vulnerability
Oracle Linux: CVE-2025-13465: ELSA-2026-2438: pcs security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:P/A:C) | Jan 21, 2026 | Feb 12, 2026 | Feb 24, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:C)
Published
Jan 21, 2026
Added
Feb 12, 2026
Modified
Feb 24, 2026
Description
Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.
The issue permits deletion of properties but does not allow overwriting their original behavior.
This issue is patched on 4.17.23
A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.
The issue permits deletion of properties but does not allow overwriting their original behavior.
This issue is patched on 4.17.23
A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.
Solutions
oracle-linux-upgrade-cockpit-ha-clusteroracle-linux-upgrade-pcsoracle-linux-upgrade-pcs-snmp
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.