NodeJS/lodash/4.17.21
Lodash modular utilities.
https://www.npmjs.com/package/lodash
MIT
1 Security Vulnerabilities
Withdrawn: Arbitrary code execution in lodash
Published date: 2021-12-03T20:37:32Z
CVE: CVE-2021-41720
Links:
Withdrawn
GitHub has chosen to publish this CVE as a withdrawn advisory due to it not being a security issue. See this issue for more details.
CVE description
"** DISPUTED ** A command injection vulnerability in Lodash 4.17.21 allows attackers to achieve arbitrary code execution via the template function. This is a different parameter, method, and version than CVE-2021-23337. NOTE: the vendor's position is that it's the developer's responsibility to ensure that a template does not evaluate code that originates from untrusted input.
Affected versions:
["0.1.0", "0.2.0", "0.2.1", "0.2.2", "0.3.0", "0.3.1", "0.3.2", "0.4.0", "0.4.1", "0.4.2", "0.5.0-rc.1", "0.5.0", "0.5.1", "0.5.2", "0.6.0", "0.6.1", "0.7.0", "0.8.0", "0.8.1", "0.8.2", "0.9.0", "0.9.1", "0.9.2", "0.10.0", "1.0.0-rc.1", "1.0.0-rc.2", "1.0.0-rc.3", "1.0.0", "1.0.1", "1.1.0", "1.1.1", "1.2.0", "1.2.1", "1.3.0", "1.3.1", "2.0.0", "2.1.0", "2.2.0", "2.2.1", "2.3.0", "2.4.0", "2.4.1", "3.0.0", "3.0.1", "3.1.0", "3.2.0", "3.3.0", "3.3.1", "3.4.0", "3.5.0", "3.6.0", "1.0.2", "3.7.0", "2.4.2", "3.8.0", "3.9.0", "3.9.1", "3.9.2", "3.9.3", "3.10.0", "3.10.1", "4.0.0", "4.0.1", "4.1.0", "4.2.0", "4.2.1", "4.3.0", "4.4.0", "4.5.0", "4.5.1", "4.6.0", "4.6.1", "4.7.0", "4.8.0", "4.8.1", "4.8.2", "4.9.0", "4.10.0", "4.11.0", "4.11.1", "4.11.2", "4.12.0", "4.13.0", "4.13.1", "4.14.0", "4.14.1", "4.14.2", "4.15.0", "4.16.0", "4.16.1", "4.16.2", "4.16.3", "4.16.4", "4.16.5", "4.16.6", "4.17.0", "4.17.1", "4.17.2", "4.17.3", "4.17.4", "4.17.5", "4.17.9", "4.17.10", "4.17.11", "4.17.12", "4.17.13", "4.17.14", "4.17.15", "4.17.16", "4.17.17", "4.17.18", "4.17.19", "4.17.20", "4.17.21"]
Secure versions:
[]
114 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 4.1.0 | MIT | 10 | 2016-01-29 - 16:33 | over 9 years |
| 4.0.1 | MIT | 10 | 2016-01-25 - 16:06 | over 9 years |
| 4.0.0 | MIT | 10 | 2016-01-12 - 23:13 | over 9 years |
| 3.10.1 | MIT | 10 | 2015-08-04 - 06:05 | almost 10 years |
| 3.10.0 | MIT | 10 | 2015-06-30 - 15:13 | about 10 years |
| 3.9.3 | MIT | 10 | 2015-05-26 - 01:47 | about 10 years |
| 3.9.2 | MIT | 10 | 2015-05-24 - 20:57 | about 10 years |
| 3.9.1 | MIT | 10 | 2015-05-19 - 21:00 | about 10 years |
| 3.9.0 | MIT | 10 | 2015-05-19 - 18:26 | about 10 years |
| 3.8.0 | MIT | 10 | 2015-05-01 - 15:45 | about 10 years |
| 3.7.0 | MIT | 10 | 2015-04-16 - 15:47 | about 10 years |
| 3.6.0 | MIT | 9 | 2015-03-25 - 15:36 | over 10 years |
| 3.5.0 | MIT | 9 | 2015-03-09 - 05:01 | over 10 years |
| 3.4.0 | MIT | 9 | 2015-03-06 - 16:44 | over 10 years |
| 3.3.1 | MIT | 9 | 2015-02-24 - 16:02 | over 10 years |
| 3.3.0 | MIT | 9 | 2015-02-20 - 17:08 | over 10 years |
| 3.2.0 | MIT | 9 | 2015-02-12 - 17:01 | over 10 years |
| 3.1.0 | MIT | 9 | 2015-02-03 - 16:53 | over 10 years |
| 3.0.1 | MIT | 9 | 2015-01-30 - 09:33 | over 10 years |
| 3.0.0 | MIT | 9 | 2015-01-26 - 15:09 | over 10 years |
| 2.4.2 | MIT | 9 | 2015-04-26 - 21:04 | about 10 years |
| 2.4.1 | MIT | 9 | 2013-12-03 - 16:51 | over 11 years |
| 2.4.0 | MIT | 9 | 2013-11-26 - 19:40 | over 11 years |
| 2.3.0 | MIT | 9 | 2013-11-11 - 17:30 | over 11 years |
| 2.2.1 | MIT | 9 | 2013-10-03 - 18:29 | over 11 years |
| 2.2.0 | MIT | 9 | 2013-09-29 - 21:52 | almost 12 years |
| 2.1.0 | MIT | 9 | 2013-09-23 - 05:57 | almost 12 years |
| 2.0.0 | MIT | 9 | 2013-09-14 - 04:22 | almost 12 years |
| 1.3.1 | MIT | 9 | 2013-09-04 - 14:25 | almost 12 years |
| 1.3.0 | MIT | 9 | 2013-09-04 - 14:25 | almost 12 years |
| 1.2.1 | MIT | 9 | 2013-09-04 - 14:24 | almost 12 years |
| 1.2.0 | MIT | 9 | 2013-09-04 - 14:24 | almost 12 years |
| 1.1.1 | MIT | 9 | 2013-09-04 - 14:24 | almost 12 years |
| 1.1.0 | MIT | 9 | 2013-09-04 - 14:23 | almost 12 years |
| 1.0.2 | MIT | 9 | 2015-03-30 - 15:58 | over 10 years |
| 1.0.1 | MIT | 9 | 2013-08-31 - 05:16 | almost 12 years |
| 1.0.0 | MIT | 9 | 2013-08-31 - 05:11 | almost 12 years |
| 1.0.0-rc.3 | MIT | 9 | 2013-08-31 - 05:08 | almost 12 years |
| 1.0.0-rc.2 | MIT | 9 | 2013-08-31 - 05:05 | almost 12 years |
| 1.0.0-rc.1 | MIT | 9 | 2013-08-31 - 05:00 | almost 12 years |
| 0.10.0 | MIT | 9 | 2013-08-31 - 04:56 | almost 12 years |
| 0.9.2 | MIT | 9 | 2013-08-31 - 04:52 | almost 12 years |
| 0.9.1 | MIT | 9 | 2013-08-31 - 04:49 | almost 12 years |
| 0.9.0 | MIT | 9 | 2013-08-31 - 04:46 | almost 12 years |
| 0.8.2 | MIT | 9 | 2012-10-10 - 07:51 | over 12 years |
| 0.8.1 | MIT | 9 | 2012-10-04 - 08:53 | over 12 years |
| 0.8.0 | MIT | 9 | 2012-10-02 - 06:49 | almost 13 years |
| 0.7.0 | MIT | 9 | 2012-09-11 - 16:24 | almost 13 years |
| 0.6.1 | MIT | 9 | 2012-08-30 - 08:01 | almost 13 years |
| 0.6.0 | MIT | 9 | 2012-08-28 - 16:01 | almost 13 years |