CVE-2021-23337

HIGH7.2EPSS 4.3%

Command Injection in lodash

發布日:2021/5/6修改日:2025/8/12

也稱為:GHSA-35jh-r3h4-6jhm

描述

`lodash` versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

受影響套件(6)

Debian/node-lodashfrom 0, < 4.17.21+dfsg+~cs8.31.173-1
npm/lodashfrom 0, < 4.17.21
npm/lodash-esfrom 0, < 4.17.21
npm/lodash-templatefrom 0, <= 1.0.0
npm/lodash.templatefrom 0, <= 4.5.0
RubyGems/lodash-railsfrom 0, < 4.17.21

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

參考連結(18)