lodash.defaultsdeep (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package lodash.defaultsdeep, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (1)
CVE-2019-10744 — CVSS 9.1 (critical): Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or…