CVE-2025-13465 | Lodash up to 4.17.22 Paths _.unset/_.omit prototype pollution (GHSA-xxjr-mmjv-4gpg)

Inserito da Angelo Barbosa | Gen 22, 2026 | CVE

A vulnerability was found in Lodash up to 4.17.22. It has been classified as critical. This vulnerability affects the function _.unset/_.omit of the component Paths Handler. This manipulation causes improperly controlled modification of object prototype attributes.

This vulnerability is registered as CVE-2025-13465. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is recommended.

CVE-2025-13465 | Lodash up to 4.17.22 Paths _.unset/_.omit prototype pollution (GHSA-xxjr-mmjv-4gpg)

Post correlati

CVE-2018-9413 | Google Android 7/7.1.1/7.1.2/8/8.1 btif_rc.cc handle_notification_response memory corruption

CVE-2024-3807 | Porto Plugin up to 7.1.0 on WordPress Post Meta file inclusion

Highfivery Zero Spam Plugin sql injection

CVE-2025-20930 | Samsung Notes up to 4.4.21.62 JPEG Image Parser out-of-bounds