Published: 26/07/2019 Updated: 21/01/2024

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 572

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lodash lodash
netapp service level manager -
netapp active iq unified manager -
redhat virtualization manager 4.3
oracle banking extensibility workbench 14.4.0
oracle banking extensibility workbench 14.3.0
f5 big-iq centralized management
f5 iworkflow 2.3.0
f5 big-iq centralized management 7.0.0
f5 big-ip analytics
f5 big-ip local traffic manager
f5 big-ip application acceleration manager
f5 big-ip advanced firewall manager
f5 big-ip access policy manager
f5 big-ip application security manager
f5 big-ip domain name system
f5 big-ip fraud protection service
f5 big-ip global traffic manager
f5 big-ip link controller
f5 big-ip policy enforcement manager
f5 big-ip edge gateway
f5 big-ip webaccelerator
f5 big-iq centralized management 5.4.0
f5 big-ip application visibility and reporting

Debian Bug report logs - #933079 node-lodash: CVE-2019-10744 Package: src:node-lodash; Maintainer for src:node-lodash is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 26 Jul 2019 13:30:05 UTC Severity: important Tags: sec ...

Synopsis Moderate: Red Hat OpenShift Service Mesh security update Type/Severity Security Advisory: Moderate Topic An update for jaeger, kiali, and servicemesh-grafana is now available for OpenShift Service Mesh 10Red Hat Product Security has rated this update as having a security impact of Moderate A Com ...

Synopsis Important: Red Hat AMQ Broker 7100 release and security update Type/Severity Security Advisory: Important Topic Red Hat AMQ Broker 7100 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...

Synopsis Moderate: ovirt-web-ui security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for ovirt-web-ui is now available for Red Hat Virtualization Engine 43Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring ...

Impact: Important Public Date: 2019-08-09 CWE: CWE-20 Bugzilla: 1739497: CVE-2019-10744 nodejs-lodash: ...

Parses, summarizes, and prints "npm audit" json output to markdown for nVision reports

npm-deps-parser Parses, summarizes, and prints "npm audit" json output to markdown Because neither making sense out of npm audit nor manually writing markdown tables is fun Caveats Will need to parse the CSV rating or get it from an api Usage The fastest way to use the parser is to pass the npm audit --json output as stdin To do so run the following from the folde

Convert a performatted CSV file to multiple valid localization files

Archive project with security advisory in dependencies This project has not been used for a long time and is not currently maintaned There are 2 security issues in dependecies: csv-parse CVE-2019-17592 lodash CVE-2019-1010266 CVE-2019-10744 CVE-2018-16487 CsvToL10nJson Convert a performatted CSV file to multiple valid localization files This module converts a single CSV file

A CQL query builder written in the spirit of Knexjs

CassanKnex A fully tested Apache Cassandra CQL query builder with support for the DataStax NodeJS driver, written in the spirit of Knex for CQL 3x Installation npm install cassanknex Index Why CassanKnex Usage Generating Queries Executing Queries Bring Your Own Driver Quick Start Debugging Queries Query Executors (Examples) exec each

js-security-updates-nolock Behavior without a packagelockjson With a suggested min version - no depenedabot alert with an exact vulnerable version - dependabot alert PR for CVE-2019-10744 advisory (and others): #1

A string utility package for caseless comparison of strings and object property retrieval and transformation

casefold The idea for this package came from Python's strcasefold function, which allows strings to be compared without regard to casing This package also auto-trims whitespace when comparing values, in most cases Important Notes This package was part of a larger project related to object transformation, so some functionality may not be as sensible for a standalone pac

SECBENCHJS: An Executable Security Benchmark Suite for Server-Side JavaScript This repository contains the data files, scripts, and code of the Secbenchjs benchmark Introduction Secbenchjs is the first benchmark suite of server-side JavaScript vulnerabilities This benchmark consists of 600 publicly reported vulnerabilities curated from different advisory databases, such as

CWE-1321 https://snyk.io/vuln/SNYK-JS-LODASH-450202 https://security.netapp.com/advisory/ntap-20191004-0005/https://access.redhat.com/errata/RHSA-2019:3024 https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/security-alerts/cpujan2021.html https://support.f5.com/csp/article/K47105354?utm_source=f5support&%3Butm_medium=RSS https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933079 https://nvd.nist.gov https://github.com/nVisium/npm-deps-parser https://access.redhat.com/security/cve/cve-2019-10744

CVE-2019-10744

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect