[VULN] Security Alert for lodash.mergewith

Alert IDs:
- 2f80561b-987b-492c-a507-c4351c5b94a4
- 592a67d3-e50d-4cc5-95b7-9444f3e1ff39

## Vulnerabilities in lodash.mergewith

**Release:** 21st May Release

**Total Vulnerabilities:** 2

---

### 1. GHSA-779f-wgxg-qr8f

**Severity:** HIGH (Score: 0.0)

**Description:**
Versions of `lodash.mergewith` before 4.6.2 are vulnerable to prototype pollution. The function `mergeWith` may allow a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.




## Recommendation

Update to version 4.6.2 or later.

**Reference:** https://github.com/advisories/GHSA-779f-wgxg-qr8f

**Alert ID:** 2f80561b-987b-492c-a507-c4351c5b94a4

---

### 2. GHSA-5947-m4fg-xhqg

**Severity:** HIGH (Score: 0.0)

**Description:**
Versions of `lodash.mergewith` before 4.6.1 are vulnerable to Prototype Pollution. The function 'mergeWith' may allow a malicious user to modify the prototype of `Object` via `__proto__` causing the addition or modification of an existing property that will exist on all objects.




## Recommendation

Update to version 4.6.1 or later.

**Reference:** https://github.com/advisories/GHSA-5947-m4fg-xhqg

**Alert ID:** 592a67d3-e50d-4cc5-95b7-9444f3e1ff39

---



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[VULN] Security Alert for lodash.mergewith #987

Vulnerabilities in lodash.mergewith

1. GHSA-779f-wgxg-qr8f

Recommendation

2. GHSA-5947-m4fg-xhqg

Recommendation

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

[VULN] Security Alert for lodash.mergewith #987

Description

Vulnerabilities in lodash.mergewith

1. GHSA-779f-wgxg-qr8f

Recommendation

2. GHSA-5947-m4fg-xhqg

Recommendation

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions