Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:underscorejs:underscore:1.5.0:*:*:*:*:node.js:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-23358 |
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized. Published: March 29, 2021; 10:15:18 AM -0400 |
V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |