7.2

CVE-2021-23337

Exploit

Command Injection

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LodashLodash SwPlatformnode.js Version < 4.17.21
OracleCommunications Design Studio Version7.4.2.0.0
OracleJd Edwards Enterpriseone Tools Version < 9.2.6.1
OraclePrimavera Gateway Version >= 17.12.0 <= 17.12.11
OraclePrimavera Gateway Version >= 18.8.0 <= 18.8.12
OraclePrimavera Gateway Version >= 19.12.0 <= 19.12.11
OraclePrimavera Gateway Version >= 20.12.0 <= 20.12.7
OraclePrimavera Unifier Version >= 17.7 <= 17.12
OraclePrimavera Unifier Version18.8
OraclePrimavera Unifier Version19.12
OraclePrimavera Unifier Version20.12
NetappActive Iq Unified Manager Version- SwPlatformlinux
NetappActive Iq Unified Manager Version- SwPlatformvmware_vsphere
NetappActive Iq Unified Manager Version- SwPlatformwindows
NetappCloud Manager Version-
NetappSystem Manager Version9.0
SiemensSinec Ins Version < 1.0
SiemensSinec Ins Version1.0 Update-
SiemensSinec Ins Version1.0 Updatesp1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 22.41% 0.974
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
report@snyk.io 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://www.oracle.com/security-alerts/cpujan2022.html
Patch
Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Patch
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
Patch
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210312-0006/
Third Party Advisory
https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851
Broken Link
https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932
Third Party Advisory
Exploit
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930
Third Party Advisory
Exploit
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928
Third Party Advisory
Exploit
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931
Third Party Advisory
Exploit
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929
Third Party Advisory
Exploit
https://snyk.io/vuln/SNYK-JS-LODASH-1040724
Third Party Advisory
Exploit