CVE-2019-10744

CRITICAL

lodash < 4.17.12 - Prototype Pollution via defaultsDeep Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-10744. PoCs published by mlbrilliance.

AI-analyzed exploit summary This repository is a demo target for a supply chain security tool and intentionally includes vulnerable lockfiles for detection purposes. It does not contain exploit code but serves as a test case for vulnerability scanning.

Description

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

Exploits (1)

nomisec STUB

by mlbrilliance · poc

https://github.com/mlbrilliance/aurora-demo-lockfile

View Code ZIP pw:eip

This repository is a demo target for a supply chain security tool and intentionally includes vulnerable lockfiles for detection purposes. It does not contain exploit code but serves as a test case for vulnerability scanning.

Classification

Stub 100%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: N/A

No auth needed

Prerequisites: N/A

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed May 19, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2019:3024

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuoct2020.html

Exploit, Third Party Advisory x_refsource_confirm

https://snyk.io/vuln/SNYK-JS-LODASH-450202

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20191004-0005/

Third Party Advisory x_refsource_confirm

https://support.f5.com/csp/article/K47105354?utm_source=f5support&amp%3Butm_medium=RSS

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujan2021.html

Scores

CVSS v3 9.1

EPSS 0.1484

EPSS Percentile 94.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Details

CWE

CWE-1321

Status published

Products (29)

f5/big-ip_access_policy_manager 12.1.0 - 12.1.5.2

f5/big-ip_advanced_firewall_manager 12.1.0 - 12.1.5.2

f5/big-ip_analytics 12.1.0 - 12.1.5

f5/big-ip_application_acceleration_manager 12.1.0 - 12.1.5.2

f5/big-ip_application_security_manager 12.1.0 - 12.1.5.2

f5/big-ip_application_visibility_and_reporting 12.1.0 - 12.1.5.2

f5/big-ip_domain_name_system 12.1.0 - 12.1.5.2

f5/big-ip_edge_gateway 12.1.0 - 12.1.5.2

f5/big-ip_fraud_protection_service 12.1.0 - 12.1.5.2

f5/big-ip_global_traffic_manager 12.1.0 - 12.1.5.2

... and 19 more

Published Jul 26, 2019

Tracked Since Feb 18, 2026