lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
lodash
{ "affected_functions": [ "(lodash).template" ] }
{ "affected_functions": [ "(lodash-es).template" ] }
{ "affected_functions": [ "(lodash.template)" ] }
{ "affected_functions": [ "(lodash-template)" ] }