lodash node module prior to 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lodash lodash |
||
netapp active iq unified manager - |
||
netapp system manager 9.0 |