underscore.deep is vulnerable to prototype pollution. An attacker is able to pollute any future object creations by passing a crafted malicious payload to deepFromFlat
function.
CPE | Name | Operator | Version |
---|---|---|---|
underscore.deep | le | 0.5.2 | |
underscore.deep | le | 0.5.2 |