Current Netsparker scan shows Critial out of date version of Lodash in current version of TrueNAS
Netsparker Enterprise identified that the target web site is using Lodash and detected that it is out of date.
Since this is an old version of the software, it may be vulnerable to attacks.
Lodash Prototype Pollution
Affected versions of this package are vulnerable to Prototype Pollution in zipObjectDeep due to an incomplete fix for CVE-2020- 8203. https://snyk.io/vuln/SNYK-JS-LODASH-590103
lodash Allocation of Resources Without Limits or Throttling Vulnerability
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.