CVE-2021-23337

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
References
Link Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf Patch Third Party Advisory
https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851 Broken Link
https://security.netapp.com/advisory/ntap-20210312-0006/ Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932 Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930 Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928 Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931 Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929 Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JS-LODASH-1040724 Exploit Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html Patch Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf Patch Third Party Advisory
https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851 Broken Link
https://security.netapp.com/advisory/ntap-20210312-0006/ Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932 Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930 Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928 Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931 Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929 Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JS-LODASH-1040724 Exploit Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:lodash:lodash:*:*:*:*:*:node.js:*:*

Configuration 2 (hide)

OR cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_extensibility_workbench:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_extensibility_workbench:14.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_design_studio:7.4.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:system_manager:9.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*

History

21 Nov 2024, 05:51

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf - Patch, Third Party Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf - Patch, Third Party Advisory
References () https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851 - Broken Link () https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851 - Broken Link
References () https://security.netapp.com/advisory/ntap-20210312-0006/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20210312-0006/ - Third Party Advisory
References () https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932 - Exploit, Third Party Advisory () https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932 - Exploit, Third Party Advisory
References () https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930 - Exploit, Third Party Advisory () https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930 - Exploit, Third Party Advisory
References () https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928 - Exploit, Third Party Advisory () https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928 - Exploit, Third Party Advisory
References () https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931 - Exploit, Third Party Advisory () https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931 - Exploit, Third Party Advisory
References () https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929 - Exploit, Third Party Advisory () https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929 - Exploit, Third Party Advisory
References () https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - Exploit, Third Party Advisory () https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - Exploit, Third Party Advisory
References () https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory () https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory
References () https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory () https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory
References () https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory () https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory
References () https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory () https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory

Information

Published : 2021-02-15 13:15

Updated : 2024-11-21 05:51


NVD link : CVE-2021-23337

Mitre link : CVE-2021-23337

CVE.ORG link : CVE-2021-23337


JSON object : View

Products Affected

oracle

  • retail_customer_management_and_segmentation_foundation
  • communications_services_gatekeeper
  • primavera_gateway
  • peoplesoft_enterprise_peopletools
  • banking_supply_chain_finance
  • banking_credit_facilities_process_management
  • financial_services_crime_and_compliance_management_studio
  • communications_session_border_controller
  • communications_cloud_native_core_binding_support_function
  • primavera_unifier
  • communications_cloud_native_core_policy
  • health_sciences_data_management_workbench
  • banking_trade_finance_process_management
  • banking_corporate_lending_process_management
  • enterprise_communications_broker
  • communications_design_studio
  • banking_extensibility_workbench
  • jd_edwards_enterpriseone_tools

siemens

  • sinec_ins

netapp

  • system_manager
  • cloud_manager
  • active_iq_unified_manager

lodash

  • lodash
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')