GMS-2020-353: Prototype Pollution in lodash.merge
(updated )
Versions of lodash.merge
are vulnerable to prototype pollution. The function merge
may allow a malicious user to modify the prototype of Object
via {constructor: {prototype: {...}}}
causing the addition or modification of an existing property that will exist on all objects.
Update to or later.
References
Detect and mitigate GMS-2020-353 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →