Описание
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.8.3~dfsg-1ubuntu0.1 |
| devel | released | 1.9.1~dfsg-2 |
| esm-infra-legacy/trusty | released | 1.4.4-2ubuntu1+esm1 |
| esm-infra/bionic | released | 1.8.3~dfsg-1ubuntu0.1 |
| esm-infra/focal | released | 1.9.1~dfsg-1ubuntu0.20.04.1 |
| esm-infra/xenial | released | 1.7.0~dfsg-1ubuntu1.1 |
| focal | released | 1.9.1~dfsg-1ubuntu0.20.04.1 |
| groovy | released | 1.9.1~dfsg-1ubuntu0.20.10.1 |
| hirsute | released | 1.9.1~dfsg-1ubuntu0.21.04.1 |
| precise/esm | ignored |
Показывать по
EPSS
6.5 Medium
CVSS2
3.3 Low
CVSS3
Связанные уязвимости
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 a ...
EPSS
6.5 Medium
CVSS2
3.3 Low
CVSS3