Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
No history.
Information
Published : 2021-02-15 13:15
Updated : 2024-02-28 18:08
NVD link : CVE-2021-23337
Mitre link : CVE-2021-23337
CVE.ORG link : CVE-2021-23337
JSON object : View
Products Affected
netapp
- system_manager
- active_iq_unified_manager
- cloud_manager
oracle
- banking_corporate_lending_process_management
- primavera_gateway
- primavera_unifier
- retail_customer_management_and_segmentation_foundation
- banking_trade_finance_process_management
- banking_credit_facilities_process_management
- banking_supply_chain_finance
- enterprise_communications_broker
- health_sciences_data_management_workbench
- peoplesoft_enterprise_peopletools
- banking_extensibility_workbench
- jd_edwards_enterpriseone_tools
- communications_services_gatekeeper
- communications_session_border_controller
- financial_services_crime_and_compliance_management_studio
- communications_cloud_native_core_binding_support_function
- communications_design_studio
- communications_cloud_native_core_policy
siemens
- sinec_ins
lodash
- lodash
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')