← Back to CVE List
CVE-2019-10744
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
> MITRE Terms of Use apply – see LICENSE‑MITRE.txt