CVE-2021-23358
npm/underscore
Code Injection
The underscore package is are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
All versions starting from 1.3.2 before 1.12.1, all versions starting from 1.13.0-0 before 1.13.0-2
Upgrade to versions 1.12.1, 1.13.1 or above.
2021-05-03
source |