6 matches found
Withdrawn: Arbitrary code execution in lodash
Withdrawn GitHub has chosen to publish this CVE as a withdrawn advisory due to it not being a security issue. See this issue for more details. CVE description " DISPUTED A command injection vulnerability in Lodash 4.17.21 allows attackers to achieve arbitrary code execution via the template...
Lodash < 4.17.21 Multiple Vulnerabilities
According to its self-reported version number, Lodash is prior to 4.17.21. It is, therefore, affected by multiple vulnerabilities: - A command injection via template. CVE-2021-23337 - A regular expression denial of dervice via the toNumber, trim and trimEnd functions. CVE-2020-28500 Note that the...
编号撤回
Lodash is an open source JavaScript utility library. A command injection vulnerability exists in Lodash 4.17.21, which can be exploited by attackers to execute arbitrary code via a template function...
GHSA-35JH-R3H4-6JHM Command Injection in lodash
lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function...
Code Injection
Overview lodash-rails is a lodash for the Rails asset pipeline. Affected versions of this package are vulnerable to Code Injection due the improper validation of options.variable key names in .template. An attacker can execute arbitrary code at template compilation time by injecting malicious...
Code Injection
Overview Affected versions of this package are vulnerable to Code Injection due the improper validation of options.variable key names in .template. An attacker can execute arbitrary code at template compilation time by injecting malicious expressions. If Object.prototype has been polluted,...