CX: CVE-2018-16487 in Unknown-lodash and 2.4.2 @ nodegoat_cxflow.master
Description
A prototype pollution vulnerability was found in lodash where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
HIGH Vulnerable Package issue exists @ lodash in branch master
Vulnerability ID: CVE-2018-16487
Package Name: lodash
Severity: HIGH
CVSS Score: 9.8
Publish Date: 2019-02-01T18:29:00
Current Package Version: 2.4.2
Remediation Upgrade Recommendation: 4.17.20