Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lodash lodash |
||
netapp service level manager - |
||
netapp active iq unified manager - |
||
redhat virtualization manager 4.3 |
||
oracle banking extensibility workbench 14.4.0 |
||
oracle banking extensibility workbench 14.3.0 |
||
f5 big-iq centralized management |
||
f5 iworkflow 2.3.0 |
||
f5 big-iq centralized management 7.0.0 |
||
f5 big-ip analytics |
||
f5 big-ip local traffic manager |
||
f5 big-ip application acceleration manager |
||
f5 big-ip advanced firewall manager |
||
f5 big-ip access policy manager |
||
f5 big-ip application security manager |
||
f5 big-ip domain name system |
||
f5 big-ip fraud protection service |
||
f5 big-ip global traffic manager |
||
f5 big-ip link controller |
||
f5 big-ip policy enforcement manager |
||
f5 big-ip edge gateway |
||
f5 big-ip webaccelerator |
||
f5 big-iq centralized management 5.4.0 |
||
f5 big-ip application visibility and reporting |