Prototype Pollution in lodash.defaultsdeep

GHSA-46fh-8fc5-xcwx

Published Sep 3, 2020 · Modified Aug 31, 2020

Description

Versions of lodash.defaultsdeep before 4.6.1 are vulnerable to Prototype Pollution. The function 'defaultsDeep' may allow a malicious user to modify the prototype of Object via __proto__ causing the addition or modification of an existing property that will exist on all objects.

Recommendation

Update to version 4.6.1 or later.

References

WEB https://www.npmjs.com/advisories/1070

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes