Share
## https://sploitus.com/exploit?id=0EFC61DB-6712-5A20-BC15-1A1F40196053
# ๐Ÿ”ด CVE-2019-10744 | CVE-2018-16487 | CVE-2018-3721 | CVE-2021-23337
## Lodash Prototype Pollution to Full Information Disclosure - POC

[![Severity](https://img.shields.io/badge/SEVERITY-CRITICAL-red)](https://github.com)
[![CVE](https://img.shields.io/badge/CVE-2019--10744-orange)](https://nvd.nist.gov/vuln/detail/CVE-2019-10744)
[![CVE](https://img.shields.io/badge/CVE-2018--16487-orange)](https://nvd.nist.gov/vuln/detail/CVE-2018-16487)
[![CVE](https://img.shields.io/badge/CVE-2018--3721-yellow)](https://nvd.nist.gov/vuln/detail/CVE-2018-3721)
[![CVE](https://img.shields.io/badge/CVE-2021--23337-red)](https://nvd.nist.gov/vuln/detail/CVE-2021-23337)
[![Lodash](https://img.shields.io/badge/Lodash-โ‰ค4.17.21-blue)](https://lodash.com/)

---

## ๐Ÿ“‹ Table of Contents
- [Overview](#overview)
- [CVEs Covered](#cves-covered)
- [Impact Assessment](#impact-assessment)
- [Requirements](#requirements)
- [Quick Start](#quick-start)
- [POC Execution](#poc-execution)
- [Expected Output](#expected-output)
- [Exploitation Details](#exploitation-details)
- [Detection Methods](#detection-methods)
- [Remediation](#remediation)
- [References](#references)
- [Disclaimer](#disclaimer)

---

## ๐Ÿ“Œ Overview

This repository contains a **Proof of Concept (POC)** for multiple critical vulnerabilities in **Lodash versions โ‰ค 4.17.21**, demonstrating how prototype pollution can lead to:

- ๐Ÿ”“ **Authentication Bypass**
- ๐ŸŒ **Unauthenticated API Access**
- ๐Ÿ”‘ **Secret/Token Extraction**
- ๐Ÿ“ก **SSRF (Server-Side Request Forgery)**
- ๐Ÿ’พ **Sensitive Information Disclosure**

The POC is fully automated and works directly in the browser console, requiring no additional tools.

---

## ๐ŸŽฏ CVEs Covered

| CVE ID | Severity | Description | Affected Versions |
|--------|----------|-------------|-------------------|
| **CVE-2019-10744** | ๐Ÿ”ด HIGH | Prototype Pollution in `defaultsDeep` function | โ‰ค 4.17.11 |
| **CVE-2018-16487** | ๐Ÿ”ด HIGH | Prototype Pollution in `merge` function | โ‰ค 4.17.4 |
| **CVE-2018-3721** | ๐ŸŸก MEDIUM | Prototype Pollution in `mergeWith` function | โ‰ค 4.17.5 |
| **CVE-2021-23337** | ๐Ÿ”ด HIGH | Command Injection via `template` function | โ‰ค 4.17.20 |

---

## โš ๏ธ Impact Assessment

### Potential Attack Vectors

| Attack Vector | Impact | Difficulty |
|---------------|--------|------------|
| **Prototype Pollution** | Client-side privilege escalation | EASY |
| **Authentication Bypass** | Unauthorized access to admin features | MEDIUM |
| **SSRF via Proxy Endpoints** | Internal network scanning, cloud metadata theft | MEDIUM |
| **Secret Extraction** | API keys, JWT tokens, passwords exposed | EASY |
| **Information Disclosure** | Sensitive data leakage from unprotected APIs | EASY |

### CVSS Score Calculation
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score: 9.1 (CRITICAL)
Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
User Interaction: NONE
Confidentiality Impact: HIGH
Integrity Impact: HIGH

---

## ๐Ÿ’ป Requirements

- **Target:** Any web application using Lodash โ‰ค 4.17.21
- **Browser:** Chrome, Firefox, Edge, or any modern browser
- **Access:** Browser console (F12)
- **Network:** Internet connection to fetch JavaScript bundles

### Tested On
- โœ… Angular 2+ applications
- โœ… React applications with Lodash
- โœ… Vue.js applications
- โœ… Leaflet.js mapping applications
- โœ… Azure Front Door hosted apps

---

## ๐Ÿš€ Quick Start

### Step 1: Open Target Website
Navigate to the target web application in your browser.

### Step 2: Open Developer Console
- **Chrome/Edge:** `F12` or `Ctrl+Shift+J` (Windows) / `Cmd+Option+J` (Mac)
- **Firefox:** `F12` or `Ctrl+Shift+K` (Windows) / `Cmd+Option+K` (Mac)

### Step 3: Run the POC
Copy and paste the entire script from `poc.js` into the console and press `Enter`.

### Step 4: Analyze Results
Review the console output and the visual indicator that appears on the page.