17 matches found
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in underscore-1.13.7.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in underscore-1.13.7.tgz Vulnerability Details CVEID:CVE-2026-27601 DESCRIPTION: Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under...
Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.4.0 Vulnerability Details CVEID:CVE-2026-27601 DESCRIPTION: Underscore.js is a utility-belt library for JavaScript. Prior...
AZL-79320 CVE-2026-27601 affecting package cyrus-sasl 2.1.28-4
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
AZL-79313 CVE-2026-27601 affecting package boost 1.83.0-2
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
AZL-79463 CVE-2026-27601 affecting package rsyslog 8.2308.0-5
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
AZL-79404 CVE-2026-27601 affecting package python-sqlalchemy 1.4.32-2
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
AZL-79401 CVE-2026-27601 affecting package python-sphinx 4.4.0-3
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
AZL-79427 CVE-2026-27601 affecting package numpy 1.26.3-4
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
UBUNTU-CVE-2026-27601
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
CVE-2026-27601 Underscore.js has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
Vulnerability fixed in Tenable Nessus
A vulnerability has been fixed in Tenable Nessus. Nessus makes uses Underscore.js, a JavaScript library. Developers of Underscore have fixed the vulnerability with reference CVE-2021-23358 fixed. This vulnerability allows an authenticated remote malicious person to execute arbitrary code by...
OESA-2021-1174 nodejs-underscore security update
Underscore.js is a utility-belt library for JavaScript that provides support for the usual functional suspects each, map, reduce, filter... without extending any core JavaScript objects. Security Fixes: The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are...
USN-4913-1: Underscore vulnerability
It was discovered that Underscore incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary code...
UBUNTU-CVE-2021-23358
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized...
npm underscore 代码注入漏洞
npm underscore is an application from the US-based npm Inc. a JavaScript utility library that provides support for common suspicious functions without extending any core JavaScript objects. A code injection vulnerability exists in npm underscore, which can be exploited by an attacker to easily...
PT-2021-7457
Name of the Vulnerable Software and Affected Versions underscore versions 1.3.2 through 1.12.1 underscore versions 1.13.0-0 through 1.13.0-2 Description The issue is related to the template function in the underscore library, which is used for working with arrays in JavaScript. It is caused by...
underscore
/\ ...