Lucene search
K

54 matches found

OSV
OSV
added 2019/07/26 12:15 a.m.56 views

CVE-2019-10744

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...

9.1CVSS9.1AI score
Exploits0References6
OSV
OSV
added 2019/07/26 12:15 a.m.3 views

DEBIAN-CVE-2019-10744

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...

9.1CVSS9.3AI score0.05006EPSS
Exploits2References1
Prion
Prion
added 2019/07/26 12:15 a.m.33 views

Design/Logic Flaw

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...

6.4CVSS8.9AI score0.05006EPSS
Exploits2References6Affected Software19
OSV
OSV
added 2019/07/26 12:15 a.m.4 views

UBUNTU-CVE-2019-10744

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...

9.8CVSS6.7AI score0.05006EPSS
Exploits2References5
Cvelist
Cvelist
added 2019/07/25 11:43 p.m.38 views

CVE-2019-10744

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...

9.1AI score0.05006EPSS
Exploits2References6
Debian CVE
Debian CVE
added 2019/07/25 11:43 p.m.35 views

CVE-2019-10744

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...

9.1CVSS7.1AI score0.05006EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2019/07/04 12:0 a.m.6 views

PT-2019-2936

Name of the Vulnerable Software and Affected Versions lodash versions prior to 4.17.12 Description The issue is related to the defaultsDeep function in the lodash library, which can be tricked into adding or modifying properties of Object.prototype using a constructor payload. This is due to...

9.1CVSS7.2AI score0.05006EPSS
Exploits2References28
Veracode
Veracode
added 2019/06/21 1:2 a.m.29 views

Prototype Pollution

mixin-deep is vulnerable to prototype pollution. The vulnerability exists as properties of Object.prototype could be added through a constructor payload...

9.8CVSS9AI score0.03508EPSS
Exploits1References7Affected Software2
Snyk
Snyk
added 2019/06/19 11:45 a.m.6 views

Prototype Pollution

Overview lodash is an utility library delivering consistency, modularity, performance, & extras. Affected versions of this package are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...

9.1CVSS8.3AI score0.05006EPSS
Exploits2References3
Snyk
Snyk
added 2019/06/19 11:45 a.m.8 views

Prototype Pollution

Overview lodash is a modern JavaScript utility library delivering modularity, performance, & extras. Affected versions of this package are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor...

9.1CVSS8.3AI score0.05006EPSS
Exploits2References3
Snyk
Snyk
added 2019/06/19 11:45 a.m.6 views

Prototype Pollution

Overview @sailshq/lodash is a fork of Lodash 3.10.x with ongoing maintenance from the Sails core team. Affected versions of this package are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor...

9.1CVSS8.3AI score0.05006EPSS
Exploits2References3
Snyk
Snyk
added 2019/06/19 9:38 a.m.5 views

Prototype Pollution

Overview set-value is a package that creates nested values and any intermediaries using dot notation 'a.b.c' paths. Affected versions of this package are vulnerable to Prototype Pollution. The function set-value could be tricked into adding or modifying properties of Object.prototype using any of...

9.8CVSS6.7AI score0.02475EPSS
Exploits1References3
Snyk
Snyk
added 2019/06/19 9:34 a.m.1 views

Prototype Pollution

Overview mixin-deep is a package that deeply mixes the properties of objects into the first object. Affected versions of this package are vulnerable to Prototype Pollution. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...

9.8CVSS9AI score0.03508EPSS
Exploits1References3
Snyk
Snyk
added 2019/06/19 9:28 a.m.1 views

Prototype Pollution

Overview assign-deep is a library for deeply assigning the values of all enumerable-own-properties and symbols from one or more source objects to a target object. Affected versions of this package are vulnerable to Prototype Pollution. The function assign-deep could be tricked into adding or...

7.5CVSS6.8AI score0.01142EPSS
Exploits1References3
Rows per page
Query Builder