lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto , causing the addition or modification of an existing property th...
6.5CVSS
6.3AI Score
0.001EPSS
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
7.2CVSS
7.1AI Score
0.009EPSS