Advisories for Npm/Lodash.template package

2021

Command Injection in lodash

lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

2019

Prototype Pollution in lodash

Versions of lodash lower than are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.