Lucene search
K

10 matches found

SUSE CVE
SUSE CVE
added 2026/04/28 1:45 a.m.6 views

SUSE CVE-2026-4800

Impact: The fix for CVE-2021-23337 https://github.com/advisories/GHSA-35jh-r3h4-6jhm added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. When an application passes...

9.8CVSS5.9AI score0.01735EPSS
Exploits0References4
OSV
OSV
added 2026/04/01 11:51 p.m.5 views

GHSA-R5FR-RJXR-66JC lodash vulnerable to Code Injection via `_.template` imports key names

Impact The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. When an application passes untrusted input as options.imports key names, an attacker...

8.1CVSS6.2AI score0.01735EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/01 11:51 p.m.7 views

EUVD-2026-17610

lodash vulnerable to Code Injection via .template imports key names...

8.1CVSS7.3AI score0.01735EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/01 11:51 p.m.165 views

lodash vulnerable to Code Injection via `_.template` imports key names

Impact The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. When an application passes untrusted input as options.imports key names, an attacker...

9.8CVSS6.1AI score0.01735EPSS
Exploits0References6Affected Software4
UbuntuCve
UbuntuCve
added 2026/03/31 8:16 p.m.3 views

CVE-2026-4800

Impact: The fix for CVE-2021-23337 https://github.com/advisories/GHSA-35jh-r3h4-6jhm added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. When an application passes...

9.8CVSS7.2AI score0.2241EPSS
Exploits2References4
OSV
OSV
added 2026/03/31 8:16 p.m.3 views

UBUNTU-CVE-2026-4800

Impact: The fix for CVE-2021-23337 https://github.com/advisories/GHSA-35jh-r3h4-6jhm added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. When an application passes...

9.8CVSS6.1AI score0.01735EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/31 7:25 p.m.2 views

CVE-2026-4800 lodash vulnerable to Code Injection via `_.template` imports key names

Impact: The fix for CVE-2021-23337 https://github.com/advisories/GHSA-35jh-r3h4-6jhm added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. When an application passes...

8.1CVSS7.1AI score0.01735EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/31 7:25 p.m.28 views

CVE-2026-4800 lodash vulnerable to Code Injection via `_.template` imports key names

Impact: The fix for CVE-2021-23337 https://github.com/advisories/GHSA-35jh-r3h4-6jhm added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. When an application passes...

8.1CVSS0.01735EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/03/31 7:25 p.m.4 views

CVE-2026-4800

Impact: The fix for CVE-2021-23337 https://github.com/advisories/GHSA-35jh-r3h4-6jhm added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. When an application passes...

9.8CVSS5.9AI score0.01735EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.5 views

PT-2026-29336

Name of the Vulnerable Software and Affected Versions lodash versions prior to 4.18.0 Description The software contains a flaw related to template compilation. Specifically, insufficient validation of key names within the options.imports object used by the .template function can allow an attacker...

9.8CVSS5.9AI score0.01735EPSS
Exploits0References359
Rows per page
Query Builder