VulnerableCode Vulnerability Details - VCID-w573-jvp9-3bcq

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-w573-jvp9-3bcq

Essentials
Severities (2)
References (2)
Severity details (2)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-w573-jvp9-3bcq
Aliases	GHSA-46fh-8fc5-xcwx GMS-2020-350
Summary	Prototype Pollution in lodash.defaultsdeep Versions of `lodash.defaultsdeep` before 4.6.1 are vulnerable to Prototype Pollution. The function 'defaultsDeep' may allow a malicious user to modify the prototype of `Object` via `__proto__` causing the addition or modification of an existing property that will exist on all objects. ## Recommendation Update to version 4.6.1 or later.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1321	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-46fh-8fc5-xcwx
generic_textual	HIGH	https://www.npmjs.com/advisories/1070

Reference id	Reference type	URL
		https://www.npmjs.com/advisories/1070
GHSA-46fh-8fc5-xcwx		https://github.com/advisories/GHSA-46fh-8fc5-xcwx

No exploits are available.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:59:42.208288+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-46fh-8fc5-xcwx/GHSA-46fh-8fc5-xcwx.json	38.0.0