Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00859}

epss

{'score': 0.00551}


Sun, 08 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.2::el7

Mon, 19 Aug 2024 22:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.2::el7
cpe:/a:redhat:acm:2.2::el8

cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published:

Updated: 2024-09-16T19:15:17.074Z

Reserved: 2021-01-08T00:00:00

Link: CVE-2021-23337

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-02-15T13:15:12.560

Modified: 2024-11-21T05:51:31.643

Link: CVE-2021-23337

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-02-15T00:00:00Z

Links: CVE-2021-23337 - Bugzilla

cve-icon OpenCVE Enrichment

No data.