📂 Vulnerable Library - lodash.template-4.5.0.tgz
The Lodash method _.template exported as a module.
Path to dependency file: /script/package.json
Findings
| Finding |
Severity |
🎯 CVSS |
Exploit Maturity |
EPSS |
Library |
Type |
Fixed in |
Remediation Available |
Reachability |
| CVE-2021-23337 |
🔴 High |
7.3 |
Proof of concept |
< 1% |
lodash.template-4.5.0.tgz |
Direct |
lodash - 4.17.21,lodash-es - 4.17.21 |
✅ |
|
Details
🔴CVE-2021-23337
Vulnerable Library - lodash.template-4.5.0.tgz
The Lodash method _.template exported as a module.
Library home page: https://registry.npmjs.org/lodash.template/-/lodash.template-4.5.0.tgz
Path to dependency file: /script/package.json
Dependency Hierarchy:
Vulnerability Details
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Publish Date: Feb 15, 2021 12:15 PM
URL: CVE-2021-23337
Threat Assessment
Exploit Maturity:Proof of concept
EPSS:< 1%
Score: 7.3
Suggested Fix
Type: Upgrade version
Origin: GHSA-35jh-r3h4-6jhm
Release Date: Feb 15, 2021 12:15 PM
Fix Resolution : lodash - 4.17.21,lodash-es - 4.17.21
📂 Vulnerable Library - lodash.template-4.5.0.tgz
The Lodash method
_.templateexported as a module.Path to dependency file: /script/package.json
Findings
Details
🔴CVE-2021-23337
Vulnerable Library - lodash.template-4.5.0.tgz
The Lodash method
_.templateexported as a module.Library home page: https://registry.npmjs.org/lodash.template/-/lodash.template-4.5.0.tgz
Path to dependency file: /script/package.json
Dependency Hierarchy:
electron-winstaller-0.0.1.tgz (Root Library)
❌ lodash.template-4.5.0.tgz (Vulnerable Library)
Vulnerability Details
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Publish Date: Feb 15, 2021 12:15 PM
URL: CVE-2021-23337
Threat Assessment
Exploit Maturity:Proof of concept
EPSS:< 1%
Score: 7.3
Suggested Fix
Type: Upgrade version
Origin: GHSA-35jh-r3h4-6jhm
Release Date: Feb 15, 2021 12:15 PM
Fix Resolution : lodash - 4.17.21,lodash-es - 4.17.21