CVE-2025-13465 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause…
Medium CVSS: 6.9

CVE-2025-13465

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.

The issue permits deletion of properties but does not allow overwriting their original behavior.

This issue is patched on 4.17.23
Vendor
Lodash
Product
Lodash
CWE
CWE-1321
Yayın Tarihi
2026-01-21 20:16:05
Güncelleme
2026-02-17 17:10:07
Source Identifier
ce714d77-add3-4f53-aff5-83d477b104bb
KEV Date Added
-

Kategoriler

CWE-1321 Lodash MEDIUM Lodash 2026

Referanslar

https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg