GHSA-35jh-r3h4-6jhm

Suggest an improvement
Source
https://github.com/advisories/GHSA-35jh-r3h4-6jhm
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-35jh-r3h4-6jhm/GHSA-35jh-r3h4-6jhm.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-35jh-r3h4-6jhm
Aliases
  • CVE-2021-23337
  • SNYK-JAVA-ORGFUJIONWEBJARS-1074932
  • SNYK-JAVA-ORGWEBJARS-1074930
  • SNYK-JAVA-ORGWEBJARSBOWER-1074928
  • SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931
  • SNYK-JAVA-ORGWEBJARSNPM-1074929
  • SNYK-JS-LODASH-1040724
Published
2021-05-06T16:05:51Z
Modified
2024-04-17T18:39:17Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Command Injection in lodash
Details

lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

References

Affected packages

npm / lodash

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.17.21

Ecosystem specific

{
    "affected_functions": [
        "(lodash).template"
    ]
}

npm / lodash-es

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.17.21

Ecosystem specific

{
    "affected_functions": [
        "(lodash-es).template"
    ]
}

npm / lodash.template

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
4.5.0

Ecosystem specific

{
    "affected_functions": [
        "(lodash.template)"
    ]
}

npm / lodash-template

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.0.0

Ecosystem specific

{
    "affected_functions": [
        "(lodash-template)"
    ]
}