CVE-2021-23337

ADVISORY - github

Summary

lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

EPSS Score⁠: 0.00859 (0.740)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-94⁠

Improper Control of Generation of Code ('Code Injection')

ADVISORY - github

CWE-77⁠

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-94⁠

Improper Control of Generation of Code ('Code Injection')

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-77⁠

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

CWE-94⁠

Improper Control of Generation of Code ('Code Injection')

ADVISORY - redhat

CWE-78⁠

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Impacted images

Advisories

NIST

CREATED

4 years ago

UPDATED

7 months ago

ADVISORY IDCVE-2021-23337⁠

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-94⁠

CVSS SCORE

7.2high

GitHub

CREATED

4 years ago

UPDATED

1 year ago

ADVISORY IDGHSA-35jh-r3h4-6jhm⁠

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-77⁠CWE-94⁠

CVSS SCORE

7.2high

Debian

CREATED

4 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2021-23337⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

4 years ago

UPDATED

25 days ago

ADVISORY IDCVE-2021-23337⁠

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.2medium

GitLab

CREATED

4 years ago

UPDATED

1 year ago

ADVISORY ID

CVE-2021-23337

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-77⁠CWE-937⁠CWE-94⁠

CVSS SCORE

7.2high

Red Hat

CREATED

4 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2021-23337⁠

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-78⁠

CVSS SCORE

7.2medium

intheWild

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY IDCVE-2021-23337⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY