5aces-service-registry (=1.0.1), 5aces-service-root (>=1.0.1 <=1.0.3) +195 more potentially affected by CVE-2020-8203 via lodash.setwith (=4.3.2)

lodash.setwith NPM version =4.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on lodash.setwith and may be impacted: - 5aces-service-registry =1.0.1 - 5aces-service-root =1.0.1, =1.2.14, =0.0.29, =0.7.0, =0.8.8, =0.19.0,...

Prototype Pollution in lodash

Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The functions pick, set, setWith, update, updateWith, and zipObjectDeep allow a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires...