Advisories for Npm/Lodash-Amd package

lodash prior to 4.17.11 is affected by CWE-400 Uncontrolled Resource Consumption. The impact is a Denial of service. The component is the Date handler. The attack vector is an Attacker provides very long strings, which the library attempts to match using a regular expression.

Versions of lodash lower than are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.