@anjuna/charts (>=1.0.0-preview.45 <=1.0.0-preview.47), @badgeup/badgeup-browser-client (>=0.3.0 <=3.0.0) +216 more potentially affected by unknown CVE via lodash.defaultsdeep (>=3.10.0 <=4.6.0)

lodash.defaultsdeep NPM version =3.10.0, =1.0.0-preview.45, =0.3.0, =0.1.0, =0.3.0, =6.0.2, =1.0.0-rc.1, =1.2.0, =1.0.0, =0.9.16, =0.0.1, =0.275.1-chore-update-deps.3894.0, =0.18.2-alpha.1, =1.0.0, =1.1.1, =3.1.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-46FH-8FC5-XCWX...

Prototype Pollution in lodash.defaultsdeep

Versions of lodash.defaultsdeep before 4.6.1 are vulnerable to Prototype Pollution. The function 'defaultsDeep' may allow a malicious user to modify the prototype of Object via proto causing the addition or modification of an existing property that will exist on all objects. Recommendation Update...

@anjuna/charts (>=1.0.0-preview.45 <=1.0.0-preview.47), @badgeup/badgeup-browser-client (>=0.3.0 <=3.0.0) +216 more potentially affected by unknown CVE via lodash.defaultsdeep (>=3.10.0 <=4.6.0)

lodash.defaultsdeep NPM version =3.10.0, =1.0.0-preview.45, =0.3.0, =0.1.0, =0.3.0, =6.0.2, =1.0.0-rc.1, =1.2.0, =1.0.0, =0.9.16, =0.0.1, =0.275.1-chore-update-deps.3894.0, =0.18.2-alpha.1, =1.0.0, =1.1.1, =3.1.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-H5MP-5Q4P-GGF5...

Prototype Pollution in lodash.defaultsdeep

Versions of lodash.defaultsdeep before 4.6.1 are vulnerable to prototype pollution. The function mergeWith may allow a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing property that will exist on all objects...

Prototype Pollution

Overview Versions of lodash.defaultsdeep before 4.6.1 are vulnerable to prototype pollution. The function mergeWith may allow a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing property that will exist on all...

@anjuna/charts (>=1.0.0-preview.45 <=1.0.0-preview.47), @badgeup/badgeup-browser-client (>=0.3.0 <=3.0.0) +216 more potentially affected by CVE-2019-10744 via lodash.defaultsdeep (>=3.10.0 <=4.6.0)

lodash.defaultsdeep NPM version =3.10.0, =1.0.0-preview.45, =0.3.0, =0.1.0, =0.3.0, =6.0.2, =1.0.0-rc.1, =1.2.0, =1.0.0, =0.9.16, =0.0.1, =0.275.1-chore-update-deps.3894.0, =0.18.2-alpha.1, =1.0.0, =1.1.1, =3.1.0 and more Source cves: CVE-2019-10744 Source advisory: OSV:GHSA-JF85-CPCP-J695...