Advisories for Npm/Lodash package

All versions of package lodash; all versions of package org.fujion.webjars:lodash is vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

All versions of package lodash; all versions of package org.fujion.webjars:lodash is vulnerable to Command Injection via template.

Prototype pollution attack when using _.zipObjectDeep in lodash.

lodash is vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

lodash is affected by Uncontrolled Resource Consumption which can lead to a denial of service.

A prototype pollution vulnerability was found in lodash where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.

lodash node module suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of Object via proto, causing the addition or modification of an existing property that will exist on all objects.

Functions in Lodash ( merge, mergeWith, defaultsDeep) can modify the prototype of "Object" if given malicious data. This can lead to denial of service or remote code execution.