CVEFinder.io

CVE-2019-10744

β›” critical
πŸ” Scan for this CVE
Summary

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

CVSS Score
9.1
Critical
EPSS Score
2.4
Exploit Probability
Published Date
2019-07-26
First Seen: 2026-01-05
πŸ“Š Relative Risk Intelligence

This CVE is High Risk - more severe than 87.7% of all 317,883 vulnerabilities in our database.

#39,169
Top 25% most severe
Severity Percentile
Last Modified 2024-11-21
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE IDs (Weakness Types)
CWE-1321

πŸ“¦ Affected Products 79

Vendor Product Status Affected Versions
f5 big-ip_local_traffic_manager Affected
≥ 12.1.0 < 12.1.5.2
f5 big-ip_local_traffic_manager Affected
≥ 13.1.0 < 13.1.3.4
f5 big-ip_local_traffic_manager Affected
≥ 14.1.0 < 14.1.2.5
f5 big-ip_local_traffic_manager Affected
≥ 15.0.0 < 15.0.1.4
f5 big-ip_local_traffic_manager Affected
≥ 15.1.0 < 15.1.0.2
f5 big-ip_global_traffic_manager Affected
≥ 12.1.0 < 12.1.5.2
f5 big-ip_global_traffic_manager Affected
≥ 13.1.0 < 13.1.3.4
f5 big-ip_global_traffic_manager Affected
≥ 14.1.0 < 14.1.2.5
f5 big-ip_global_traffic_manager Affected
≥ 15.0.0 < 15.0.1.4
f5 big-ip_global_traffic_manager Affected
≥ 15.1.0 < 15.1.0.2
f5 big-ip_application_security_manager Affected
≥ 12.1.0 < 12.1.5.2
f5 big-ip_application_security_manager Affected
≥ 13.1.0 < 13.1.3.4
f5 big-ip_application_security_manager Affected
≥ 14.1.0 < 14.1.2.5
f5 big-ip_application_security_manager Affected
≥ 15.0.0 < 15.0.1.4
f5 big-ip_application_security_manager Affected
≥ 15.1.0 < 15.1.0.2
f5 big-ip_access_policy_manager Affected
≥ 12.1.0 < 12.1.5.2
f5 big-ip_access_policy_manager Affected
≥ 13.1.0 < 13.1.3.4
f5 big-ip_access_policy_manager Affected
≥ 14.1.0 < 14.1.2.5
f5 big-ip_access_policy_manager Affected
≥ 15.0.0 < 15.0.1.4
f5 big-ip_access_policy_manager Affected
≥ 15.1.0 < 15.1.0.2
f5 big-ip_edge_gateway Affected
≥ 12.1.0 < 12.1.5.2
f5 big-ip_edge_gateway Affected
≥ 13.1.0 < 13.1.3.4
f5 big-ip_edge_gateway Affected
≥ 14.1.0 < 14.1.2.5
f5 big-ip_edge_gateway Affected
≥ 15.0.0 < 15.0.1.4
f5 big-ip_edge_gateway Affected
≥ 15.1.0 < 15.1.0.2
f5 big-ip_application_acceleration_manager Affected
≥ 12.1.0 < 12.1.5.2
f5 big-ip_application_acceleration_manager Affected
≥ 13.1.0 < 13.1.3.4
f5 big-ip_application_acceleration_manager Affected
≥ 14.1.0 < 14.1.2.5
f5 big-ip_application_acceleration_manager Affected
≥ 15.0.0 < 15.0.1.4
f5 big-ip_application_acceleration_manager Affected
≥ 15.1.0 < 15.1.0.2
f5 big-ip_advanced_firewall_manager Affected
≥ 12.1.0 < 12.1.5.2
f5 big-ip_advanced_firewall_manager Affected
≥ 13.1.0 < 13.1.3.4
f5 big-ip_advanced_firewall_manager Affected
≥ 14.1.0 < 14.1.2.5
f5 big-ip_advanced_firewall_manager Affected
≥ 15.0.0 < 15.0.1.4
f5 big-ip_advanced_firewall_manager Affected
≥ 15.1.0 < 15.1.0.2
f5 big-ip_analytics Affected
≥ 12.1.0 ≤ 12.1.5
f5 big-ip_analytics Affected
≥ 13.1.0 ≤ 13.1.3
f5 big-ip_analytics Affected
≥ 14.1.0 ≤ 14.1.2
f5 big-ip_analytics Affected
≥ 15.0.0 < 15.0.1.3
f5 big-ip_analytics Affected
≥ 15.1.0 < 15.1.0.2
f5 big-ip_link_controller Affected
≥ 12.1.0 < 12.1.5.2
f5 big-ip_link_controller Affected
≥ 13.1.0 < 13.1.3.4
f5 big-ip_link_controller Affected
≥ 14.1.0 < 14.1.2.5
f5 big-ip_link_controller Affected
≥ 15.0.0 < 15.0.1.4
f5 big-ip_link_controller Affected
≥ 15.1.0 < 15.1.0.2
f5 big-ip_policy_enforcement_manager Affected
≥ 12.1.0 < 12.1.5.2
f5 big-ip_policy_enforcement_manager Affected
≥ 13.1.0 < 13.1.3.4
f5 big-ip_policy_enforcement_manager Affected
≥ 14.1.0 < 14.1.2.5
f5 big-ip_policy_enforcement_manager Affected
≥ 15.0.0 < 15.0.1.4
f5 big-ip_policy_enforcement_manager Affected
≥ 15.1.0 < 15.1.0.2
f5 big-ip_webaccelerator Affected
≥ 12.1.0 < 12.1.5.2
f5 big-ip_webaccelerator Affected
≥ 13.1.0 < 13.1.3.4
f5 big-ip_webaccelerator Affected
≥ 14.1.0 < 14.1.2.5
f5 big-ip_webaccelerator Affected
≥ 15.0.0 < 15.0.1.4
f5 big-ip_webaccelerator Affected
≥ 15.1.0 < 15.1.0.2
f5 big-iq_centralized_management Affected
≥ 6.0.0 ≤ 6.1.0
f5 big-iq_centralized_management Affected
v5.4.0
f5 big-iq_centralized_management Affected
v7.0.0
f5 big-ip_domain_name_system Affected
≥ 12.1.0 < 12.1.5.2
f5 big-ip_domain_name_system Affected
≥ 13.1.0 < 13.1.3.4
f5 big-ip_domain_name_system Affected
≥ 14.1.0 < 14.1.2.5
f5 big-ip_domain_name_system Affected
≥ 15.0.0 < 15.0.1.4
f5 big-ip_domain_name_system Affected
≥ 15.1.0 < 15.1.0.2
netapp service_level_manager Affected
v-
redhat virtualization_manager Affected
v4.3
f5 big-ip_fraud_protection_service Affected
≥ 12.1.0 < 12.1.5.2
f5 big-ip_fraud_protection_service Affected
≥ 13.1.0 < 13.1.3.4
f5 big-ip_fraud_protection_service Affected
≥ 14.1.0 < 14.1.2.5
f5 big-ip_fraud_protection_service Affected
≥ 15.0.0 < 15.0.1.4
f5 big-ip_fraud_protection_service Affected
≥ 15.1.0 < 15.1.0.2
f5 iworkflow Affected
v2.3.0
lodash lodash Affected
< 4.17.12
netapp active_iq_unified_manager Affected
v-
oracle banking_extensibility_workbench Affected
v14.3.0
oracle banking_extensibility_workbench Affected
v14.4.0
f5 big-ip_application_visibility_and_reporting Affected
≥ 12.1.0 < 12.1.5.2
f5 big-ip_application_visibility_and_reporting Affected
≥ 13.1.0 ≤ 13.1.3
f5 big-ip_application_visibility_and_reporting Affected
≥ 14.1.0 < 14.1.2.5
f5 big-ip_application_visibility_and_reporting Affected
≥ 15.1.0 < 15.1.1

πŸ”— References 6

https://access.redhat.com/errata/RHSA-2019:3024
Third Party Advisory
https://security.netapp.com/advisory/ntap-20191004-0...
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-LODASH-450202
Exploit Third Party Advisory
https://support.f5.com/csp/article/K47105354?utm_sou...
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
Patch Third Party Advisory

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-20732 ℹ️ low 3.1 0.1 A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error mes... 2026-02-04
CVE-2026-22548 πŸ”Ά medium 5.9 0.1 When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with con... 2026-02-04
CVE-2026-20730 ℹ️ low 3.3 0.0 A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access ... 2026-02-04
CVE-2025-13465 πŸ”Ά medium 5.3 0.0 Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unsetΒ and _.omitΒ functions. An at... 2026-01-21
CVE-2025-46706 ⚠️ high 7.5 0.1 When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an ... 2025-10-15
CVE-2025-48008 ⚠️ high 7.5 0.1 When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with ... 2025-10-15
These CVEs affect the same products