UBUNTU-CVE-2025-13465
- Source
- https://ubuntu.com/security/CVE-2025-13465
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-13465.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-13465
- Upstream
- Published
- 2026-01-21T20:16:00Z
- Modified
- 2026-02-19T20:22:22.938595Z
- Severity
-
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P CVSS Calculator
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. This issue is patched on 4.17.23
- References
Affected packages
Ubuntu:16.04:LTS
node-lodash
Package
- Name
- node-lodash
- Purl
- pkg:deb/ubuntu/node-lodash@2.4.1+dfsg-3?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:18.04:LTS
node-lodash
Package
- Name
- node-lodash
- Purl
- pkg:deb/ubuntu/node-lodash@4.17.4+dfsg-1?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:20.04:LTS
node-lodash
Package
- Name
- node-lodash
- Purl
- pkg:deb/ubuntu/node-lodash@4.17.15+dfsg-2?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:22.04:LTS
node-lodash
Package
- Name
- node-lodash
- Purl
- pkg:deb/ubuntu/node-lodash@4.17.21+dfsg+~cs8.31.198.20210220-5?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.17.21+dfsg+~cs8.31.173-1
4.17.21+dfsg+~cs8.31.196.20210220-2
4.17.21+dfsg+~cs8.31.198.20210220-4
4.17.21+dfsg+~cs8.31.198.20210220-5
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.17.21+dfsg+~cs8.31.198.20210220-5",
"binary_name": "libjs-lodash"
},
{
"binary_version": "4.17.21+dfsg+~cs8.31.198.20210220-5",
"binary_name": "node-lodash"
},
{
"binary_version": "4.17.21+dfsg+~cs8.31.198.20210220-5",
"binary_name": "node-lodash-packages"
}
]
}Ubuntu:24.04:LTS
node-lodash
Package
- Name
- node-lodash
- Purl
- pkg:deb/ubuntu/node-lodash@4.17.21+dfsg+~cs8.31.198.20210220-9?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.17.21+dfsg+~cs8.31.198.20210220-9",
"binary_name": "libjs-lodash"
},
{
"binary_version": "4.17.21+dfsg+~cs8.31.198.20210220-9",
"binary_name": "node-lodash"
},
{
"binary_version": "4.17.21+dfsg+~cs8.31.198.20210220-9",
"binary_name": "node-lodash-packages"
}
]
}Ubuntu:25.10
node-lodash
Package
- Name
- node-lodash
- Purl
- pkg:deb/ubuntu/node-lodash@4.17.21+dfsg+~cs8.31.198.20210220-9?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.17.21+dfsg+~cs8.31.198.20210220-9",
"binary_name": "libjs-lodash"
},
{
"binary_version": "4.17.21+dfsg+~cs8.31.198.20210220-9",
"binary_name": "node-lodash"
},
{
"binary_version": "4.17.21+dfsg+~cs8.31.198.20210220-9",
"binary_name": "node-lodash-packages"
}
]
}