PT-2026-3846 · Lodash+2 · Lodash+2
Jordan Harband
+3
·
Published
2025-01-01
·
Updated
2026-06-09
·
CVE-2025-13465
CVSS v4.0
7.9
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
Lodash versions 4.0.0 through 4.17.22
Description
Lodash versions 4.0.0 through 4.17.22 are susceptible to prototype pollution within the
.unset and .omit functions. An attacker can leverage crafted paths to trigger the deletion of methods from global prototypes. The issue allows for property deletion but does not permit modification of the original behavior of those properties.Recommendations
Update to Lodash version 4.17.23 or later.
Fix
DoS
Prototype Pollution
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lodash
Rocky Linux
Ubuntu