VulnerableCode Package Details - pkg:npm/lodash.defaultsdeep@4.6.1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-63cg-xat6-h7fd	Prototype Pollution in lodash.defaultsdeep Versions of `lodash.defaultsdeep` before 4.6.1 are vulnerable to prototype pollution. The function `mergeWith` may allow a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects. ## Recommendation Update to version 4.6.1 or later.	GHSA-h5mp-5q4p-ggf5 GMS-2020-351
VCID-dzeb-zu9x-g3bq	Prototype Pollution in lodash Versions of `lodash` before 4.17.12 are vulnerable to Prototype Pollution. The function `defaultsDeep` allows a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.	CVE-2019-10744 GHSA-jf85-cpcp-j695
VCID-w573-jvp9-3bcq	Prototype Pollution in lodash.defaultsdeep Versions of `lodash.defaultsdeep` before 4.6.1 are vulnerable to Prototype Pollution. The function 'defaultsDeep' may allow a malicious user to modify the prototype of `Object` via `__proto__` causing the addition or modification of an existing property that will exist on all objects. ## Recommendation Update to version 4.6.1 or later.	GHSA-46fh-8fc5-xcwx GMS-2020-350

Vulnerability

Summary

Aliases

VCID-63cg-xat6-h7fd

Prototype Pollution in lodash.defaultsdeep Versions of `lodash.defaultsdeep` before 4.6.1 are vulnerable to prototype pollution. The function `mergeWith` may allow a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects. ## Recommendation Update to version 4.6.1 or later.

GHSA-h5mp-5q4p-ggf5
GMS-2020-351

VCID-dzeb-zu9x-g3bq

Prototype Pollution in lodash Versions of `lodash` before 4.17.12 are vulnerable to Prototype Pollution. The function `defaultsDeep` allows a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.

CVE-2019-10744
GHSA-jf85-cpcp-j695

VCID-w573-jvp9-3bcq

Prototype Pollution in lodash.defaultsdeep Versions of `lodash.defaultsdeep` before 4.6.1 are vulnerable to Prototype Pollution. The function 'defaultsDeep' may allow a malicious user to modify the prototype of `Object` via `__proto__` causing the addition or modification of an existing property that will exist on all objects. ## Recommendation Update to version 4.6.1 or later.

GHSA-46fh-8fc5-xcwx
GMS-2020-350

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:10:16.407608+00:00	GitLab Importer	Fixing	VCID-63cg-xat6-h7fd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash.defaultsdeep/GMS-2020-351.yml	38.4.0
2026-04-16T21:10:08.205663+00:00	GitLab Importer	Fixing	VCID-w573-jvp9-3bcq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash.defaultsdeep/GMS-2020-350.yml	38.4.0
2026-04-11T22:22:05.069632+00:00	GitLab Importer	Fixing	VCID-63cg-xat6-h7fd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash.defaultsdeep/GMS-2020-351.yml	38.3.0
2026-04-11T22:21:56.785982+00:00	GitLab Importer	Fixing	VCID-w573-jvp9-3bcq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash.defaultsdeep/GMS-2020-350.yml	38.3.0
2026-04-02T22:34:06.820788+00:00	GitLab Importer	Fixing	VCID-63cg-xat6-h7fd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash.defaultsdeep/GMS-2020-351.yml	38.1.0
2026-04-02T22:33:58.754314+00:00	GitLab Importer	Fixing	VCID-w573-jvp9-3bcq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash.defaultsdeep/GMS-2020-350.yml	38.1.0
2026-04-02T12:37:14.768246+00:00	GitLab Importer	Fixing	VCID-63cg-xat6-h7fd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash.defaultsdeep/GMS-2020-351.yml	38.0.0
2026-04-02T12:37:14.270702+00:00	GitLab Importer	Fixing	VCID-w573-jvp9-3bcq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash.defaultsdeep/GMS-2020-350.yml	38.0.0
2026-04-01T15:58:34.795046+00:00	GHSA Importer	Fixing	VCID-w573-jvp9-3bcq	https://github.com/advisories/GHSA-46fh-8fc5-xcwx	38.0.0
2026-04-01T15:58:34.755640+00:00	GHSA Importer	Fixing	VCID-63cg-xat6-h7fd	https://github.com/advisories/GHSA-h5mp-5q4p-ggf5	38.0.0
2026-04-01T15:57:35.029047+00:00	GHSA Importer	Fixing	VCID-dzeb-zu9x-g3bq	https://github.com/advisories/GHSA-jf85-cpcp-j695	38.0.0
2026-04-01T13:04:37.515299+00:00	GithubOSV Importer	Fixing	VCID-dzeb-zu9x-g3bq	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/07/GHSA-jf85-cpcp-j695/GHSA-jf85-cpcp-j695.json	38.0.0
2026-04-01T12:59:51.980486+00:00	GithubOSV Importer	Fixing	VCID-63cg-xat6-h7fd	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-h5mp-5q4p-ggf5/GHSA-h5mp-5q4p-ggf5.json	38.0.0
2026-04-01T12:59:42.212181+00:00	GithubOSV Importer	Fixing	VCID-w573-jvp9-3bcq	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-46fh-8fc5-xcwx/GHSA-46fh-8fc5-xcwx.json	38.0.0
2026-04-01T12:48:33.830146+00:00	GitLab Importer	Fixing	VCID-dzeb-zu9x-g3bq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash.defaultsdeep/CVE-2019-10744.yml	38.0.0