Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2021/12/03 8:37 p.m.193 views

Withdrawn: Arbitrary code execution in lodash

Withdrawn GitHub has chosen to publish this CVE as a withdrawn advisory due to it not being a security issue. See this issue for more details. CVE description " DISPUTED A command injection vulnerability in Lodash 4.17.21 allows attackers to achieve arbitrary code execution via the template...

3.8AI score0.2241EPSS
Exploits2References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/10/04 12:0 a.m.839 views

Lodash < 4.17.21 Multiple Vulnerabilities

According to its self-reported version number, Lodash is prior to 4.17.21. It is, therefore, affected by multiple vulnerabilities: - A command injection via template. CVE-2021-23337 - A regular expression denial of dervice via the toNumber, trim and trimEnd functions. CVE-2020-28500 Note that the...

7.2CVSS7AI score0.2241EPSS
Exploits3References4
CNNVD
CNNVD
added 2021/09/30 12:0 a.m.4 views

编号撤回

Lodash is an open source JavaScript utility library. A command injection vulnerability exists in Lodash 4.17.21, which can be exploited by attackers to execute arbitrary code via a template function...

6.2AI score
Exploits0
OSV
OSV
added 2021/05/06 4:5 p.m.8 views

GHSA-35JH-R3H4-6JHM Command Injection in lodash

lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function...

7.2CVSS6.9AI score0.2241EPSS
Exploits2References17
Snyk
Snyk
added 2020/11/17 1:2 p.m.4 views

Code Injection

Overview lodash-rails is a lodash for the Rails asset pipeline. Affected versions of this package are vulnerable to Code Injection due the improper validation of options.variable key names in .template. An attacker can execute arbitrary code at template compilation time by injecting malicious...

7.2CVSS7.2AI score0.2241EPSS
Exploits2References2
Snyk
Snyk
added 2020/11/17 1:2 p.m.8 views

Code Injection

Overview Affected versions of this package are vulnerable to Code Injection due the improper validation of options.variable key names in .template. An attacker can execute arbitrary code at template compilation time by injecting malicious expressions. If Object.prototype has been polluted,...

7.2CVSS7.2AI score0.2241EPSS
Exploits2References2
Rows per page
Query Builder