Lucene search
Ubuntu.comUB:CVE-2021-41720HistorySep 30, 2021 - 12:00 a.m.
CVE-2021-41720
2021-09-3000:00:00
ubuntu.com
ubuntu.com
16
DISPUTED A command injection vulnerability in Lodash 4.17.21 allows
attackers to achieve arbitrary code execution via the template function.
This is a different parameter, method, and version than CVE-2021-23337.
NOTE: the vendor’s position is that it’s the developer’s responsibility to
ensure that a template does not evaluate code that originates from
untrusted input.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | Upstream | noarch | node-lodash | < any | UNKNOWN |
| ubuntu | 21.10 | noarch | node-lodash | < any | UNKNOWN |
| ubuntu | 21.04 | noarch | node-lodash | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | node-lodash | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | node-lodash | < any | UNKNOWN |
Related
debiancve
debiancve
CVE-2021-41720
2021-09-27 00:00:00
cve
cve
CVE-2021-41720
2021-09-30 14:15:00
cnvd
cnvd
Lodash command injection vulnerability
2021-10-14 00:00:00
github
github
Withdrawn: Arbitrary code execution in lodash
2021-12-03 20:37:32
Related for UB:CVE-2021-41720