Prototype Pollution vulnerabilities

Hi, I am using Snyk to find vulnerabilities in my code.
This is what I got from running the scan on my code:

lodash.set Prototype Pollution

VULNERABILITY
[CWE-400](https://cwe.mitre.org/data/definitions/400.html)
[CVSS 7.3](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C) HIGH
[SNYK-JS-LODASHSET-1320032](https://app.snyk.io/vuln/SNYK-JS-LODASHSET-1320032)
SCORE
472

Introduced through
serverless-python-requirements@5.3.1

Detailed paths
Introduced through: chitom@1.0.0 › serverless-python-requirements@5.3.1 › [lodash.set](https://www.npmjs.com/package/lodash.set)@4.3.2

Fix: No remediation path available.
Overview

lodash.set is a lodash method _.set exported as a Node.js module.
Affected versions of this package are vulnerable to Prototype Pollution via the setWith and set functions.


Can you assist?
Thanks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Prototype Pollution vulnerabilities #681

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Prototype Pollution vulnerabilities #681

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions