@aaronuu/react-forms (>=0.0.1 <=0.2.2), @actra-development-oss/redux-persist-transform-filter-immutable (>=0.1.1 <=1.0.0) +773 more potentially affected by CVE-2025-13465 via lodash.unset (>=4.0.2 <=4.5.2)

lodash.unset NPM version =4.0.2, =0.0.1, =0.1.1, =0.1.0, =0.0.1, =1.1.0, =0.0.4, =1.8.28, =1.1.0, =0.1.2, =0.0.1, =0.1.0, =0.0.1, =2.1.1 and more Source cves: CVE-2025-13465 Source advisory: SNYK:JS-LODASHUNSET-15053837...

Prototype Pollution

Overview lodash is a modern JavaScript utility library delivering modularity, performance, & extras. Affected versions of this package are vulnerable to Prototype Pollution via the .unset and .omit functions. An attacker can delete methods held in properties of global prototypes but cannot...

@aaronuu/react-forms (>=0.0.1 <=0.2.2), @actra-development-oss/redux-persist-transform-filter-immutable (>=0.1.1 <=1.0.0) +773 more potentially affected by CVE-2025-13465 via lodash.unset (>=4.0.2 <=4.5.2)

lodash.unset NPM version =4.0.2, =0.0.1, =0.1.1, =0.1.0, =0.0.1, =1.1.0, =0.0.4, =1.8.28, =1.1.0, =0.1.2, =0.0.1, =0.1.0, =0.0.1, =2.1.1 and more Source cves: CVE-2025-13465 Source advisory: OSV:GHSA-XXJR-MMJV-4GPG...

Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions

Impact Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their...

GHSA-XXJR-MMJV-4GPG Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions

Impact Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their...

CVE-2026-0622

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

CVE-2025-13465

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original...

CVE-2025-13465

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original...

UBUNTU-CVE-2025-13465

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original...

CVE-2025-13465

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original...

CVE-2025-13465

CVE-2025-13465 affects Lodash

CVE-2025-13465 Prototype Pollution Vulnerability in Lodash _.unset and _.omit functions

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original...

CVE-2025-13465

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original...

EUVD-2025-206319

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original...

CVE-2025-13465 Prototype Pollution Vulnerability in Lodash _.unset and _.omit functions

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original...

lodash security vulnerabilities

lodash is an open-source JavaScript utility library developed by Lodash Utilities. Lodash versions 4.17.22 and earlier contained security vulnerabilities. These vulnerabilities stemmed from prototype pollution in the .unset and .omit functions, which could allow attackers to delete global...

CVE-2026-0622

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

CVE-2026-0622

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...

CVE-2026-0622

Open5GS WebUI is affected by CVE-2026-0622: by default it uses hard-coded JWT signing keys (the string change-me) when JWT_SECRET_KEY is unset, allowing an unauthenticated network attacker to forge JWTs and gain access to protected WebUI endpoints (notably under /api/db/*). The issue arises from ...

CVE-2026-0622 Open 5GS WebUI uses a hard-coded JWT signing key

Open 5GS WebUI uses a hard-coded JWT signing key change-me whenever the environment variable JWTSECRETKEY is unset...