An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtOTYtOXc0ai13Z3Y3
Prototype Pollution in lodash.merge
lodash.merge before 4.6.1 are vulnerable to Prototype Pollution. The function 'merge' may allow a malicious user to modify the prototype of
__proto__ causing the addition or modification of an existing property that will exist on all objects.
Update to version 4.6.1 or later.Permalink: https://github.com/advisories/GHSA-2m96-9w4j-wgv7
Source: GitHub Advisory Database
Published: about 3 years ago
Updated: 9 months ago
Fixed in: 4.6.1