lodash is vulnerable to prototype pollution attack. The vulnerability exists due to the ability to inject properties on Object.prototype using the function zipObjectDeep
, leading to DoS, and possibly other forms of attacks.
github.com/advisories/GHSA-p6mc-m468-83gw
github.com/lodash/lodash/issues/4744
github.com/lodash/lodash/issues/4874
github.com/lodash/lodash/pull/4759
hackerone.com/reports/712065
security.netapp.com/advisory/ntap-20200724-0006/
www.npmjs.com/advisories/1523
www.oracle.com//security-alerts/cpujul2021.html
www.oracle.com/security-alerts/cpuApr2021.html
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujan2022.html
www.oracle.com/security-alerts/cpuoct2021.html