** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVSS
No CVSS.
References
No reference.
Configurations
No configuration.
History
01 Dec 2021, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
| CPE | ||
| References |
|
|
| Summary | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |
| CWE |
30 Nov 2021, 21:52
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://web.archive.org/web/20211004200531/https:/github.com/lodash/lodash/issues/5261 - Exploit, Third Party Advisory |
17 Nov 2021, 18:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
01 Oct 2021, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | ** DISPUTED ** A command injection vulnerability in Lodash 4.17.21 allows attackers to achieve arbitrary code execution via the template function. This is a different parameter, method, and version than CVE-2021-23337. NOTE: the vendor's position is that it's the developer's responsibility to ensure that a template does not evaluate code that originates from untrusted input. |
01 Oct 2021, 00:07
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:lodash:lodash:4.17.21:*:*:*:*:node.js:*:* | |
| CWE | CWE-77 | |
| References | (MISC) https://github.com/lodash/lodash/issues/5261 - Exploit, Third Party Advisory | |
| CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
30 Sep 2021, 14:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-09-30 14:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-41720
Mitre link : CVE-2021-41720
CVE.ORG link : CVE-2021-41720
JSON object : View
Products Affected
No product.
CWE
No CWE.