VulnerableCode Package Details - pkg:npm/lodash-amd@4.17.13

Search for packages

Vulnerability	Summary	Fixed by
VCID-jsc5-qvjm-6kek Aliases: CVE-2025-13465 GHSA-xxjr-mmjv-4gpg	Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions ### Impact Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the `_.unset` and `_.omit` functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. ### Patches This issue is patched on 4.17.23.	4.17.23 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-jsc5-qvjm-6kek
Aliases:
CVE-2025-13465
GHSA-xxjr-mmjv-4gpg

Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions ### Impact Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the `_.unset` and `_.omit` functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. ### Patches This issue is patched on 4.17.23.

4.17.23
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-dzeb-zu9x-g3bq	Prototype Pollution in lodash Versions of `lodash` before 4.17.12 are vulnerable to Prototype Pollution. The function `defaultsDeep` allows a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.	CVE-2019-10744 GHSA-jf85-cpcp-j695

Vulnerability

Summary

Aliases

VCID-dzeb-zu9x-g3bq

Prototype Pollution in lodash Versions of `lodash` before 4.17.12 are vulnerable to Prototype Pollution. The function `defaultsDeep` allows a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.

CVE-2019-10744
GHSA-jf85-cpcp-j695

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-17T00:11:42.830406+00:00	GitLab Importer	Affected by	VCID-jsc5-qvjm-6kek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2025-13465.yml	38.4.0
2026-04-16T20:56:01.667819+00:00	GitLab Importer	Fixing	VCID-dzeb-zu9x-g3bq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2019-10744.yml	38.4.0
2026-04-12T01:35:30.202128+00:00	GitLab Importer	Affected by	VCID-jsc5-qvjm-6kek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2025-13465.yml	38.3.0
2026-04-11T22:07:03.222799+00:00	GitLab Importer	Fixing	VCID-dzeb-zu9x-g3bq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2019-10744.yml	38.3.0
2026-04-03T01:44:30.265630+00:00	GitLab Importer	Affected by	VCID-jsc5-qvjm-6kek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2025-13465.yml	38.1.0
2026-04-02T22:19:50.411099+00:00	GitLab Importer	Fixing	VCID-dzeb-zu9x-g3bq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2019-10744.yml	38.1.0
2026-04-01T15:57:35.060110+00:00	GHSA Importer	Fixing	VCID-dzeb-zu9x-g3bq	https://github.com/advisories/GHSA-jf85-cpcp-j695	38.0.0
2026-04-01T13:04:37.485134+00:00	GithubOSV Importer	Fixing	VCID-dzeb-zu9x-g3bq	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/07/GHSA-jf85-cpcp-j695/GHSA-jf85-cpcp-j695.json	38.0.0
2026-04-01T12:48:33.971154+00:00	GitLab Importer	Fixing	VCID-dzeb-zu9x-g3bq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/lodash-amd/CVE-2019-10744.yml	38.0.0