Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Lodash Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2021-23337)

Description

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

Remediation

References

Related Vulnerabilities

WordPress Plugin Nooz Cross-Site Scripting (1.6.0)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Security Bypass (3.5.7)

WebLogic CVE-2018-1257 Vulnerability (CVE-2018-1257)

MySQL CVE-2020-14575 Vulnerability (CVE-2020-14575)

WordPress Plugin Banner Effect Header Cross-Site Request Forgery (1.2.6)

Severity

High

Classification

CVE-2021-23337 CWE-138 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities