Description
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Remediation
References
Related Vulnerabilities
Magento Session Fixation Vulnerability (CVE-2019-7849)
MediaWiki Other Vulnerability (CVE-2005-3165)
WordPress Plugin NewStatPress Multiple Vulnerabilities (0.9.8)
OpenSSL Cryptographic Issues Vulnerability (CVE-2016-0800)
WordPress Plugin Integration of Moneybird for WooCommerce Cross-Site Scripting (2.1.1)