lodash.mergewith before 4.6.1 are vulnerable to Prototype Pollution. The function 'mergeWith' may allow a malicious user to modify the prototype of
__proto__ causing the addition or modification of an existing property that will exist on all objects.
Update to version 4.6.1 or later.
publishedAdvisory PublishedJul 15th, 2019
reportedReported by Olivier Arteau (HoLyVieR)Jul 15th, 2019