Snyk research team discovers severe prototype pollution security vulnerabilities affecting all versions of lodash

The Snyk security research team recently discovered a severe prototype pollution security vulnerability (CVE-2019-10744) in all versions of the popular npm library lodash, which is used by over 4.35 million projects on GitHub and downloaded over 80 million times each month. The vulnerability could allow an attacker to inject malicious code into JavaScript applications, potentially leading to property injection, code injection, or denial of service. Snyk has already applied a security patch to protect its users, but no official fix has been published yet. Users are advised to update to the latest version of lodash (4.7.11) or apply a security patch provided by Snyk to remediate the vulnerability. The issue highlights the importance of keeping dependencies up-to-date and using tools like Snyk to monitor and protect against vulnerabilities.