← Voltar para CVEs
CVE-2025-13465
MEDIUM5.3
Descricao
Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. This issue is patched on 4.17.23
Detalhes CVE
Pontuacao CVSS v3.15.3
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado1/21/2026
Ultima modificacao2/17/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
lodash:lodash
Fraquezas (CWE)
CWE-1321
Referencias
https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg(ce714d77-add3-4f53-aff5-83d477b104bb)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.