This block + 6,000 more — yours with Pro

Dashboard Vulnerability Scan

196/200
Docs
Vulnerability Scan

847 dependencies scanned · 18 min ago

5 vulnerabilities found
2 critical1 high1 medium1 low

A prototype pollution vulnerability in lodash allows attackers to inject properties into Object.prototype via the merge, mergeWith, and defaultsDeep functions. This can lead to remote code execution when untrusted input is passed to these functions.

Fix available·Upgrade to 4.17.22
Remediation

Upgrade lodash to version 4.17.22 or later. Run: npm install [email protected]. If upgrading is not immediately possible, validate all inputs to merge/mergeWith/defaultsDeep and reject objects with __proto__ or constructor keys.