PT-2026-3846 · Lodash+1 · Lodash+1

Jordan Harband

+3

·

Published

2025-01-01

·

Updated

2026-04-21

·

CVE-2025-13465

CVSS v4.0

7.9

High

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H
Name of the Vulnerable Software and Affected Versions Lodash versions 4.0.0 through 4.17.22
Description Lodash versions 4.0.0 through 4.17.22 are susceptible to prototype pollution within the .unset and .omit functions. An attacker can leverage crafted paths to trigger the deletion of methods from global prototypes. The issue allows for property deletion but does not permit modification of the original behavior of those properties.
Recommendations Update to Lodash version 4.17.23 or later.

Fix

Prototype Pollution

Weakness Enumeration

CWE-1321

Related Identifiers

ALSA-2026:2438
ALSA-2026:2452
CVE-2025-13465
GHSA-XXJR-MMJV-4GPG
OPENSUSE-SU-2026:10124-1
OPENSUSE-SU-2026:10147-1
OPENSUSE-SU-2026:10148-1
OPENSUSE-SU-2026:10149-1
OPENSUSE-SU-2026:10150-1
OPENSUSE-SU-2026:10154-1
OPENSUSE-SU-2026:10155-1
OPENSUSE-SU-2026:20177-1
OPENSUSE-SU-2026:20181-1
OPENSUSE-SU-2026:20182-1
OPENSUSE-SU-2026:20185-1
OPENSUSE-SU-2026:20244-1
OPENSUSE-SU-2026:20251-1
OPENSUSE-SU-2026:20336-1
RHSA-2026:2438
RHSA-2026:2452
RHSA-2026:2462
RHSA-2026:2465
RHSA-2026:2469
RHSA-2026:2484
RHSA-2026:2816
RHSA-2026:2817
RHSA-2026:2818
RHSA-2026:2819
RHSA-2026:3958
SUSE-SU-2026:0379-1
SUSE-SU-2026:0396-1
SUSE-SU-2026:0397-1
SUSE-SU-2026:1008-1
SUSE-SU-2026:1013-1
SUSE-SU-2026:1035-1
SUSE-SU-2026:1524-1
SUSE-SU-2026:20232-1
SUSE-SU-2026:20236-1
SUSE-SU-2026:20237-1
SUSE-SU-2026:20336-1
SUSE-SU-2026:20337-1
SUSE-SU-2026:20338-1
SUSE-SU-2026:20454-1
SUSE-SU-2026:20494-1
SUSE-SU-2026:20538-1
SUSE-SU-2026:20540-1
SUSE-SU-2026:20576-1
SUSE-SU-2026:20580-1
SUSE-SU-2026:20650-1
SUSE-SU-2026:20653-1
SUSE-SU-2026:20688-1
SUSE-SU-2026:20695-1

Affected Products

Lodash
Rocky Linux