VYPR
Medium severity6.5NVD Advisory· Published Jun 7, 2018· Updated Jun 17, 2026

CVE-2018-3721

CVE-2018-3721

Description

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
lodashnpm
< 4.17.54.17.5
lodash-railsRubyGems
< 4.17.54.17.5

Affected products

3
  • ghsa-coords2 versions
    < 4.17.5+ 1 more
    • (no CPE)range: < 4.17.5
    • (no CPE)range: < 4.17.5
  • HackerOne/lodash node modulev5
    Range: Versions before 4.17.5

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.