VDB
RHSA-2026%3A1845
RHSA-2026%3A1845
PUBLISHED
CVSS 8.199999809265137 HIGH
A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.
Risk Scores
CVSS 3.1
8.199999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | cryostat/cryostat-agent-init-rhel9@sha256:b82d92ac78e25087e561504bad3807ea18a33d63ab793864fb7d30ecb912f0ba_arm64 as a component of Cryostat 4 on RHEL 9 | cryostat/cryostat-agent-init-rhel9@sha256:b82d92ac78e25087e561504bad3807ea18a33d63ab793864fb7d30ecb912f0ba_arm64, *, cryostat/cryostat-agent-init-rhel9@sha256:b82d92ac78e25087e561504bad3807ea18a33d63ab793864fb7d30ecb912f0ba_arm64 |
| Red Hat | cryostat/cryostat-storage-rhel9@sha256:cac5cec9aab5e40826174186765191306d3bd47938f9d7a5d10908dd5297c74e_arm64 as a component of Cryostat 4 on RHEL 9 | *, cryostat/cryostat-storage-rhel9@sha256:cac5cec9aab5e40826174186765191306d3bd47938f9d7a5d10908dd5297c74e_arm64, cryostat/cryostat-storage-rhel9@sha256:cac5cec9aab5e40826174186765191306d3bd47938f9d7a5d10908dd5297c74e_arm64 |
| Red Hat | cryostat/cryostat-openshift-console-plugin-rhel9@sha256:67f723dc0ce5d6b5d217e9df119a6b24a0a44d4bcca645144d8fec808e402e59_amd64 as a component of Cryostat 4 on RHEL 9 | cryostat/cryostat-openshift-console-plugin-rhel9@sha256:67f723dc0ce5d6b5d217e9df119a6b24a0a44d4bcca645144d8fec808e402e59_amd64, cryostat/cryostat-openshift-console-plugin-rhel9@sha256:67f723dc0ce5d6b5d217e9df119a6b24a0a44d4bcca645144d8fec808e402e59_amd64, * |
| Red Hat | cryostat/cryostat-reports-rhel9@sha256:2627c1495f16419a5e34add58469bc666bf55952f7fedc9cc74722ac8723d76e_arm64 as a component of Cryostat 4 on RHEL 9 | cryostat/cryostat-reports-rhel9@sha256:2627c1495f16419a5e34add58469bc666bf55952f7fedc9cc74722ac8723d76e_arm64, *, cryostat/cryostat-reports-rhel9@sha256:2627c1495f16419a5e34add58469bc666bf55952f7fedc9cc74722ac8723d76e_arm64 |
| Red Hat | cryostat/cryostat-storage-rhel9@sha256:04e0353e7d4d6f4c519d421bcf4276c91646493026c6ebb2f5d7f036ff793eff_amd64 as a component of Cryostat 4 on RHEL 9 | *, cryostat/cryostat-storage-rhel9@sha256:04e0353e7d4d6f4c519d421bcf4276c91646493026c6ebb2f5d7f036ff793eff_amd64, * |
| Red Hat | cryostat/cryostat-openshift-console-plugin-rhel9@sha256:67f723dc0ce5d6b5d217e9df119a6b24a0a44d4bcca645144d8fec808e402e59_amd64 as a component of Cryostat 4 on RHEL 9 | *, cryostat/cryostat-openshift-console-plugin-rhel9@sha256:67f723dc0ce5d6b5d217e9df119a6b24a0a44d4bcca645144d8fec808e402e59_amd64, cryostat/cryostat-openshift-console-plugin-rhel9@sha256:67f723dc0ce5d6b5d217e9df119a6b24a0a44d4bcca645144d8fec808e402e59_amd64 |
| Red Hat | cryostat/cryostat-rhel9@sha256:b013dd38437afb1efa38f8fb2d51bbb1fc6f7e29cc1c1de993306d700e63a18e_arm64 as a component of Cryostat 4 on RHEL 9 | cryostat/cryostat-rhel9@sha256:b013dd38437afb1efa38f8fb2d51bbb1fc6f7e29cc1c1de993306d700e63a18e_arm64, cryostat/cryostat-rhel9@sha256:b013dd38437afb1efa38f8fb2d51bbb1fc6f7e29cc1c1de993306d700e63a18e_arm64, * |
| Red Hat | cryostat/cryostat-openshift-console-plugin-rhel9@sha256:0bac59ee4cb3cc16ad5be85929901ccdb60a90aeb8d6e9c5ab8f0672aa807b58_arm64 as a component of Cryostat 4 on RHEL 9 | *, cryostat/cryostat-openshift-console-plugin-rhel9@sha256:0bac59ee4cb3cc16ad5be85929901ccdb60a90aeb8d6e9c5ab8f0672aa807b58_arm64, cryostat/cryostat-openshift-console-plugin-rhel9@sha256:0bac59ee4cb3cc16ad5be85929901ccdb60a90aeb8d6e9c5ab8f0672aa807b58_arm64 |
| Red Hat | cryostat/cryostat-rhel9-operator@sha256:8dc560b4e90178db5d17c0760da1d03983b91bb9aac943c53cfa6c629094f6ea_arm64 as a component of Cryostat 4 on RHEL 9 | cryostat/cryostat-rhel9-operator@sha256:8dc560b4e90178db5d17c0760da1d03983b91bb9aac943c53cfa6c629094f6ea_arm64, *, * |
| Red Hat | cryostat/cryostat-reports-rhel9@sha256:2627c1495f16419a5e34add58469bc666bf55952f7fedc9cc74722ac8723d76e_arm64 as a component of Cryostat 4 on RHEL 9 | cryostat/cryostat-reports-rhel9@sha256:2627c1495f16419a5e34add58469bc666bf55952f7fedc9cc74722ac8723d76e_arm64, cryostat/cryostat-reports-rhel9@sha256:2627c1495f16419a5e34add58469bc666bf55952f7fedc9cc74722ac8723d76e_arm64, cryostat/cryostat-reports-rhel9@sha256:2627c1495f16419a5e34add58469bc666bf55952f7fedc9cc74722ac8723d76e_arm64 |
| Red Hat | cryostat/cryostat-grafana-dashboard-rhel9@sha256:add54a1ef1e49c831b4a2ade3da785b400bbfd89081e741d80ca31f791595e02_amd64 as a component of Cryostat 4 on RHEL 9 | cryostat/cryostat-grafana-dashboard-rhel9@sha256:add54a1ef1e49c831b4a2ade3da785b400bbfd89081e741d80ca31f791595e02_amd64, cryostat/cryostat-grafana-dashboard-rhel9@sha256:add54a1ef1e49c831b4a2ade3da785b400bbfd89081e741d80ca31f791595e02_amd64, * |
| Red Hat | cryostat/cryostat-agent-init-rhel9@sha256:3a75004a386d2bf4b584223771d68c68d3427b63b407460dfb191b7749c3bf2b_amd64 as a component of Cryostat 4 on RHEL 9 | cryostat/cryostat-agent-init-rhel9@sha256:3a75004a386d2bf4b584223771d68c68d3427b63b407460dfb191b7749c3bf2b_amd64, cryostat/cryostat-agent-init-rhel9@sha256:3a75004a386d2bf4b584223771d68c68d3427b63b407460dfb191b7749c3bf2b_amd64, cryostat/cryostat-agent-init-rhel9@sha256:3a75004a386d2bf4b584223771d68c68d3427b63b407460dfb191b7749c3bf2b_amd64 |
| Red Hat | cryostat/cryostat-rhel9-operator@sha256:8dc560b4e90178db5d17c0760da1d03983b91bb9aac943c53cfa6c629094f6ea_arm64 as a component of Cryostat 4 on RHEL 9 | cryostat/cryostat-rhel9-operator@sha256:8dc560b4e90178db5d17c0760da1d03983b91bb9aac943c53cfa6c629094f6ea_arm64, cryostat/cryostat-rhel9-operator@sha256:8dc560b4e90178db5d17c0760da1d03983b91bb9aac943c53cfa6c629094f6ea_arm64, cryostat/cryostat-rhel9-operator@sha256:8dc560b4e90178db5d17c0760da1d03983b91bb9aac943c53cfa6c629094f6ea_arm64 |
| Red Hat | cryostat/cryostat-reports-rhel9@sha256:08c55db955986b86d663690097260c47d5d7a48ff54868015a1cf24d007fb369_amd64 as a component of Cryostat 4 on RHEL 9 | cryostat/cryostat-reports-rhel9@sha256:08c55db955986b86d663690097260c47d5d7a48ff54868015a1cf24d007fb369_amd64, cryostat/cryostat-reports-rhel9@sha256:08c55db955986b86d663690097260c47d5d7a48ff54868015a1cf24d007fb369_amd64, * |
| Red Hat | cryostat/cryostat-operator-bundle@sha256:8a62abfc3d67785e363203466f56ca230d1a2af9cb4e29a0ba743feed2a850d2_amd64 as a component of Cryostat 4 on RHEL 9 | cryostat/cryostat-operator-bundle@sha256:8a62abfc3d67785e363203466f56ca230d1a2af9cb4e29a0ba743feed2a850d2_amd64, cryostat/cryostat-operator-bundle@sha256:8a62abfc3d67785e363203466f56ca230d1a2af9cb4e29a0ba743feed2a850d2_amd64, cryostat/cryostat-operator-bundle@sha256:8a62abfc3d67785e363203466f56ca230d1a2af9cb4e29a0ba743feed2a850d2_amd64 |
| Red Hat | cryostat/cryostat-operator-bundle@sha256:f74fa0e3433e0f456d6449c23fffbc7e76c962e21bddea294486de6c102110da_arm64 as a component of Cryostat 4 on RHEL 9 | cryostat/cryostat-operator-bundle@sha256:f74fa0e3433e0f456d6449c23fffbc7e76c962e21bddea294486de6c102110da_arm64, cryostat/cryostat-operator-bundle@sha256:f74fa0e3433e0f456d6449c23fffbc7e76c962e21bddea294486de6c102110da_arm64, * |
| Red Hat | cryostat/cryostat-operator-bundle@sha256:f74fa0e3433e0f456d6449c23fffbc7e76c962e21bddea294486de6c102110da_arm64 as a component of Cryostat 4 on RHEL 9 | cryostat/cryostat-operator-bundle@sha256:f74fa0e3433e0f456d6449c23fffbc7e76c962e21bddea294486de6c102110da_arm64, *, cryostat/cryostat-operator-bundle@sha256:f74fa0e3433e0f456d6449c23fffbc7e76c962e21bddea294486de6c102110da_arm64 |
| Red Hat | cryostat/cryostat-db-rhel9@sha256:dea99ab6872a6341decefc51890636de99213176653386fe5d8bc18cc1b6df34_arm64 as a component of Cryostat 4 on RHEL 9 | cryostat/cryostat-db-rhel9@sha256:dea99ab6872a6341decefc51890636de99213176653386fe5d8bc18cc1b6df34_arm64, cryostat/cryostat-db-rhel9@sha256:dea99ab6872a6341decefc51890636de99213176653386fe5d8bc18cc1b6df34_arm64, cryostat/cryostat-db-rhel9@sha256:dea99ab6872a6341decefc51890636de99213176653386fe5d8bc18cc1b6df34_arm64 |
| Red Hat | cryostat/cryostat-db-rhel9@sha256:0aef42d9a7e35ecabb504a175eb0a1b20a0f0766a72343c742ed9b8db5f26949_amd64 as a component of Cryostat 4 on RHEL 9 | cryostat/cryostat-db-rhel9@sha256:0aef42d9a7e35ecabb504a175eb0a1b20a0f0766a72343c742ed9b8db5f26949_amd64, cryostat/cryostat-db-rhel9@sha256:0aef42d9a7e35ecabb504a175eb0a1b20a0f0766a72343c742ed9b8db5f26949_amd64, * |
| Red Hat | cryostat/cryostat-agent-init-rhel9@sha256:b82d92ac78e25087e561504bad3807ea18a33d63ab793864fb7d30ecb912f0ba_arm64 as a component of Cryostat 4 on RHEL 9 | cryostat/cryostat-agent-init-rhel9@sha256:b82d92ac78e25087e561504bad3807ea18a33d63ab793864fb7d30ecb912f0ba_arm64, cryostat/cryostat-agent-init-rhel9@sha256:b82d92ac78e25087e561504bad3807ea18a33d63ab793864fb7d30ecb912f0ba_arm64, cryostat/cryostat-agent-init-rhel9@sha256:b82d92ac78e25087e561504bad3807ea18a33d63ab793864fb7d30ecb912f0ba_arm64 |
…and 22 more
Exploit Intelligence
- jaytarr-geo/nextjs-lodash-cve-2025-13465-repro (github-poc-repo)
- jaytarr-geo/nextjs-lodash-cve-2025-13465-repro (github-poc)
- pnpm-workspace.yaml (github-poc)
- 4628.1.0.yml (github-poc)
- netobserv.yaml (github-poc)
- .trivyignore.yaml (github-poc)
- pnpm-workspace.yaml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- cve_model.go (github-poc)
…and 5 more exploits
Timeline
- Feb 3, 2026 CVE Published
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Jun 5, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2026:1845 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2418462 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2431740 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1845.json advisory
- https://access.redhat.com/security/cve/CVE-2025-13465 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-13465 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-13465 advisory
- https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg advisory
- https://access.redhat.com/security/cve/CVE-2025-61729 advisory
- https://www.cve.org/CVERecord?id=CVE-2025-61729 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-61729 advisory
- https://go.dev/cl/725920 advisory
- https://go.dev/issue/76445 advisory
- https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 advisory
- https://pkg.go.dev/vuln/GO-2025-4155 advisory