A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:lodash:lodash:*:*:*:*:*:node.js:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "4.17.11"
}
]
}