DISPUTED A command injection vulnerability in Lodash 4.17.21 allows
attackers to achieve arbitrary code execution via the template function.
This is a different parameter, method, and version than CVE-2021-23337.
NOTE: the vendor’s position is that it’s the developer’s responsibility to
ensure that a template does not evaluate code that originates from
untrusted input.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | Upstream | noarch | node-lodash | < any | UNKNOWN |
ubuntu | 21.10 | noarch | node-lodash | < any | UNKNOWN |
ubuntu | 21.04 | noarch | node-lodash | < any | UNKNOWN |
ubuntu | 20.04 | noarch | node-lodash | < any | UNKNOWN |
ubuntu | 18.04 | noarch | node-lodash | < any | UNKNOWN |