lodash before 4.17.5 are vulnerable to prototype pollution.
The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of
__proto__ causing the addition or modification of an existing property that will exist on all objects.
Update to version 4.17.5 or later.
publishedAdvisory publishedApr 24th, 2018
reportedInitial report by Olivier Arteau (HoLyVieR)Apr 24th, 2018