CVE-2019-10744: Input Validation

First published: Wed Jul 10 2019(Updated: )

A Prototype Pollution vulnerability was found in lodash. Calling certain methods with untrusted JSON could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.

Credit: report@snyk.io report@snyk.io report@snyk.io

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-cve
• agent/type
• agent/first-publish-date
• agent/severity
• agent/references
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2019-10744
• agent/software-canonical-lookup
• agent/description
• agent/author
• agent/weakness
• agent/remedy
• collector/github-advisory-latest
• source/GitHub
• alias/GHSA-jf85-cpcp-j695
• collector/github-advisory
• collector/ibm-support
• source/IBM
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• agent/event
• agent/trending
• agent/source
• agent/tags
• agent/softwarecombine
• collector/nvd-index
• agent/software-canonical-lookup-request
• collector/nvd-cve
• source/NVD
• collector/nvd-api
• package-manager/redhat
• package-manager/npm
• vendor/lodash
• canonical/lodash lodash node.js
• vendor/netapp
• canonical/netapp service level manager
• vendor/redhat
• canonical/red hat enterprise virtualization manager
• version/red hat enterprise virtualization manager/4.3
• vendor/oracle
• canonical/oracle banking extensibility workbench
• version/oracle banking extensibility workbench/14.3.0
• version/oracle banking extensibility workbench/14.4.0
• vendor/f5
• canonical/f5 access policy manager
• version/f5 access policy manager/12.1.0
• version/f5 access policy manager/13.1.0
• version/f5 access policy manager/14.1.0
• version/f5 access policy manager/15.0.0
• version/f5 access policy manager/15.1.0
• canonical/f5 big-ip advanced firewall manager
• version/f5 big-ip advanced firewall manager/12.1.0
• version/f5 big-ip advanced firewall manager/13.1.0
• version/f5 big-ip advanced firewall manager/14.1.0
• version/f5 big-ip advanced firewall manager/15.0.0
• version/f5 big-ip advanced firewall manager/15.1.0
• canonical/f5 big-ip analytics
• version/f5 big-ip analytics/12.1.0
• version/f5 big-ip analytics/12.1.5
• version/f5 big-ip analytics/13.1.0
• version/f5 big-ip analytics/13.1.3
• version/f5 big-ip analytics/14.1.0
• version/f5 big-ip analytics/14.1.2
• version/f5 big-ip analytics/15.0.0
• version/f5 big-ip analytics/15.1.0
• canonical/f5 big-ip application acceleration manager
• version/f5 big-ip application acceleration manager/12.1.0
• version/f5 big-ip application acceleration manager/13.1.0
• version/f5 big-ip application acceleration manager/14.1.0
• version/f5 big-ip application acceleration manager/15.0.0
• version/f5 big-ip application acceleration manager/15.1.0
• canonical/f5 application security manager
• version/f5 application security manager/12.1.0
• version/f5 application security manager/13.1.0
• version/f5 application security manager/14.1.0
• version/f5 application security manager/15.0.0
• version/f5 application security manager/15.1.0
• canonical/f5 big-ip application visibility and reporting
• version/f5 big-ip application visibility and reporting/12.1.0
• version/f5 big-ip application visibility and reporting/13.1.0
• version/f5 big-ip application visibility and reporting/13.1.3
• version/f5 big-ip application visibility and reporting/14.1.0
• version/f5 big-ip application visibility and reporting/15.1.0
• canonical/f5 big-ip domain name system
• version/f5 big-ip domain name system/12.1.0
• version/f5 big-ip domain name system/13.1.0
• version/f5 big-ip domain name system/14.1.0
• version/f5 big-ip domain name system/15.0.0
• version/f5 big-ip domain name system/15.1.0
• canonical/f5 big-ip edge gateway
• version/f5 big-ip edge gateway/12.1.0
• version/f5 big-ip edge gateway/13.1.0
• version/f5 big-ip edge gateway/14.1.0
• version/f5 big-ip edge gateway/15.0.0
• version/f5 big-ip edge gateway/15.1.0
• canonical/f5 big-ip fraud protection services
• version/f5 big-ip fraud protection services/12.1.0
• version/f5 big-ip fraud protection services/13.1.0
• version/f5 big-ip fraud protection services/14.1.0
• version/f5 big-ip fraud protection services/15.0.0
• version/f5 big-ip fraud protection services/15.1.0
• canonical/f5 big-ip global traffic manager
• version/f5 big-ip global traffic manager/12.1.0
• version/f5 big-ip global traffic manager/13.1.0
• version/f5 big-ip global traffic manager/14.1.0
• version/f5 big-ip global traffic manager/15.0.0
• version/f5 big-ip global traffic manager/15.1.0
• canonical/f5 big-ip
• version/f5 big-ip/12.1.0
• version/f5 big-ip/13.1.0
• version/f5 big-ip/14.1.0
• version/f5 big-ip/15.0.0
• version/f5 big-ip/15.1.0
• canonical/f5 big-ip local traffic manager
• version/f5 big-ip local traffic manager/12.1.0
• version/f5 big-ip local traffic manager/13.1.0
• version/f5 big-ip local traffic manager/14.1.0
• version/f5 big-ip local traffic manager/15.0.0
• version/f5 big-ip local traffic manager/15.1.0
• canonical/f5 big-ip policy enforcement manager
• version/f5 big-ip policy enforcement manager/12.1.0
• version/f5 big-ip policy enforcement manager/13.1.0
• version/f5 big-ip policy enforcement manager/14.1.0
• version/f5 big-ip policy enforcement manager/15.0.0
• version/f5 big-ip policy enforcement manager/15.1.0
• canonical/f5 big-ip webaccelerator
• version/f5 big-ip webaccelerator/12.1.0
• version/f5 big-ip webaccelerator/13.1.0
• version/f5 big-ip webaccelerator/14.1.0
• version/f5 big-ip webaccelerator/15.0.0
• version/f5 big-ip webaccelerator/15.1.0
• canonical/f5 big-ip and big-iq centralized management
• version/f5 big-ip and big-iq centralized management/6.0.0
• version/f5 big-ip and big-iq centralized management/6.1.0
• version/f5 big-ip and big-iq centralized management/5.4.0
• version/f5 big-ip and big-iq centralized management/7.0.0
• canonical/f5 iworkflow
• version/f5 iworkflow/2.3.0
• canonical/netapp active iq unified manager
• canonical/netapp active iq unified manager for vmware vsphere
• canonical/netapp active iq unified manager windows