CVE-2021-23337

February 26, 2021

All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Command Injection via template.

Summary:

All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Command Injection via template.

Reference Links(if available):

  • https://snyk.io/vuln/SNYK-JS-LODASH-1040724
  • https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931
  • https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929
  • https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932
  • https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851

    • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • You may have missed

    image

    [RHYSIDA] – Ransomware Victim: American Addiction Centers

    November 16, 2024
    image

    [LYNX] – Ransomware Victim: Grupo_Trisan

    November 16, 2024
    brute ratel c4

    Brute Ratel C4 Detected – 52[.]193[.]97[.]60:80

    November 16, 2024
    CISA Logo

    CISA: CISA Releases One Industrial Control Systems Advisory

    November 16, 2024
    CISA Logo

    CISA: CISA Adds One Known Exploited Vulnerability to Catalog

    November 16, 2024