Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2019-07-25T23:43:03

Updated: 2024-08-04T22:32:01.271Z

Reserved: 2019-04-03T00:00:00

Link: CVE-2019-10744

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2019-07-26T00:15:11.217

Modified: 2024-01-21T02:45:24.433

Link: CVE-2019-10744

cve-icon Redhat

Severity : Important

Publid Date: 2019-08-09T00:00:00Z

Links: CVE-2019-10744 - Bugzilla