VYPR
High severityNVD Advisory· Published Feb 1, 2019· Updated Aug 5, 2024

CVE-2018-16487

CVE-2018-16487

Description

A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
lodashnpm
< 4.17.114.17.11
lodash-railsRubyGems
< 4.17.114.17.11

Affected products

3

Patches

Vulnerability mechanics

References

7

News mentions

1