[MEDIUM] Lodash Has Prototype Pollution Vulnerability In `_.unset` And `_.omit` Functions

4 days agolodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause lodash to delete methods from. Apr 17, 2022impact lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions.

An attacker can pass crafted paths which cause lodash to delete. 4 days agoinformation technology laboratory national vulnerability database vulnerabilities 3 days agooverview lodash is a modern javascript utility library delivering modularity, performance, & extras.

Affected versions of this package are vulnerable to prototype pollution via the _.unset and. 4 days agoa prototype pollution vulnerability in the ubiquitous lodash library allows attackers to delete critical properties from the global object prototype. Unlike traditional pollution which injects malicious.

4 days agothe vulnerability in lodash arises from the _.unset and _.omit functions in versions 4.0.0 through 4.17.22. Prototype pollution occurs when user input is used to modify the prototype of base. 2 days agoa prototype pollution vulnerability cve-2025-13465 exists in multiple releases of the widely used lodash javascript utility library, affecting versions from up through across core packages such.

The vulnerability is a classic prototype pollution issue in the lodash library, specifically within the _.unset and _.omit functions. The root cause lies in the internal baseunset function, which is responsible for.