CVE-2019-10744 (banking_extensibility_workbench, big-ip_access_policy_manager, big-ip_advanced_firewall_manager, big-ip_analytics, big-ip_application_acceleration_manager, big-ip_application_security_manager, big-ip_application_visibility_and_reporting, big-ip_domain_name_system, big-ip_edge_gateway, big-ip_fraud_protection_service, big-ip_global_traffic_manager, big-ip_link_controller, big-ip_local_traffic_manager, big-ip_policy_enforcement_manager, big-ip_webaccelerator, big-iq_centralized_management, iworkflow, lodash, service_level_manager, virtualization_manager)

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

View Full Alert

Leave a Reply