CVE-2021-23337

All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Command Injection via template.

Summary:

All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Command Injection via template.

Reference Links(if available):

  • https://snyk.io/vuln/SNYK-JS-LODASH-1040724
  • https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931
  • https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929
  • https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932
  • https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851
  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)