lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of “Object” via proto, causing the addition or modification of an existing property that will exist on all objects.
CPE | Name | Operator | Version |
---|---|---|---|
lodash | lt | 4.17.5 | |
system_manager | eq | 9.0 |