CVE-2021-23358

Summary

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.

Affected Software

VendorProductVersion RangeStatus
n/aunderscore1.13.0-0 < unspecifiedaffected
n/aunderscoreunspecified < 1.13.0-2affected
n/aunderscore1.3.2 < unspecifiedaffected
n/aunderscoreunspecified < 1.12.1affected

Weaknesses

  • Arbitrary Code Injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References