA-7B7B-46B3-AB10-0920034A7E43", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "592327AA-BCC4-4CD0-82C6-EA739F049E82", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "2980BE62-6B8C-4E2A-B4EF-38A23E1CCD21", "versionEndExcluding": "14.1.2.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9170095-A9BB-4D24-9925-39256D7CE2C6", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "56414352-0A79-4ED2-B670-D7CC9508FA9D", "versionEndExcluding": "15.1.0.2", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B3DCE49-C37D-4951-AB57-7CDDEBA1C1E5", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DD78D19-D17E-45EC-98C7-74D086AE68AA", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "322E6570-185C-4413-A7CE-674CBAE95D05", "versionEndExcluding": "14.1.2.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B59E16D-7645-492A-9C1D-A8724FFCA28F", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BA6818C-DCCE-4347-935A-CE6BA0014CDE", "versionEndExcluding": "15.1.0.2", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D5AA99B-08E7-4959-A3B4-41AA527B4B22", "versionEndIncluding": "12.1.5", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AC8FD5C-AE1A-4484-BB6F-EBB6A48D21F8", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC15881B-9C49-4E77-9FB6-A6E60D0BCAD3", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "D29F60E2-E39D-46E8-935E-8E0A0D32E262", "versionEndExcluding": "15.0.1.3", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "F302F7BC-A08A-4DB3-A257-699C7DBDCAB0", "versionEndExcluding": "15.1.0.2", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D3F7911-FB00-4612-9109-9E7A407BC7B7", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B547F46F-5563-4E7F-8B69-3D25C6C58521", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "78753BD2-6631-459D-AD89-0FE2C0F3FDD5", "versionEndExcluding": "14.1.2.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "997D12F1-098D-4C42-A6A2-B4F59AC78F0F", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "45920B7E-10A6-4066-87AB-60D584689891", "versionEndExcluding": "15.1.0.2", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "91BF72A9-EB50-4315-B956-5926967DCC46", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AEE0B76-3F8E-420A-9589-BF3FDB942DEB", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA9E370F-2A37-4612-91DD-2B1FD7EECCE7", "versionEndExcluding": "14.1.2.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6C4B56F-D022-4268-9D78-6E4D12AE9215", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "53CA3EC2-CE36-4388-A7A9-4311AD80A8B2", "versionEndExcluding": "15.1.0.2", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "matchCriteriaId": "5043F299-FEE6-4878-8616-D2976FAC2BDF", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "matchCriteriaId": "E59859F8-3BF6-4BE3-8E4B-DF3B68303B22", "versionEndIncluding": "13.1.3", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "matchCriteriaId": "024C7911-8C97-4A94-8F0B-18BE2109A499", "versionEndExcluding": "14.1.2.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_visibility_and_reporting:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E14CCF2-E795-4763-A560-2C54C55619BE", "versionEndExcluding": "15.1.1", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "73EC8EDA-669A-4750-934F-3B3FBF557080", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7917031-0735-483C-A8DA-11430056D568", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E10BF5A-2BD0-4791-B842-358968AFC9E6", "versionEndExcluding": "14.1.2.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAFC0D83-7F64-44F2-A014-37DE3CAF846A", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "6419B4B3-DE7A-4B72-BFFC-6C646AC07BB7", "versionEndExcluding": "15.1.0.2", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C3C6E77-BB41-48AA-AFEA-8C6F18BE7025", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "156F3B54-1827-4048-AACD-835092853943", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "206B46BD-846A-493C-BC83-531E6CD45F5A", "versionEndExcluding": "14.1.2.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC1CC599-DA9C-46BD-9C5C-FD25D57AE9D6", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "C00CAEFA-C255-4C0B-8DE1-12686EC7D09B", "versionEndExcluding": "15.1.0.2", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0581EEF-98E6-4961-8178-BA2D7647F931", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFC5C221-AE58-4580-876A-E5FD7970A695", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "27A9FAF9-7198-41FD-B093-AE11DD5AD67B", "versionEndExcluding": "14.1.2.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "920BC3DD-A1D4-403B-83D2-00636C20FFC0", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "2BDD592C-6DBC-4A35-8483-ACC471FF92E3", "versionEndExcluding": "15.1.0.2", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "32773569-67FE-4F08-A613-E507FCDEACEF", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "463AA399-492A-4DB6-BFD1-31725012AE8F", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "94F1100B-0EE4-41A7-AD34-336D4335751D", "versionEndExcluding": "14.1.2.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "49C8BE4A-DED6-451A-B6EE-AC95DD26F85A", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3087972-862F-4A0D-9D9D-38BAB9D383F4", "versionEndExcluding": "15.1.0.2", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "4494F771-4026-478C-8004-B162653DC80C", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "98314370-E3C8-4CB5-9F48-57004EB96D8F", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "929E75AD-5DC4-4992-A589-BA4516BC38FA", "versionEndExcluding": "14.1.2.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "DEC0E30F-6550-4BC9-8DA7-6BD495DBF415", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "45641A58-0B5B-48C6-B0A3-0822A86A00AC", "versionEndExcluding": "15.1.0.2", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "A97489DC-A5DE-48AD-BBA2-F9078070F53A", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FBF128B7-874B-4E3A-B52F-1C2DE34F64A9", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "50AB72FA-552D-4B37-9C58-B4AB3B7B989A", "versionEndExcluding": "14.1.2.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5D90F4A-FA2A-412F-8591-D1CA6399ECAD", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B5F9367-89D5-4D7D-A0FE-6C289E0A606C", "versionEndExcluding": "15.1.0.2", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "1EDB944B-DF60-45AF-AD60-33E9667E0D12", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "20C58940-C7A3-47A9-8C9E-7B652E4F4750", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA5A4B1B-F4F0-4053-8756-2C84AA885060", "versionEndExcluding": "14.1.2.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "BAD2867D-D646-4B01-A383-6A47B51D059E", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7C50229-3A95-4AA8-A720-4D35FF482DC3", "versionEndExcluding": "15.1.0.2", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "02CB8916-A9ED-4935-BFBD-5C9E8D45379E", "versionEndExcluding": "12.1.5.2", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "5853A161-2F92-4298-A70A-03A66DED157C", "versionEndExcluding": "13.1.3.4", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "A86EF843-B0CB-4FB0-9E0A-51F7DD3BD44B", "versionEndExcluding": "14.1.2.5", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "126DC4FA-E5EB-43E1-83F9-19F29E852E03", "versionEndExcluding": "15.0.1.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "0064DE79-D6D6-4AE0-BF10-BF91FF9158DF", "versionEndExcluding": "15.1.0.2", "versionStartIncluding": "15.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "F37D18F2-8C6A-4557-85DC-2A751595423C", "versionEndIncluding": "6.1.0", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:5.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5C1DACF-0562-4A41-A9EC-60D1DC065007", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2B589C35-55F2-4D40-B5A6-8267EE20D627", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:iworkflow:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D3CE7526-9630-48EF-81FB-44904AF0653F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload."}, {"lang": "es", "value": "Las versiones de lodash inferiores a 4.17.12, son vulnerables a la Contaminaci\u00f3n de Prototipo. La funci\u00f3n defaultsDeep podr\u00eda ser enga\u00f1ada para agregar o modificar las propiedades de Object.prototype usando una carga \u00fatil de constructor."}], "id": "CVE-2019-10744", "lastModified": "2024-11-21T04:19:50.123", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-26T00:15:11.217", "references": [{"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3024"}, {"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20191004-0005/"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-LODASH-450202"}, {"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K47105354?utm_source=f5support&amp%3Butm_medium=RSS"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3024"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20191004-0005/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-LODASH-450202"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K47105354?utm_source=f5support&amp%3Butm_medium=RSS"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1321"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:2819", "cpe": "cpe:/a:redhat:jaeger:1.17::el7", "impact": "moderate", "package": "distributed-tracing/jaeger-all-in-one-rhel7:1.17.2-3", "product_name": "Jaeger-1.17", "release_date": "2020-07-06T00:00:00Z"}, {"advisory": "RHSA-2020:2819", "cpe": "cpe:/a:redhat:jaeger:1.17::el7", "impact": "moderate", "package": "distributed-tracing/jaeger-query-rhel7:1.17.2-3", "product_name": "Jaeger-1.17", "release_date": "2020-07-06T00:00:00Z"}, {"advisory": "RHSA-2020:2362", "cpe": "cpe:/a:redhat:service_mesh:1.0::el7", "impact": "moderate", "package": "jaeger-0:v1.13.1.redhat7-1.el7", "product_name": "Openshift Service Mesh 1.0", "release_date": "2020-06-02T00:00:00Z"}, {"advisory": "RHSA-2020:2362", "cpe": "cpe:/a:redhat:service_mesh:1.0::el7", "impact": "moderate", "package": "kiali-0:v1.0.11.redhat1-1.el7", "product_name": "Openshift Service Mesh 1.0", "release_date": "2020-06-02T00:00:00Z"}, {"advisory": "RHSA-2020:2362", "cpe": "cpe:/a:redhat:service_mesh:1.0::el8", "impact": "moderate", "package": "servicemesh-grafana-0:6.2.2-36.el8", "product_name": "OpenShift Service Mesh 1.0", "release_date": "2020-06-02T00:00:00Z"}, {"advisory": "RHSA-2022:5101", "cpe": "cpe:/a:redhat:amq_broker:7", "impact": "low", "package": "nodejs-lodash", "product_name": "Red Hat AMQ 7.10.0", "release_date": "2022-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:5134", "cpe": "cpe:/a:redhat:jboss_fuse:7", "impact": "low", "package": "nodejs-lodash", "product_name": "Red Hat Fuse 7.10", "release_date": "2021-12-14T00:00:00Z"}, {"advisory": "RHSA-2019:3024", "cpe": "cpe:/a:redhat:rhev_manager:4.3", "impact": "moderate", "package": "ovirt-web-ui-0:1.6.0-1.el7ev", "product_name": "Red Hat Virtualization Engine 4.3", "release_date": "2019-10-10T00:00:00Z"}], "bugzilla": {"description": "nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties", "id": "1739497", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1739497"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.", "A Prototype Pollution vulnerability was found in lodash. Calling certain methods with untrusted JSON could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences."], "name": "CVE-2019-10744", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "impact": "moderate", "package_name": "openshift-logging/kibana6-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift:3.10", "fix_state": "Fix deferred", "impact": "moderate", "package_name": "nodejs-lodash", "product_name": "Red Hat OpenShift Container Platform 3.10"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "impact": "moderate", "package_name": "openshift3/ose-logging-kibana5", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.9", "fix_state": "Fix deferred", "impact": "moderate", "package_name": "nodejs-lodash", "product_name": "Red Hat OpenShift Container Platform 3.9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "moderate", "package_name": "logging-kibana5-container", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Will not fix", "impact": "moderate", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-nodejs10-nodejs", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-nodejs8-nodejs", "product_name": "Red Hat Software Collections"}], "public_date": "2019-08-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-10744\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10744"], "statement": "The lodash dependency is included in OpenShift Container Platform (OCP) by Kibana in the aggregated logging stack. Elastic have issued a security advisory (ESA-2019-10) for Kibana for this vulnerability, and in that advisory stated that no exploit vectors had been identified in Kibana. Therefore we rate this issue as moderate for OCP and may fix this issue in a future release.\nhttps://www.elastic.co/community/security\nThis issue did not affect the versions of rh-nodejs8-nodejs and rh-nodejs10-nodejs as shipped with Red Hat Software Collections.\nWhilst a vulnerable version of lodash has been included in ServiceMesh, the impact is lowered to Moderate due to the library not being directly accessible increasing the attack complexity and the fact that the attacker would need some existing access - meaning the vulnerability is not crossing a privilege boundary.\nRed Hat Quay imports lodash as a runtime dependency of restangular. The restangular function in use by Red Hat Quay do not use lodash to parse user input. This issue therefore rated moderate impact for Red Hat Quay.", "threat_severity": "Important"}

{}