Sign In

CVE-2019-10744

ADVISORY - github

Summary

Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects.

Recommendation

Update to version 4.17.12 or later.

EPSS Score: 0.0341 (0.869)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

ADVISORY - github

CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-20

Improper Input Validation

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-20

Improper Input Validation

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2019-10744
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1321

CVSS SCORE

9.1critical

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-jf85-cpcp-j695
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1321CWE-20

CVSS SCORE

9.1critical

Debian

CREATED

UPDATED

ADVISORY IDCVE-2019-10744
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2019-10744
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

9.1medium

GitLab

CREATED

UPDATED

ADVISORY ID

CVE-2019-10744

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-937

CVSS SCORE

9.1critical

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2019-10744
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-20

CVSS SCORE

9.1high

intheWild

CREATED

UPDATED

ADVISORY IDCVE-2019-10744
EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY