GMS-2020-352: Prototype Pollution in lodash.merge
(updated )
Versions of lodash.merge
are vulnerable to Prototype Pollution. The function ‘merge’ may allow a malicious user to modify the prototype of Object
via __proto__
causing the addition or modification of an existing property that will exist on all objects.
Update to or later.
References
Detect and mitigate GMS-2020-352 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →