Skip to content

1065:lodash:Prototype Pollution #2

Open
@heapwolf

Description

@heapwolf

CVES CVE-2019-10744
CWE CWE-471
References: - Snyk Advisory
Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects.

@heapwolf @datcxx

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions