CVE ID | Publié | Description | Score | Gravité |
---|---|---|---|---|
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. | 7.2 |
Haute |
||
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | 6.5 |
Moyen |