openSUSE-SU-2026:20181-1

Опубликовано: 06 фев. 2026

Источник: suse-cvrf

Описание

Security update for cockpit-subscriptions

This update for cockpit-subscriptions fixes the following issues:

CVE-2025-13465: prototype pollution in the _.unset and _.omit functions can lead to deletion of methods from global prototypes (bsc#1257324).

Список пакетов

openSUSE Leap 16.0

cockpit-subscriptions-12.1-160000.2.1

Ссылки

https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1257324
SUSE Bug 1257324
https://www.suse.com/security/cve/CVE-2025-13465/
SUSE CVE CVE-2025-13465 page

Описание

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. This issue is patched on 4.17.23

Затронутые продукты

openSUSE Leap 16.0:cockpit-subscriptions-12.1-160000.2.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-13465.html
CVE-2025-13465
https://bugzilla.suse.com/1257321
SUSE Bug 1257321

openSUSE-SU-2026:20181-1

Описание

Список пакетов

openSUSE Leap 16.0

Ссылки

Уязвимость: CVE-2025-13465

Описание

Затронутые продукты

Ссылки