VDB
DEBIAN-CVE-2021-23337
DEBIAN-CVE-2021-23337
PUBLISHED
CVSS 7.199999809265137 HIGH
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Risk Scores
CVSS 3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | node-lodash | 0, 0, 0 |
| Debian:13 | node-lodash | 0, 0, 0 |
| Debian:12 | node-lodash | 0, 0, 0 |
| Debian:14 | node-lodash | 0, 0, 0 |
Exploit Intelligence
- Fork of lodash.template with CVE-2021-23337 fix (command injection via variable option) (github-poc-repo)
- Fork of lodash.template with CVE-2021-23337 fix (command injection via variable option) (github-poc)
- scanner_test.go (github-poc)
- DemoReseedInfra.kt (github-poc)
- scanner_service.rs (github-poc)
- scanner_service.rs (github-poc)
- summary.html (github-poc)
- pre-recon-cve.test.ts (github-poc)
- mock-api.ts (github-poc)
- renderer-templates.test.ts (github-poc)
…and 4 more exploits
Timeline
- Feb 15, 2021 CVE Published
- Apr 28, 2026 CVE Updated