📂 Vulnerable Library - postcss-preset-env-6.7.0.tgz
Convert modern CSS into something browsers understand
Findings
| Finding |
Severity |
🎯 CVSS |
Exploit Maturity |
EPSS |
Library |
Type |
Fixed in |
Remediation Available |
Reachability |
| CVE-2021-23337 |
🔴 High |
7.3 |
Proof of concept |
< 1% |
lodash.template-4.5.0.tgz |
Transitive |
N/A |
❌ |
|
Details
🔴CVE-2021-23337
Vulnerable Library - lodash.template-4.5.0.tgz
The Lodash method _.template exported as a module.
Library home page: https://registry.npmjs.org/lodash.template/-/lodash.template-4.5.0.tgz
Dependency Hierarchy:
- postcss-preset-env-6.7.0.tgz (Root Library)
- postcss-initial-3.0.2.tgz
- ❌ lodash.template-4.5.0.tgz (Vulnerable Library)
Vulnerability Details
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Publish Date: Feb 15, 2021 12:15 PM
URL: CVE-2021-23337
Threat Assessment
Exploit Maturity:Proof of concept
EPSS:< 1%
Score: 7.3
Suggested Fix
Type: Upgrade version
Origin: GHSA-35jh-r3h4-6jhm
Release Date: Feb 15, 2021 12:15 PM
Fix Resolution : lodash - 4.17.21,lodash-es - 4.17.21
📂 Vulnerable Library - postcss-preset-env-6.7.0.tgz
Convert modern CSS into something browsers understand
Findings
Details
🔴CVE-2021-23337
Vulnerable Library - lodash.template-4.5.0.tgz
The Lodash method
_.templateexported as a module.Library home page: https://registry.npmjs.org/lodash.template/-/lodash.template-4.5.0.tgz
Dependency Hierarchy:
Vulnerability Details
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Publish Date: Feb 15, 2021 12:15 PM
URL: CVE-2021-23337
Threat Assessment
Exploit Maturity:Proof of concept
EPSS:< 1%
Score: 7.3
Suggested Fix
Type: Upgrade version
Origin: GHSA-35jh-r3h4-6jhm
Release Date: Feb 15, 2021 12:15 PM
Fix Resolution : lodash - 4.17.21,lodash-es - 4.17.21