CVE-2021-23337 (High) detected in lodash-4.17.20.tgz #33
Comments
|
👋 Thanks for reporting! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
CVE-2021-23337 - High Severity Vulnerability
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz
Path to dependency file: github-action-branch-mapper/package.json
Path to vulnerable library: github-action-branch-mapper/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 7e1d72ad0f3f34fedd13594e682e6fe117be1e58
All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Command Injection via template.
Publish Date: 2021-02-15
URL: CVE-2021-23337
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: