7 matches found
OESA-2026-1578 nodejs-underscore security update
Underscore.js is a utility-belt library for JavaScript that provides support for the usual functional suspects each, map, reduce, filter... without extending any core JavaScript objects. Security Fixes: Underscore.js is a utility-belt library for JavaScript. Prior to version 1.13.8, the .flatten...
-react-file-list-components (=1.1.1), 01basicreact (>=0.1.0 <=0.1.9) +29465 more potentially affected by CVE-2026-27601 via underscore (>=1.0.3 <=1.13.7)
underscore NPM version =1.0.3, =0.1.0, =0.1.0, =0.1.6 - 0beny1s =1.1.6 - 0scarclassa =1.0.1 - 0scarclassb =1.0.1 - 0scarclassc =1.0.1 - 0scarclassd =1.0.1 - 0scarclasse =1.0.1 - 0scarclassf =1.0.1 - 0scarclassg =1.0.1 - 0scarclassh =1.0.1 - 0scarclassi =1.0.1 - 0scarclassj =1.0.1 - 0scarclassk...
Uncontrolled Recursion
Overview underscore is a JavaScript's functional programming helper library. Affected versions of this package are vulnerable to Uncontrolled Recursion through the .flatten or .isEqual functions that are used without a depth limit. An attacker can cause the application to crash or become...
org.openprovenance.prov:service-templates (>=2.0.6 <=2.1.0), org.webjars.npm:httpntlm (=1.7.7) potentially affected by CVE-2026-27601 via org.webjars.npm:underscore (>=1.12.1 <=1.13.6)
org.webjars.npm:underscore MAVEN version =1.12.1, =2.0.6, =2.1.0 - org.webjars.npm:httpntlm =1.7.7 Source cves: CVE-2026-27601 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15369787...
SUSE CVE-2021-23358
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized...
Security Bulletin: IBM Cloud Pak for Integration is vulnerable to underscore vulnerability (CVE-2021-23358)
Summary IBM Cloud Pak for Integration is vulnerable to underscore vulnerability CVE-2021-23358 with details below. Vulnerability Details CVEID: CVE-2021-23358 DESCRIPTION: Node.js underscore module could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Underscore vulnerability (USN-4913-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4913-1 advisory. It was discovered that Underscore incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary code...