This page collects WhisperX intelligence signals tagged #CVE-2025-13465. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
在 `closenow.ai` 项目的 `close-now-angular` 前端代码中,一个关键的安全扫描器发现了一个中等严重性的漏洞。项目依赖的 `lodash-es` 库版本 4.17.21 存在一个已公开的原型污染漏洞(CVE-2025-13465)。该漏洞允许攻击者通过精心构造的路径参数,利用 `_.unset` 和 `_.omit` 函数,从全局原型(如 `Object.prototype`)中删除属性或方法。虽然此漏洞不允许攻击者覆盖或篡改这些方法的原始行为,但删除关键的原型方法仍可能破坏应用程序的稳定性或导致意外行为。 该漏洞影响 `lodash` 和 `lodash-es` 库的 4.0.0 至 4.17.22...
A critical security vulnerability has been disclosed in the widely-used JavaScript utility library Lodash, affecting versions 4.0.0 through 4.17.22. The flaw, tracked as CVE-2025-13465, resides in the `_.unset` and `_.omit` functions and enables prototype pollution. This allows an attacker to pass specially crafted pat...
A critical prototype pollution vulnerability has been identified in Lodash, prompting an urgent dependency update to version 4.18.1. The flaw, tracked as CVE-2025-13465, affects all versions from 4.0.0 through 4.17.22 and specifically targets the `_.unset` and `_.omit` utility functions widely used in JavaScript applic...