VYPR
Critical severityNVD Advisory· Published Jul 25, 2019· Updated Aug 4, 2024

CVE-2019-10744

CVE-2019-10744

Description

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
lodashnpm
< 4.17.124.17.12
lodash-esnpm
< 4.17.144.17.14
lodash-amdnpm
< 4.17.134.17.13
lodash.defaultsdeepnpm
< 4.6.14.6.1
lodash-railsRubyGems
< 4.17.124.17.12

Affected products

6

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.