Open
Description
CVES CVE-2019-10744
CWE CWE-471
References: - Snyk Advisory
Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects.
@heapwolf @datcxx