Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
13 Sep 2022, 21:25
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:* cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:* |
25 Jul 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-94 | |
References |
|
04 Apr 2022, 13:32
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.9.0:*:*:*:*:*:*:* |
|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory |
07 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Dec 2021, 20:52
Type | Values Removed | Values Added |
---|---|---|
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_extensibility_workbench:14.5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:* cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_extensibility_workbench:14.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* cpe:2.3:a:netapp:system_manager:9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_design_studio:7.4.2.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* |
20 Oct 2021, 11:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2021-02-15 13:15
Updated : 2024-02-04 21:23
NVD link : CVE-2021-23337
Mitre link : CVE-2021-23337
CVE.ORG link : CVE-2021-23337
JSON object : View
Products Affected
lodash
- lodash
oracle
- primavera_unifier
- banking_trade_finance_process_management
- financial_services_crime_and_compliance_management_studio
- banking_corporate_lending_process_management
- health_sciences_data_management_workbench
- banking_credit_facilities_process_management
- primavera_gateway
- retail_customer_management_and_segmentation_foundation
- banking_supply_chain_finance
- communications_cloud_native_core_binding_support_function
- communications_services_gatekeeper
- jd_edwards_enterpriseone_tools
- communications_design_studio
- peoplesoft_enterprise_peopletools
- enterprise_communications_broker
- banking_extensibility_workbench
- communications_cloud_native_core_policy
- communications_session_border_controller
netapp
- cloud_manager
- active_iq_unified_manager
- system_manager
siemens
- sinec_ins
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')