Name of the Vulnerable Software and Affected Versions lodash.merge versions prior to 4.6.2

Description The issue allows a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} using the merge function, potentially causing the addition or modification of an existing property that will exist on all objects.

Recommendations Update to version 4.6.2 or later.