2 matches found
CVE-2021-23337
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
CVE-2018-3721
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto , causing the addition or modification of an existing property th...