[wp-trac] [WordPress Trac] #60571: Lodash Vulnerability
WordPress Trac
noreply at wordpress.org
Mon Feb 19 10:57:54 UTC 2024
#60571: Lodash Vulnerability
--------------------------+-----------------------------
Reporter: adeel321 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 6.4.3
Severity: critical | Keywords:
Focuses: |
--------------------------+-----------------------------
Hi i am facing these vulnerabilities. kindly let me know how to fix it
CVE-2019-10744
1. Versions of lodash lower than 4.17.12 are vulnerable to Prototype
Pollution. The function
defaultsDeep could be tricked into adding or modifying properties of
Object.prototype using a
constructor payload.
2. Lodash Improperly Controlled Modification of
Object Prototype Attributes ('Prototype Pollution')
Vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2020-8203)
facing in both staging (https://dev.am.gov.ae/) and production
https://am.gov.ae/
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60571>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list