Open
Description
CVES CVE-2019-10744
CWE CWE-471
References: - Snyk Advisory
Versions of lodash
before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep
allows a malicious user to modify the prototype of Object
via {constructor: {prototype: {...}}}
causing the addition or modification of an existing property that will exist on all objects.
@heapwolf @datcxx