Description
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
Remediation
References
Related Vulnerabilities
WordPress Plugin Surveys SQL Injection (1.01.8)
Oracle Database Server CVE-2015-0373 Vulnerability (CVE-2015-0373)
Jetty Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-8184)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-30537)
JBoss Application Server Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-3609)