CNNVD-202601-3360 Information
Jan 21, 2026
cve
CNNVD ID
CNNVD-202601-3360
Related CVE
- CNNVD Published: 2026-01-21
Description (Chinese)
lodash是Lodash Utilities开源的一个JavaScript实用程序库。 lodash 4.17.22及之前版本存在安全漏洞,该漏洞源于_.unset和_.omit函数存在原型污染,可能导致攻击者删除全局原型的方法。
Description (English)
Lodash is a JavaScript practical library of Lodash Utilities. Lodash 4.17.22 and previous versions contain a security loophole, which stems from the presence of prototype contamination in the .unset and .omit functions, which could lead to the attackers’ methods of removing the entire prototype.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Lodash Utilities
Published
2026-01-21
Last Modified
2026-02-24
References
https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg
Patch
https://github.com/lodash/lodash
Share on: