GMS-2020-351: Prototype Pollution in lodash.defaultsdeep
(updated )
Versions of lodash.defaultsdeep
are vulnerable to prototype pollution. The function mergeWith
may allow a malicious user to modify the prototype of Object
via {constructor: {prototype: {...}}}
causing the addition or modification of an existing property that will exist on all objects.
Update to or later.
References
Detect and mitigate GMS-2020-351 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →