VDB
RHSA-2026%3A2145
RHSA-2026%3A2145
PUBLISHED
CVSS 8.199999809265137 HIGH
A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.
Risk Scores
CVSS 3.1
8.199999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:4e910b08863756516707f2ad8198c04dc6d706c78f481561a3b2e896800d4dbe_amd64 as a component of Red Hat OpenShift Service Mesh 2.6 | registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:4e910b08863756516707f2ad8198c04dc6d706c78f481561a3b2e896800d4dbe_amd64, registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:4e910b08863756516707f2ad8198c04dc6d706c78f481561a3b2e896800d4dbe_amd64, * |
| Red Hat | registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ee28a1278a21783acbda367a8f10d51dd81a7f4af5dcba64c1d58402bac0b43d_s390x as a component of Red Hat OpenShift Service Mesh 2.6 | *, registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ee28a1278a21783acbda367a8f10d51dd81a7f4af5dcba64c1d58402bac0b43d_s390x, registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:ee28a1278a21783acbda367a8f10d51dd81a7f4af5dcba64c1d58402bac0b43d_s390x |
| Red Hat | registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:6851b4cf7f6da95b614431535c7c0c744dc441ff4abf9aaa203b46d652a529b9_arm64 as a component of Red Hat OpenShift Service Mesh 2.6 | registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:6851b4cf7f6da95b614431535c7c0c744dc441ff4abf9aaa203b46d652a529b9_arm64, registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:6851b4cf7f6da95b614431535c7c0c744dc441ff4abf9aaa203b46d652a529b9_arm64, registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:6851b4cf7f6da95b614431535c7c0c744dc441ff4abf9aaa203b46d652a529b9_arm64 |
| Red Hat | registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ad1449f9047107c23d5b0e53c3ca148a12a9729dd7aa474c5eadb55870f314fa_arm64 as a component of Red Hat OpenShift Service Mesh 2.6 | registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ad1449f9047107c23d5b0e53c3ca148a12a9729dd7aa474c5eadb55870f314fa_arm64, registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ad1449f9047107c23d5b0e53c3ca148a12a9729dd7aa474c5eadb55870f314fa_arm64, registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:ad1449f9047107c23d5b0e53c3ca148a12a9729dd7aa474c5eadb55870f314fa_arm64 |
| Red Hat | registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:9a867a9efe090c85cb5cd198e82663d87b1bc29061420def8cfe119c45c025fc_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6 | registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:9a867a9efe090c85cb5cd198e82663d87b1bc29061420def8cfe119c45c025fc_ppc64le, registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:9a867a9efe090c85cb5cd198e82663d87b1bc29061420def8cfe119c45c025fc_ppc64le, registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:9a867a9efe090c85cb5cd198e82663d87b1bc29061420def8cfe119c45c025fc_ppc64le |
| Red Hat | registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:f7701158e0b0c3b0091d30be1dfe2fba73386160536929025504e903cf8c8bd9_amd64 as a component of Red Hat OpenShift Service Mesh 2.6 | registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:f7701158e0b0c3b0091d30be1dfe2fba73386160536929025504e903cf8c8bd9_amd64, registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:f7701158e0b0c3b0091d30be1dfe2fba73386160536929025504e903cf8c8bd9_amd64, registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:f7701158e0b0c3b0091d30be1dfe2fba73386160536929025504e903cf8c8bd9_amd64 |
| Red Hat | registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:edc436424d55e4f8e0765ac59a4b2dcbd38dce49532db0bd917ca5b3c4526fac_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6 | registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:edc436424d55e4f8e0765ac59a4b2dcbd38dce49532db0bd917ca5b3c4526fac_ppc64le, registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:edc436424d55e4f8e0765ac59a4b2dcbd38dce49532db0bd917ca5b3c4526fac_ppc64le, registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:edc436424d55e4f8e0765ac59a4b2dcbd38dce49532db0bd917ca5b3c4526fac_ppc64le |
| Red Hat | registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:d16be0b09ee231bda769ddb16cb781e2a0fefca42243ada15c8c176d5ba711a8_s390x as a component of Red Hat OpenShift Service Mesh 2.6 | registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:d16be0b09ee231bda769ddb16cb781e2a0fefca42243ada15c8c176d5ba711a8_s390x, registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:d16be0b09ee231bda769ddb16cb781e2a0fefca42243ada15c8c176d5ba711a8_s390x, registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:d16be0b09ee231bda769ddb16cb781e2a0fefca42243ada15c8c176d5ba711a8_s390x |
Timeline
- Feb 5, 2026 CVE Published
- May 5, 2026 Distribution Patch
- May 5, 2026 Distribution Patch
- May 5, 2026 Security Advisory
- May 5, 2026 Security Advisory
- May 5, 2026 Security Advisory
- May 13, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2026:2145 advisory
- https://access.redhat.com/security/cve/CVE-2025-13465 advisory
- https://access.redhat.com/security/cve/CVE-2025-15284 advisory
- https://access.redhat.com/security/cve/cve-2025-13465 advisory
- https://access.redhat.com/security/cve/cve-2025-15284 advisory
- https://access.redhat.com/security/updates/classification advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2145.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2431740 issue
- https://www.cve.org/CVERecord?id=CVE-2025-13465 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-13465 advisory
- https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2425946 issue
- https://www.cve.org/CVERecord?id=CVE-2025-15284 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-15284 advisory
- https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9 advisory
- https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p advisory