GMS-2020-354: Prototype Pollution in lodash.mergewith
(updated )
Versions of lodash.mergewith
are vulnerable to Prototype Pollution. The function ‘mergeWith’ may allow a malicious user to modify the prototype of Object
via __proto__
causing the addition or modification of an existing property that will exist on all objects.
Update to or later.
References
Detect and mitigate GMS-2020-354 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →