Name of the Vulnerable Software and Affected Versions lodash.mergewith versions prior to 4.6.1

Description The issue allows a malicious user to modify the prototype of Object via proto, causing the addition or modification of an existing property that will exist on all objects. This is due to the mergeWith function in lodash.mergewith.

Recommendations Update to version 4.6.1 or later.