Vulnerability Database

296,138

Total vulnerabilities in the database

CVE-2019-10744

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

CVSS v3:

  • Severity: Critical
  • Score: 9.1
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.4
  • AV:N/AC:L/Au:N/C:N/I:P/A:P

CWEs:

Software From Fixed in
lodash / lodash - 4.17.12
redhat / virtualization_manager 4.3 4.3.x
oracle / banking_extensibility_workbench 14.4.0 14.4.0.x
oracle / banking_extensibility_workbench 14.3.0 14.3.0.x
f5 / big-iq_centralized_management 6.0.0 6.1.0.x
f5 / iworkflow 2.3.0 2.3.0.x
f5 / big-iq_centralized_management 7.0.0 7.0.0.x
f5 / big-ip_analytics 12.1.0 12.1.5.x
f5 / big-ip_analytics 13.1.0 13.1.3.x
f5 / big-ip_analytics 14.1.0 14.1.2.x
f5 / big-ip_local_traffic_manager 15.1.0 15.1.0.2
f5 / big-ip_application_acceleration_manager 15.1.0 15.1.0.2
f5 / big-ip_advanced_firewall_manager 15.1.0 15.1.0.2
f5 / big-ip_analytics 15.1.0 15.1.0.2
f5 / big-ip_analytics 15.0.0 15.0.1.3
f5 / big-ip_access_policy_manager 15.1.0 15.1.0.2
f5 / big-ip_application_security_manager 15.1.0 15.1.0.2
f5 / big-ip_domain_name_system 15.1.0 15.1.0.2
f5 / big-ip_fraud_protection_service 15.1.0 15.1.0.2
f5 / big-ip_global_traffic_manager 15.1.0 15.1.0.2
f5 / big-ip_link_controller 15.1.0 15.1.0.2
f5 / big-ip_policy_enforcement_manager 15.1.0 15.1.0.2
f5 / big-ip_access_policy_manager 12.1.0 12.1.5.2
f5 / big-ip_access_policy_manager 13.1.0 13.1.3.4
f5 / big-ip_advanced_firewall_manager 12.1.0 12.1.5.2
f5 / big-ip_advanced_firewall_manager 13.1.0 13.1.3.4
f5 / big-ip_advanced_firewall_manager 15.0.0 15.0.1.4
f5 / big-ip_application_acceleration_manager 12.1.0 12.1.5.2
f5 / big-ip_application_acceleration_manager 13.1.0 13.1.3.4
f5 / big-ip_application_acceleration_manager 15.0.0 15.0.1.4
f5 / big-ip_application_security_manager 12.1.0 12.1.5.2
f5 / big-ip_application_security_manager 13.1.0 13.1.3.4
f5 / big-ip_application_security_manager 15.0.0 15.0.1.4
f5 / big-ip_domain_name_system 12.1.0 12.1.5.2
f5 / big-ip_domain_name_system 13.1.0 13.1.3.4
f5 / big-ip_domain_name_system 15.0.0 15.0.1.4
f5 / big-ip_fraud_protection_service 12.1.0 12.1.5.2
f5 / big-ip_fraud_protection_service 13.1.0 13.1.3.4
f5 / big-ip_fraud_protection_service 15.0.0 15.0.1.4
f5 / big-ip_global_traffic_manager 12.1.0 12.1.5.2
f5 / big-ip_global_traffic_manager 13.1.0 13.1.3.4
f5 / big-ip_global_traffic_manager 15.0.0 15.0.1.4
f5 / big-ip_link_controller 12.1.0 12.1.5.2
f5 / big-ip_link_controller 13.1.0 13.1.3.4
f5 / big-ip_link_controller 15.0.0 15.0.1.4
f5 / big-ip_local_traffic_manager 12.1.0 12.1.5.2
f5 / big-ip_local_traffic_manager 13.1.0 13.1.3.4
f5 / big-ip_local_traffic_manager 15.0.0 15.0.1.4
f5 / big-ip_policy_enforcement_manager 12.1.0 12.1.5.2
f5 / big-ip_policy_enforcement_manager 13.1.0 13.1.3.4
f5 / big-ip_policy_enforcement_manager 15.0.0 15.0.1.4
f5 / big-ip_local_traffic_manager 14.1.0 14.1.2.5
f5 / big-ip_application_acceleration_manager 14.1.0 14.1.2.5
f5 / big-ip_advanced_firewall_manager 14.1.0 14.1.2.5
f5 / big-ip_access_policy_manager 15.0.0 15.0.1.4
f5 / big-ip_access_policy_manager 14.1.0 14.1.2.5
f5 / big-ip_application_security_manager 14.1.0 14.1.2.5
f5 / big-ip_domain_name_system 14.1.0 14.1.2.5
f5 / big-ip_fraud_protection_service 14.1.0 14.1.2.5
f5 / big-ip_global_traffic_manager 14.1.0 14.1.2.5
f5 / big-ip_link_controller 14.1.0 14.1.2.5
f5 / big-ip_policy_enforcement_manager 14.1.0 14.1.2.5
f5 / big-ip_edge_gateway 12.1.0 12.1.5.2
f5 / big-ip_edge_gateway 15.0.0 15.0.1.4
f5 / big-ip_edge_gateway 13.1.0 13.1.3.4
f5 / big-ip_webaccelerator 12.1.0 12.1.5.2
f5 / big-ip_webaccelerator 15.0.0 15.0.1.4
f5 / big-ip_webaccelerator 13.1.0 13.1.3.4
f5 / big-iq_centralized_management 5.4.0 5.4.0.x
f5 / big-ip_edge_gateway 15.1.0 15.1.0.2
f5 / big-ip_edge_gateway 14.1.0 14.1.2.5
f5 / big-ip_webaccelerator 15.1.0 15.1.0.2
f5 / big-ip_webaccelerator 14.1.0 14.1.2.5
f5 / big-ip_application_visibility_and_reporting 15.1.0 15.1.1
f5 / big-ip_application_visibility_and_reporting 14.1.0 14.1.2.5
f5 / big-ip_application_visibility_and_reporting 13.1.0 13.1.3.x
f5 / big-ip_application_visibility_and_reporting 12.1.0 12.1.5.2
Node.js icon lodash - 4.17.12
Node.js icon lodash / lodash-es - 4.17.14
Node.js icon lodash-amd - 4.17.13
Node.js icon lodash / lodash.template - 4.5.0
Node.js icon lodash.merge - 4.6.2
Node.js icon lodash.mergewith - 4.6.2
Node.js icon lodash.defaultsdeep - 4.6.1