Lodash, a popular JavaScript library used by more than 4 million projects on GitHub, is affected by a high severity security vulnerability. The vulnerability, assigned as CVE-2019-10744, potentially affects a large number of frontend projects. It is a vulnerability that enables attackers to modify a web application’s JavaScript object prototype, which is like a variable that can be used to store multiple values based on a predefined structure. If an attacker manages to inject properties into existing JavaScript language construct prototypes and manipulate these attributes to overwrite or pollute, it could affect how the application processes JavaScript objects.
Source: https://thehackernews.com/2019/07/lodash-prototype-pollution.html