.avif)
View all vulnerabilities
CVE-2021-23337
Command Injection in lodash
Description
`lodash` versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgradingVulnerability Details
Score
7.1
Score Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Versions
lodash < 4.17.21; lodash-es < 4.17.21; lodash-rails < 4.17.21
Severity
High
High
High
Ecosystem
RubyGems
Publish Date
May 6, 2021
Modified Date
August 12, 2025