Lookup function information discolosure in helm

The Helm core maintainers have identified an information disclosure vulnerability in Helm 3.0.0-3.1.2. Impact lookup is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about them. This c...

Exposure of Sensitive Information to an Unauthorized Actor

Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. lookup is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about them. This can be us...

Command Injection

Overview lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. Recommendation Upgrade to version 4.17.21 or later References - CVE - GitHub Advisory - Snyk Advisory...

GHSA-CF4H-3JHX-XVHQ Arbitrary Code Execution in underscore

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized...

Arbitrary Code Execution in underscore

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized...

Command Injection in lodash

lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function...

GHSA-35JH-R3H4-6JHM Command Injection in lodash

lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function...

OESA-2021-1174 nodejs-underscore security update

Underscore.js is a utility-belt library for JavaScript that provides support for the usual functional suspects each, map, reduce, filter... without extending any core JavaScript objects. Security Fixes: The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are...

Command Injection in lodash

lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function...

CVE-2021-23358

A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

CVE-2021-23358

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized...

DEBIAN-CVE-2021-23358

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized...

CVE-2021-23358

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized...

Code injection

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized...

UBUNTU-CVE-2021-23358

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized...

CVE-2021-23358

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized...

CVE-2021-23358

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized...

CVE-2021-23358

CVE-2021-23358 concerns the Underscore.js package. Multiple connected documents confirm the vulnerability affects versions up to 1.13.0-2 and earlier than 1.13.0-2 (e.g., 1.3.2 and 1.12.1 and prior), describing Arbitrary Code Injection via the template function when a variable property is passed ...

PT-2021-7457

Name of the Vulnerable Software and Affected Versions: underscore versions 1.3.2 through 1.12.1 underscore versions 1.13.0-0 through 1.13.0-2 Description: The issue is related to the template function in the underscore library, which is used for working with arrays in JavaScript. It is caused by...

CVE-2021-23337

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function...