The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.

ibm 11

atlassian 10

veracode 1

fedora 2

openvas 9

nessus 14

osv 2

redhatcve 1

nodejs 1

ubuntu 1

ubuntucve 1

cve 1

github 1

prion 1

mageia 1

debiancve 1

githubexploit 1

tenable 1

redhat 4

oracle 1

ibm

Security Bulletin: IBM App Connect Enterprise v11 is affected by vulnerabilities in Node.js (CVE-2021-23358)

2021-12-09 11:28:31

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability - Underscore.js (CVE-2021-23358)

2021-12-15 08:11:30

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to underscore vulnerability (CVE-2021-23358)

2021-07-30 05:01:48

atlassian

CVE-2021-23358 - Need to upgrade Underscore.js to 1.13.1 or higher

2021-10-21 11:57:11

Notifications: upgrade Underscore.js to 1.13.1 or higher

2022-07-04 00:07:35

UPM: upgrade Underscore.js to 1.13.1 or higher

2022-07-04 00:04:01

veracode

Arbitrary Code Execution

2021-03-30 07:34:14

fedora

[SECURITY] Fedora 33 Update: nodejs-underscore-1.13.1-1.fc33

2021-08-24 01:05:31

[SECURITY] Fedora 34 Update: nodejs-underscore-1.13.1-1.fc34

2021-08-24 03:33:12

openvas

Tenable Nessus < 10.1.0 Arbitrary Code Injection Vulnerability (TNS-2022-04)

2022-11-07 00:00:00

Mageia: Security Advisory (MGASA-2021-0269)

2022-01-28 00:00:00

Fedora: Security Advisory for nodejs-underscore (FEDORA-2021-e49f936d9f)

2021-08-26 00:00:00

nessus

Debian DLA-2613-1 : underscore security update

2021-04-01 00:00:00

Ubuntu 21.04 : Underscore vulnerability (USN-4913-2)

2021-04-28 00:00:00

Tenable Nessus 10.x < 10.1.0 / 8.x < 8.15.3 Third-Party Vulnerability (TNS-2022-04)

2022-02-03 00:00:00

osv

Arbitrary Code Execution in underscore

2021-05-06 16:09:43

CVE-2021-23358

2021-03-29 14:15:18

redhatcve

CVE-2021-23358

2021-03-29 18:02:58

nodejs

Arbitrary Code Execution

2021-05-06 16:14:45

ubuntu

Underscore vulnerability

2021-04-28 00:00:00

ubuntucve

CVE-2021-23358

2021-03-29 00:00:00

cve

CVE-2021-23358

2021-03-29 14:15:18

github

Arbitrary Code Execution in underscore

2021-05-06 16:09:43

prion

Code injection

2021-03-29 14:15:00

mageia

Updated puddletag packages fix security vulnerability

2021-06-18 22:24:28

debiancve

CVE-2021-23358

2021-03-29 14:15:18

githubexploit

Exploit for Code Injection in Underscorejs Underscore

2023-02-25 19:12:13

tenable

[R2] Tenable.sc 5.19.0 Fixes Multiple Third-party Vulnerabilities

2021-07-22 18:11:52

redhat

(RHSA-2021:2865) Moderate: RHV Manager (ovirt-engine) security update [ovirt-4.4.7]

2021-07-22 14:06:26

(RHSA-2022:6393) Important: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update

2022-09-08 11:20:25

(RHSA-2021:1499) Moderate: Red Hat Advanced Cluster Management 2.2.3 security and bug fix update

2021-05-04 14:45:35

oracle

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.5 Medium

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.9%

JSON

Related for CVELIST:CVE-2021-23358