CVE-2021-23358

Code Injection in npm/underscore

Identifier

CVE-2021-23358

Package Slug

npm/underscore

Vulnerability

Code Injection

Description

The package underscore from , from are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.

Affected Versions

All versions starting from 1.3.2 before 1.12.1, all versions starting from 1.13.0 before 1.13.1

Solution

Upgrade to versions 1.12.1, 1.13.1 or above.

Last Modified

2021-05-03

source