VDB

DEBIAN-CVE-2025-13465

DEBIAN-CVE-2025-13465 PUBLISHED CVSS 5.300000190734863 MEDIUM

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. This issue is patched on 4.17.23

Risk Scores

CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products

VendorProductVersions
Debian:13node-lodash4.17.23+dfsg, 4.18.1+dfsg, 4.18.1+dfsg
Debian:11node-lodash4.17.21+dfsg+~cs8.31.198.20210220-9, 4.17.21+dfsg+~cs8.31.198.20210220-9~bpo11+1, 4.17.21+dfsg+~cs8.31.198.20210220-9~bpo11+2
Debian:12node-lodash*, 4.17.23+dfsg, 4.18.1+dfsg
Debian:14node-lodash4.17.21+dfsg, 0, 0

Exploit Intelligence

Timeline

  • Jan 21, 2026 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›