Remediation
Upgrade lodash to version 4.17.13 or later. For example:
"dependencies": {
"lodash": ">=4.17.13"
}
or…
"devDependencies": {
"lodash": ">=4.17.13"
}
Always verify the validity and compatibility of suggestions with your codebase.
Details
CVE-2019-10744 More information
critical severity
Vulnerable versions: < 4.17.13
Patched version: 4.17.13
Affected versions of lodash are vulnerable to Prototype Pollution.
The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Remediation Upgrade lodash to version 4.17.13 or later. For example:
"dependencies": { "lodash": ">=4.17.13" } or… "devDependencies": { "lodash": ">=4.17.13" } Always verify the validity and compatibility of suggestions with your codebase.
Details CVE-2019-10744 More information critical severity Vulnerable versions: < 4.17.13 Patched version: 4.17.13 Affected versions of lodash are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.