Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Lodash Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2025-13465)

Description

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. This issue is patched on 4.17.23

Remediation

References

Related Vulnerabilities

Moodle CVE-2024-34004 Vulnerability (CVE-2024-34004)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5471)

MySQL CVE-2019-2746 Vulnerability (CVE-2019-2746)

MySQL CVE-2019-3003 Vulnerability (CVE-2019-3003)

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-3664)

Severity

Medium

Classification

CVE-2025-13465 CWE-1321 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities