CX: CVE-2020-8203 in Npm-lodash and 1.0.2 @ JavaVulnerableLab.master

[satyamchaurasiapersistent]

Description

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

HIGH Vulnerable Package issue exists @ lodash in branch master

Vulnerability ID: CVE-2020-8203

Package Name: lodash

Severity: HIGH

CVSS Score: 7.4

Publish Date: 2020-07-15T17:15:00

Current Package Version: 1.0.2

Remediation Upgrade Recommendation: 4.17.21

Link To SCA

Reference – NVD link