{"url":"http://public2.vulnerablecode.io/api/packages/73535?format=json","purl":"pkg:npm/lodash-es@4.17.23","type":"npm","namespace":"","name":"lodash-es","version":"4.17.23","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49774?format=json","vulnerability_id":"VCID-4up5-csax-tuax","summary":"Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions\nLodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the `_.unset` and `_.omit` functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\n\nThe issue permits deletion of properties but does not allow overwriting their original behavior.","references":[{"reference_url":"https://github.com/lodash/lodash","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/lodash/lodash"},{"reference_url":"https://github.com/lodash/lodash/commit/edadd452146f7e4bad4ea684e955708931d84d81","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/lodash/lodash/commit/edadd452146f7e4bad4ea684e955708931d84d81"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13465","reference_id":"CVE-2025-13465","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-13465"},{"reference_url":"https://github.com/advisories/GHSA-xxjr-mmjv-4gpg","reference_id":"GHSA-xxjr-mmjv-4gpg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xxjr-mmjv-4gpg"},{"reference_url":"https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg","reference_id":"GHSA-xxjr-mmjv-4gpg","reference_type":"","scores":[],"url":"https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73535?format=json","purl":"pkg:npm/lodash-es@4.17.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/lodash-es@4.17.23"}],"aliases":["CVE-2025-13465","GHSA-xxjr-mmjv-4gpg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4up5-csax-tuax"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/lodash-es@4.17.23"}