Please fix vulnerabilities/warning "Versions of lodash before 4.17.5 are vulnerable to prototype pollution"

Overview
Versions of lodash before 4.17.5 are vulnerable to prototype pollution.

The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects.

PFA.

Remediation
Update to version 4.17.11 or later.

https://www.npmjs.com/advisories
[result.txt](https://github.com/oauthjs/express-oauth-server/files/5067355/result.txt)
/782

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Please fix vulnerabilities/warning "Versions of lodash before 4.17.5 are vulnerable to prototype pollution" #101

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Please fix vulnerabilities/warning "Versions of lodash before 4.17.5 are vulnerable to prototype pollution" #101

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions