Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
7.2
CVSSv3

CVE-2021-23337

CVSSv4: NA | CVSSv3: 7.2 | CVSSv2: 6.5 | VMScore: 820 | EPSS: 0.00859 | KEV: Not Included
Published: 15/02/2021 Updated: 21/11/2024

Vulnerability Summary

Lodash versions before 4.17.21 are vulnerable to Command Injection via the template function.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

lodash lodash

oracle banking corporate lending process management 14.2.0

oracle banking corporate lending process management 14.3.0

oracle banking corporate lending process management 14.5.0

oracle banking credit facilities process management 14.2.0

oracle banking credit facilities process management 14.3.0

oracle banking credit facilities process management 14.5.0

oracle banking extensibility workbench 14.2.0

oracle banking extensibility workbench 14.3.0

oracle banking extensibility workbench 14.5.0

oracle banking supply chain finance 14.2.0

oracle banking supply chain finance 14.3.0

oracle banking supply chain finance 14.5.0

oracle banking trade finance process management 14.2.0

oracle banking trade finance process management 14.3.0

oracle banking trade finance process management 14.5.0

oracle communications cloud native core binding support function 1.9.0

oracle communications cloud native core policy 1.11.0

oracle communications design studio 7.4.2.0.0

oracle communications services gatekeeper 7.0

oracle communications session border controller 8.4

oracle communications session border controller 9.0

oracle enterprise communications broker 3.2.0

oracle enterprise communications broker 3.3.0

oracle financial services crime and compliance management studio 8.0.8.2.0

oracle financial services crime and compliance management studio 8.0.8.3.0

oracle health sciences data management workbench 2.5.2.1

oracle health sciences data management workbench 3.0.0.0

oracle jd edwards enterpriseone tools

oracle peoplesoft enterprise peopletools 8.58

oracle peoplesoft enterprise peopletools 8.59

oracle primavera gateway

oracle primavera unifier

oracle primavera unifier 18.8

oracle primavera unifier 19.12

oracle primavera unifier 20.12

oracle retail customer management and segmentation foundation 19.0

netapp active iq unified manager -

netapp cloud manager -

netapp system manager 9.0

siemens sinec ins

siemens sinec ins 1.0

Vendor Advisories

Red Hat: Important: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update
Synopsis Important: Migration Toolkit for Containers (MTC) 174 security and bug fix update Type/Severity Security Advisory: Important Topic The Migration Toolkit for Containers (MTC) 174 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ba ...
Debian CVElist Bug Report Logs: CVE-2021-23337 CVE-2020-28500
Debian Bug report logs - #985086 CVE-2021-23337 CVE-2020-28500 Package: node-lodash; Maintainer for node-lodash is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Source for node-lodash is src:node-lodash (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 1 ...

ICS Advisories

Siemens SINEC INS

Github Repositories

https://github.com/shunmugadigialert/nodejs2

A sample application with known vulnerabilities - JavaScript, Express A sample application with known issues for testing various linters, scanners, and scan automation This project uses: Component In Use Platform NodeJS Language(s) JavaScript (ECMAScript) Build npm Framework Express Security issues Vulnerability Type Description Location PoC Command Cros

https://github.com/Brook-5686/Node_JS_2

A sample application with known vulnerabilities - JavaScript, Express A sample application with known issues for testing various linters, scanners, and scan automation This project uses: Component In Use Platform NodeJS Language(s) JavaScript (ECMAScript) Build npm Framework Express Security issues Vulnerability Type Description Location PoC Command Cros

https://github.com/shunmugadigialert/nodejs2Ai

A sample application with known vulnerabilities - JavaScript, Express A sample application with known issues for testing various linters, scanners, and scan automation This project uses: Component In Use Platform NodeJS Language(s) JavaScript (ECMAScript) Build npm Framework Express Security issues Vulnerability Type Description Location PoC Command Cros

https://github.com/digiALERT1/Node_JS_2

A sample application with known vulnerabilities - JavaScript, Express A sample application with known issues for testing various linters, scanners, and scan automation This project uses: Component In Use Platform NodeJS Language(s) JavaScript (ECMAScript) Build npm Framework Express Security issues Vulnerability Type Description Location PoC Command Cros

https://github.com/blueskyfish/generator-express-restful-mysql

Generates a express restfull application with the mysql connection

Generator Express Restful MySQL Generates a express restful application with the mysql connection It use the EM2015 Javascript This is a Yeoman Generator generates a scaffolding for an application with a restful interface with express and mysql Looking for the generator for ES5? The branch "generator-0-7" find here githubcom/blueskyfish/generator-expres

https://github.com/tomjfrog-org/frogbot-npm-demo

Frogbot Demo The Defined Watch From My Jfrog Platform Deployment (JPD) { "general_data": { "id": "73edfa9015f68719bad22177", "name": "frogbot-test-watch", <--------- "active": true }, "project_resources": { "resources": [ { "type": "all-builds", &quo

https://github.com/the-scan-project/tsp-vulnerable-app-nodejs-express

A sample application with known vulnerabilities - JavaScript, Express

A sample application with known vulnerabilities - JavaScript, Express A sample application with known issues for testing various linters, scanners, and scan automation This project uses: Component In Use Platform NodeJS Language(s) JavaScript (ECMAScript) Build npm Framework Express Security issues Vulnerability Type Description Location PoC Command Cros

https://github.com/hunthack3r/Raporlar

Raporlar githubcom/reddelexc/hackerone-reports SSTI Notlarim Bir hata yakalamaya çalışırken @inflection programında test yapıyordum ve bu sırada goodhirecom'u incelemeye başladım Bu site test kapsamındaydı, ancak HubSpot CMS kullandığını fark etmedim Uzun süre test yaptıktan sonra, potansiyel bi

https://github.com/sreejithinfysec/nodejs2

A sample application with known vulnerabilities - JavaScript, Express A sample application with known issues for testing various linters, scanners, and scan automation This project uses: Component In Use Platform NodeJS Language(s) JavaScript (ECMAScript) Build npm Framework Express Security issues Vulnerability Type Description Location PoC Command Cros

https://github.com/cduplantis/blank

blank The following is an example of how one might display errors/warnings in the build where lodashtemplate is used due to the unresolved CVE /*eslint no-restricted-imports: ["error", { paths: [{ name: "lodash", importNames: ["template"], message: "Importing 'lodashtemplate' from 'lodash' is not allo

https://github.com/LSEG-API-Samples/Example.EWA.TypeScript.WebApplication

This example shows how to implement the Elektron WebSocket API JavaScript web application with TypeScript.

Websocket API for Pricing Streaming and Real-Time Service with TypeScript Example Overview Example Code Disclaimer: ALL EXAMPLE CODE IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS FOR ILLUSTRATIVE PURPOSES ONLY REFINITIV MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE OPERATION OF THE EXAMPLE CODE, OR THE INFORMATIO

https://github.com/Refinitiv-API-Samples/Example.EWA.TypeScript.WebApplication

This example shows how to implement the Elektron WebSocket API JavaScript web application with TypeScript.

Websocket API for Pricing Streaming and Real-Time Service with TypeScript Example Overview Example Code Disclaimer: ALL EXAMPLE CODE IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS FOR ILLUSTRATIVE PURPOSES ONLY REFINITIV MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE OPERATION OF THE EXAMPLE CODE, OR THE INFORMATIO

https://github.com/NidalShaterM/trivy-security-scan

trivy-security-scan Examples: vulnerabilities in Nodejs dependencies, "lodash": "41720" # 🚨 Vulnerable Version (CVE-2021-23337) HARD CODED SECRETS // const API_KEY = ""; // 🚨 Hardcoded secret Nodejs 14 is deprecated & insecure K8s misconfig like apiVersion: v1 kind: Pod metadata: name: insecure-pod spec: containers: -

https://github.com/JimmyJohnLakeCook/lodash-backport

Backport of security patches for legacy versions of Lodash

Security-compliant Legacy Lodash Backport of CVE-2021-23337 to legacy versions of Lodash Overview lodash versions prior to 41721 are vulnerable to Command Injection via the template function Remediation This repository backports security patches from lodash version 41721 to legacy versions

https://github.com/futurecreationstvl/Node-JS-2

A sample application with known vulnerabilities - JavaScript, Express A sample application with known issues for testing various linters, scanners, and scan automation This project uses: Component In Use Platform NodeJS Language(s) JavaScript (ECMAScript) Build npm Framework Express Security issues Vulnerability Type Description Location PoC Command Cros

https://github.com/p-rog/cve-analyser

A tool to analyse the list of detected CVEs in the containers (usually created by static security scanner) and compare them to the Red Hat Security Data.

cve-analyser A tool to analyse the list of detected CVEs in the containers (usually created by security scanner like JFrog, Aqua, Sysdig or similar) and compare them to the Red Hat Security Data The cve-analyser can find fixes in the rpm packages bundled in the specified container, as well as the fixes in the non-rpm content (like nodejs libraries) Usage To use this tool just

https://github.com/vulncheck-oss/action

The VulnCheck Github Action

The VulnCheck Action Bring VulnCheck into your CI/CD pipeline This Github Action uses the VulnCheck CLI to integrate security-related tasks into your CI/CD pipeline 🤸 Usage 🔏 Scan for vulnerabilities This example will scan for vulnerabilities and report them as a comment on a pull request name: Scan with VulnCheck on: pull_request: branches: - mai

https://github.com/andisfar/LaunchQtCreator

launchqtcreator README QtCreator is very useful for certain tasks! When working on Qt projects, there are things I find Qt Creator invaluable for -just too convenient to use anything else (almost) I often use Visual Studio Code and QtCreator together when working on c++/gui projects

https://github.com/batteryshark/OSSam

An Agent Team built on smolagents to perform Third-Party Package Analysis

OSSam - Open Source Software Assessment and Management Tool OSSam is a comprehensive toolkit for analyzing open-source software packages for both general information and security concerns It helps developers, security researchers, and organizations make informed decisions about the open-source packages they want to incorporate into their projects Features OSSam provides

References

CWE-94https://access.redhat.com/errata/RHSA-2022:6429https://nvd.nist.govhttps://www.cisa.gov/uscert/ics/advisories/icsa-22-258-05https://github.com/blueskyfish/generator-express-restful-mysqlhttps://www.first.org/epsshttps://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdfhttps://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851https://security.netapp.com/advisory/ntap-20210312-0006/https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929https://snyk.io/vuln/SNYK-JS-LODASH-1040724https://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdfhttps://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851https://security.netapp.com/advisory/ntap-20210312-0006/https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929https://snyk.io/vuln/SNYK-JS-LODASH-1040724https://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.html
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
physicalpicture galleryCVE-2025-30352administrator privilegesgdpr toolsCVE-2025-26007CVE-2025-24514CVE-2025-26581CVE-2025-1098wp multistore locatorCVE-2025-26986nous ouvert utile et simplecommand injection
Home
/
Search Results
/
CVE-2021-23337
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook