CVEFinder.io

CVE-2019-10744

⛔ critical
🔍 Scan for this CVE
Summary

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

CVSS Score
9.1
Critical
EPSS Score
2.4
Exploit Probability
Published Date
2019-07-26
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 87.7% of all 335,187 vulnerabilities in our database.

#41,089
Top 25% most severe
Severity Percentile
Last Modified 2024-11-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE IDs (Weakness Types)

📦 Affected Products 79

🔗 References 6

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-40699 🔶 medium 6.5 0.3 A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-privileged authenticat... 2026-05-13
CVE-2026-40703 🔶 medium 5.4 0.1 A cross-site request forgery (CSRF) vulnerability exists in the dashboard of the BIG-IP Configuration utility.  Note: S... 2026-05-13
CVE-2026-41217 ⚠️ high 7.9 0.1 A vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with ... 2026-05-13
CVE-2026-41218 ⚠️ high 7.5 0.3 When BIG-IP PEM iRules are configured on a virtual server (iRules using commands starting with CLASSIFICATION::, CLASSIF... 2026-05-13
CVE-2026-41219 🔶 medium 6.5 0.3 An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privileged attacker to read... 2026-05-13
CVE-2026-41225 ⛔ critical 9.1 0.3 A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role... 2026-05-13
These CVEs affect the same products