Lucene search
+L

3 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 12:15 p.m.7 views

Security Bulletin: Lodash Prototype Pollution Bypass in _.unset and _.omit via Array Path Segments

Summary Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

8.2CVSS7.1AI score0.01535EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/11 12:49 a.m.3 views

lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass

A flaw was found in Lodash. An attacker can exploit a prototype pollution vulnerability in the .unset and .omit functions by bypassing a security check. This bypass is achieved by providing array-wrapped path segments, which allows for the deletion of properties from built-in JavaScript prototype...

6.5CVSS6.5AI score0.00317EPSS
Exploits0References5
OSV
OSV
added 2026/03/31 7:18 p.m.2 views

CVE-2026-2950 lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

6.5CVSS6.7AI score0.01535EPSS
Exploits0References3
Rows per page
Query Builder