VDB
RHSA-2026%3A2990
RHSA-2026%3A2990
PUBLISHED
CVSS 8.199999809265137 HIGH
A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.
Risk Scores
CVSS 3.1
8.199999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/openshift4/ose-ironic-rhel9@sha256:9dd169e3a46ae8eaf47028070e752a308cec0418f8102dbedadd4210b867e706_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-ironic-rhel9@sha256:9dd169e3a46ae8eaf47028070e752a308cec0418f8102dbedadd4210b867e706_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-prometheus-alertmanager@sha256:39d2eed706008f5ebb0d2baa19ebaeb77ded4e0de4ce28e0232f614f8df18c5b_s390x as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-prometheus-alertmanager@sha256:39d2eed706008f5ebb0d2baa19ebaeb77ded4e0de4ce28e0232f614f8df18c5b_s390x, registry.redhat.io/openshift4/ose-prometheus-alertmanager@sha256:39d2eed706008f5ebb0d2baa19ebaeb77ded4e0de4ce28e0232f614f8df18c5b_s390x, * |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-policy-controller-rhel8@sha256:80b3c3854d4f22afec57e0a7cb04b0c98d58cd104c54464306126566edc3ce97_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-cluster-policy-controller-rhel8@sha256:80b3c3854d4f22afec57e0a7cb04b0c98d58cd104c54464306126566edc3ce97_ppc64le, registry.redhat.io/openshift4/ose-cluster-policy-controller-rhel8@sha256:80b3c3854d4f22afec57e0a7cb04b0c98d58cd104c54464306126566edc3ce97_ppc64le, registry.redhat.io/openshift4/ose-cluster-policy-controller-rhel8@sha256:80b3c3854d4f22afec57e0a7cb04b0c98d58cd104c54464306126566edc3ce97_ppc64le |
| Red Hat | registry.redhat.io/openshift4/ose-network-metrics-daemon-rhel8@sha256:85d787413a3e60a0064132f45a19fdb810082bd401429e8248ff4df750bdad12_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-network-metrics-daemon-rhel8@sha256:85d787413a3e60a0064132f45a19fdb810082bd401429e8248ff4df750bdad12_amd64, registry.redhat.io/openshift4/ose-network-metrics-daemon-rhel8@sha256:85d787413a3e60a0064132f45a19fdb810082bd401429e8248ff4df750bdad12_amd64, registry.redhat.io/openshift4/ose-network-metrics-daemon-rhel8@sha256:85d787413a3e60a0064132f45a19fdb810082bd401429e8248ff4df750bdad12_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-kube-cluster-api-rhel8-operator@sha256:2086865a8c3f61d47894fc5a683ea22349599b82c6e5f7b5475c5b50b42bcf89_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | * |
| Red Hat | registry.redhat.io/openshift4/ose-prom-label-proxy@sha256:3be8282baee49a9fdcea455723d5fd12ed820ea578af9deb23171ab09156c9e7_s390x as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-prom-label-proxy@sha256:3be8282baee49a9fdcea455723d5fd12ed820ea578af9deb23171ab09156c9e7_s390x |
| Red Hat | registry.redhat.io/openshift4/ose-oauth-server-rhel8@sha256:48d371c93bb28c4282f540750b91ac299178ee320a79178b28ef77d294cc2452_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | *, registry.redhat.io/openshift4/ose-oauth-server-rhel8@sha256:48d371c93bb28c4282f540750b91ac299178ee320a79178b28ef77d294cc2452_arm64, registry.redhat.io/openshift4/ose-oauth-server-rhel8@sha256:48d371c93bb28c4282f540750b91ac299178ee320a79178b28ef77d294cc2452_arm64 |
| Red Hat | registry.redhat.io/openshift4/ose-csi-node-driver-registrar-rhel8@sha256:61dcb1b12d90c58eb1095cedd0f8d050b1f61e68d3bc05037e8e94c274bcd855_s390x as a component of Red Hat OpenShift Container Platform 4.14 | *, registry.redhat.io/openshift4/ose-csi-node-driver-registrar-rhel8@sha256:61dcb1b12d90c58eb1095cedd0f8d050b1f61e68d3bc05037e8e94c274bcd855_s390x, registry.redhat.io/openshift4/ose-csi-node-driver-registrar-rhel8@sha256:61dcb1b12d90c58eb1095cedd0f8d050b1f61e68d3bc05037e8e94c274bcd855_s390x |
| Red Hat | registry.redhat.io/openshift4/ose-sdn-rhel8@sha256:ad34ac62efbe8c297baa00f75a7fbbc87d1fe9d29563811d723f0f10f8174366_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | * |
| Red Hat | registry.redhat.io/openshift4/ose-csi-snapshot-validation-webhook-rhel8@sha256:08a79a55c753372a11f38e7573bfc6a930e21cfd4cf78a583b298c2955fd76b3_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-csi-snapshot-validation-webhook-rhel8@sha256:08a79a55c753372a11f38e7573bfc6a930e21cfd4cf78a583b298c2955fd76b3_amd64, registry.redhat.io/openshift4/ose-csi-snapshot-validation-webhook-rhel8@sha256:08a79a55c753372a11f38e7573bfc6a930e21cfd4cf78a583b298c2955fd76b3_amd64, registry.redhat.io/openshift4/ose-csi-snapshot-validation-webhook-rhel8@sha256:08a79a55c753372a11f38e7573bfc6a930e21cfd4cf78a583b298c2955fd76b3_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-cli@sha256:01fcc59502a374f19532397c5c6ff43d2d308510f11189f19f75aa2944a04e23_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-cli@sha256:01fcc59502a374f19532397c5c6ff43d2d308510f11189f19f75aa2944a04e23_ppc64le, registry.redhat.io/openshift4/ose-cli@sha256:01fcc59502a374f19532397c5c6ff43d2d308510f11189f19f75aa2944a04e23_ppc64le, registry.redhat.io/openshift4/ose-cli@sha256:01fcc59502a374f19532397c5c6ff43d2d308510f11189f19f75aa2944a04e23_ppc64le |
| Red Hat | registry.redhat.io/openshift4/ose-olm-operator-controller-rhel8@sha256:26baac061161143b4960d00cdc53adbe77aa5fa52b415b3ae3de1cacb18a5634_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-olm-operator-controller-rhel8@sha256:26baac061161143b4960d00cdc53adbe77aa5fa52b415b3ae3de1cacb18a5634_ppc64le |
| Red Hat | registry.redhat.io/openshift4/ose-csi-external-resizer-rhel8@sha256:5d9fa9b4f15954cca4a5c46f00840bd1047151f89e77da0c4250b673011fb6e0_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-csi-external-resizer-rhel8@sha256:5d9fa9b4f15954cca4a5c46f00840bd1047151f89e77da0c4250b673011fb6e0_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-prometheus-node-exporter@sha256:6bef60acc457405d245a8d7b17335ef424ab68962255fd1bc0ee5c87b73b9ed7_s390x as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-prometheus-node-exporter@sha256:6bef60acc457405d245a8d7b17335ef424ab68962255fd1bc0ee5c87b73b9ed7_s390x |
| Red Hat | registry.redhat.io/openshift4/ose-image-customization-controller-rhel8@sha256:ce2d048651c8b159bfe370425e5bead6a0873253ddbd6d6497ff429369798968_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-image-customization-controller-rhel8@sha256:ce2d048651c8b159bfe370425e5bead6a0873253ddbd6d6497ff429369798968_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-agent-installer-utils-rhel9@sha256:28f0ab10c245d632ac282c48d3a81d371591a814a5bf553908bb14a43d0eab74_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | *, registry.redhat.io/openshift4/ose-agent-installer-utils-rhel9@sha256:28f0ab10c245d632ac282c48d3a81d371591a814a5bf553908bb14a43d0eab74_amd64, registry.redhat.io/openshift4/ose-agent-installer-utils-rhel9@sha256:28f0ab10c245d632ac282c48d3a81d371591a814a5bf553908bb14a43d0eab74_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator@sha256:8c1090b8e0ba9e071f41d66068bc8aa4271251192889a767594e0c5d836a9d40_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator@sha256:8c1090b8e0ba9e071f41d66068bc8aa4271251192889a767594e0c5d836a9d40_ppc64le, *, registry.redhat.io/openshift4/ose-cluster-kube-storage-version-migrator-rhel8-operator@sha256:8c1090b8e0ba9e071f41d66068bc8aa4271251192889a767594e0c5d836a9d40_ppc64le |
| Red Hat | registry.redhat.io/openshift4/ose-azure-workload-identity-webhook-rhel8@sha256:780dd4ebd061e9ae7f72f7d1964caeafaf1ed5bd0870576d8e81022ff5bb019d_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-azure-workload-identity-webhook-rhel8@sha256:780dd4ebd061e9ae7f72f7d1964caeafaf1ed5bd0870576d8e81022ff5bb019d_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-thanos-rhel8@sha256:2d6037ca2e1cfa58511058b4555e6f65f1eb66f80b0e0d78110076bcbfaa5a0a_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | *, registry.redhat.io/openshift4/ose-thanos-rhel8@sha256:2d6037ca2e1cfa58511058b4555e6f65f1eb66f80b0e0d78110076bcbfaa5a0a_amd64, registry.redhat.io/openshift4/ose-thanos-rhel8@sha256:2d6037ca2e1cfa58511058b4555e6f65f1eb66f80b0e0d78110076bcbfaa5a0a_amd64 |
| Red Hat | registry.redhat.io/openshift4/ose-csi-driver-shared-resource-webhook-rhel8@sha256:c01fce15d9f6b9a9a52b8ccfbde4b8a7aa1b969d7927430eedd169c0b5f28113_s390x as a component of Red Hat OpenShift Container Platform 4.14 | registry.redhat.io/openshift4/ose-csi-driver-shared-resource-webhook-rhel8@sha256:c01fce15d9f6b9a9a52b8ccfbde4b8a7aa1b969d7927430eedd169c0b5f28113_s390x |
…and 1330 more
Timeline
- Feb 26, 2026 CVE Published
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- May 13, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2026:2990 advisory
- https://access.redhat.com/security/cve/CVE-2025-13465 advisory
- https://access.redhat.com/security/cve/CVE-2025-58068 advisory
- https://access.redhat.com/security/cve/CVE-2025-65637 advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2990.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2431740 issue
- https://www.cve.org/CVERecord?id=CVE-2025-13465 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-13465 advisory
- https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2391958 issue
- https://www.cve.org/CVERecord?id=CVE-2025-58068 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-58068 advisory
- https://github.com/eventlet/eventlet/commit/0bfebd1117d392559e25b4bfbfcc941754de88fb advisory
- https://github.com/eventlet/eventlet/pull/1062 advisory
- https://github.com/eventlet/eventlet/security/advisories/GHSA-hw6f-rjfj-j7j7 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2418900 issue
- https://www.cve.org/CVERecord?id=CVE-2025-65637 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-65637 advisory
- https://github.com/mjuanxd/logrus-dos-poc exploit
…and 7 more