VDB

GCVE-110-MAGEIA-2021-269

GCVE-110-MAGEIA-2021-269
Advisory Published
Vulnetix · Advisory published June 18, 2021
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injectio via the template function, particularly when a variable property is passed as an argument as it is not sanitized (CVE-2021-23358)

Affected Products

VendorProductVersionsPlatforms
Mageiapuddletag0 (affected), 2.0.2-0.git20210523.1.mga8 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›