CVE-2020-8203: 
JavaScript vulnerability analysis and mitigation

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. The vulnerability was discovered and reported through HackerOne (CVE-2020-8203). This security issue affects the lodash library, which is widely used in JavaScript applications (HackerOne Report).

The vulnerability exists in the _.zipObjectDeep function of lodash library versions prior to 4.17.20. It allows attackers to perform prototype pollution attacks, which can lead to property injection or modification of the global Object prototype. The vulnerability has a CVSS v3.1 base score of 7.4 (High), with attack vector being Network, attack complexity High, requiring no privileges or user interaction (Ubuntu CVE).

A successful exploitation of this vulnerability could lead to unauthorized modification of application data through prototype pollution. This could potentially result in application behavior manipulation, data corruption, and in some cases lead to remote code execution depending on the application context (NetApp Advisory).

The primary mitigation is to upgrade lodash to version 4.17.20 or later which contains the fix for this vulnerability. No alternative workarounds are documented for this specific issue (NetApp Advisory).