VDB

RHSA-2026%3A2147

RHSA-2026%3A2147 PUBLISHED CVSS 8.199999809265137 HIGH

A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.

Risk Scores

CVSS 3.1
8.199999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Affected Products

VendorProductVersions
Red Hatregistry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64 as a component of Red Hat OpenShift Service Mesh 3*, *, registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64
Red Hatregistry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x as a component of Red Hat OpenShift Service Mesh 3*, registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x, registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x
Red Hatregistry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64 as a component of Red Hat OpenShift Service Mesh 3registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64, *, registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64
Red Hatregistry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64 as a component of Red Hat OpenShift Service Mesh 3registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64, registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64, *
Red Hatregistry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64 as a component of Red Hat OpenShift Service Mesh 3registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64, registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64, registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64
Red Hatregistry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le as a component of Red Hat OpenShift Service Mesh 3*, registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le, registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le
Red Hatregistry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le as a component of Red Hat OpenShift Service Mesh 3registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le, registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le, *
Red Hatregistry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64 as a component of Red Hat OpenShift Service Mesh 3registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64, registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64, *
Red Hatregistry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x as a component of Red Hat OpenShift Service Mesh 3registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x, *, *
Red Hatregistry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64 as a component of Red Hat OpenShift Service Mesh 3registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64, registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64, registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64
Red Hatregistry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x as a component of Red Hat OpenShift Service Mesh 3*, *, *
Red Hatregistry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64 as a component of Red Hat OpenShift Service Mesh 3registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64, registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64, *
Red Hatregistry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le as a component of Red Hat OpenShift Service Mesh 3registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le, registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le, registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le
Red Hatregistry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le as a component of Red Hat OpenShift Service Mesh 3registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le, *, registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le
Red Hatregistry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x as a component of Red Hat OpenShift Service Mesh 3registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x, registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x, registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x
Red Hatregistry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64 as a component of Red Hat OpenShift Service Mesh 3*, registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64, registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64

Timeline

  • Feb 5, 2026 CVE Published
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • May 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›