How to deal with prototype pollution attack vulnerability in lodash?

lodash has been reported to be vulnerable to the so called prototype pollution attack in versions up to (excluding) 4.17.5 See https://nvd.nist.gov/vuln/detail/CVE-2018-3721

Now lodash is the most depended upon package in the JavaScript eco system. The impact is that almost every at least mid-scale project has gazillions of different lodash dependencies and sub-dependencies in different versions included (run npm ls | grep lodash in a JS project of your choice to see for yourself). Now it will take lots and lots of effort and a lot of time to contribute to all of the open source projects that use lodash in version < 4.17.5.

Please explain, how can this vulnerability be used by attackers and what would be the right way to deal with this issue in a large scale frontend that has A LOT of production dependencies using lodash.