Vulnerabilities > CVE-2018-16487 - Unspecified vulnerability in Lodash

047910
CVSS 5.6 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
LOW
network
high complexity
lodash
NVD
Published: 2019-02-01
Updated: 2020-09-18

Summary

A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.

Vulnerable Configurations

Part Description Count
Application
Lodash
185

References