Lucene search
K

5 matches found

RedHat Linux
RedHat Linux
added 2026/05/19 1:18 p.m.12 views

lodash: lodash: Arbitrary code execution via untrusted input in template imports

A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. Additionally, .template uses assignInWith to merge imports, whi...

9.8CVSS6.1AI score0.01735EPSS
Exploits0References7
Snyk
Snyk
added 2026/03/31 11:2 p.m.6 views

Arbitrary Code Injection

Overview lodash-amd is a Lodash exported as AMD modules. Affected versions of this package are vulnerable to Arbitrary Code Injection due the improper validation of options.imports key names in .template. An attacker can execute arbitrary code at template compilation time by injecting malicious...

9.8CVSS7.5AI score0.2241EPSS
Exploits2References2
Snyk
Snyk
added 2026/03/31 11:2 p.m.10 views

Arbitrary Code Injection

Overview lodash-rails is a lodash for the Rails asset pipeline. Affected versions of this package are vulnerable to Arbitrary Code Injection due the improper validation of options.imports key names in .template. An attacker can execute arbitrary code at template compilation time by injecting...

9.8CVSS6.2AI score0.2241EPSS
Exploits2References2
Snyk
Snyk
added 2026/03/31 11:2 p.m.3 views

Arbitrary Code Injection

Overview org.webjars.npm:lodash.template is a The Lodash method .template exported as a Node.js module. Affected versions of this package are vulnerable to Arbitrary Code Injection due the improper validation of options.imports key names in .template. An attacker can execute arbitrary code at...

9.8CVSS7.1AI score0.2241EPSS
Exploits2References2
Snyk
Snyk
added 2026/03/31 11:2 p.m.4 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection due the improper validation of options.imports key names in .template. An attacker can execute arbitrary code at template compilation time by injecting malicious expressions. If Object.prototype has been pollute...

9.8CVSS7.5AI score0.2241EPSS
Exploits2References2
Rows per page
Query Builder