NodeJS/lodash/4.17.21
Lodash modular utilities.
https://www.npmjs.com/package/lodash
MIT
1 Security Vulnerabilities
Withdrawn: Arbitrary code execution in lodash
Published date: 2021-12-03T20:37:32Z
CVE: CVE-2021-41720
Links:
Withdrawn
GitHub has chosen to publish this CVE as a withdrawn advisory due to it not being a security issue. See this issue for more details.
CVE description
"** DISPUTED ** A command injection vulnerability in Lodash 4.17.21 allows attackers to achieve arbitrary code execution via the template function. This is a different parameter, method, and version than CVE-2021-23337. NOTE: the vendor's position is that it's the developer's responsibility to ensure that a template does not evaluate code that originates from untrusted input.
Affected versions:
["0.1.0", "0.2.0", "0.2.1", "0.2.2", "0.3.0", "0.3.1", "0.3.2", "0.4.0", "0.4.1", "0.4.2", "0.5.0-rc.1", "0.5.0", "0.5.1", "0.5.2", "0.6.0", "0.6.1", "0.7.0", "0.8.0", "0.8.1", "0.8.2", "0.9.0", "0.9.1", "0.9.2", "0.10.0", "1.0.0-rc.1", "1.0.0-rc.2", "1.0.0-rc.3", "1.0.0", "1.0.1", "1.1.0", "1.1.1", "1.2.0", "1.2.1", "1.3.0", "1.3.1", "2.0.0", "2.1.0", "2.2.0", "2.2.1", "2.3.0", "2.4.0", "2.4.1", "3.0.0", "3.0.1", "3.1.0", "3.2.0", "3.3.0", "3.3.1", "3.4.0", "3.5.0", "3.6.0", "1.0.2", "3.7.0", "2.4.2", "3.8.0", "3.9.0", "3.9.1", "3.9.2", "3.9.3", "3.10.0", "3.10.1", "4.0.0", "4.0.1", "4.1.0", "4.2.0", "4.2.1", "4.3.0", "4.4.0", "4.5.0", "4.5.1", "4.6.0", "4.6.1", "4.7.0", "4.8.0", "4.8.1", "4.8.2", "4.9.0", "4.10.0", "4.11.0", "4.11.1", "4.11.2", "4.12.0", "4.13.0", "4.13.1", "4.14.0", "4.14.1", "4.14.2", "4.15.0", "4.16.0", "4.16.1", "4.16.2", "4.16.3", "4.16.4", "4.16.5", "4.16.6", "4.17.0", "4.17.1", "4.17.2", "4.17.3", "4.17.4", "4.17.5", "4.17.9", "4.17.10", "4.17.11", "4.17.12", "4.17.13", "4.17.14", "4.17.15", "4.17.16", "4.17.17", "4.17.18", "4.17.19", "4.17.20", "4.17.21"]
Secure versions:
[]
114 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 0.5.2 | MIT | 9 | 2012-08-22 - 16:22 | over 11 years |
| 0.5.1 | MIT | 9 | 2012-08-18 - 20:15 | over 11 years |
| 0.5.0 | MIT | 9 | 2012-08-17 - 20:13 | over 11 years |
| 0.5.0-rc.1 | MIT | 9 | 2012-08-07 - 15:08 | over 11 years |
| 0.4.2 | MIT | 9 | 2012-07-16 - 18:49 | almost 12 years |
| 0.4.1 | MIT | 9 | 2012-07-12 - 04:56 | almost 12 years |
| 0.4.0 | MIT | 9 | 2012-07-11 - 17:14 | almost 12 years |
| 0.3.2 | MIT | 9 | 2012-06-14 - 19:19 | almost 12 years |
| 0.3.1 | MIT | 9 | 2012-06-11 - 04:12 | almost 12 years |
| 0.3.0 | MIT | 9 | 2012-06-06 - 20:01 | almost 12 years |
| 0.2.2 | MIT | 9 | 2012-05-30 - 07:56 | almost 12 years |
| 0.2.1 | MIT | 9 | 2012-05-24 - 21:53 | almost 12 years |
| 0.2.0 | MIT | 9 | 2012-05-22 - 04:06 | almost 12 years |
| 0.1.0 | MIT | 9 | 2012-04-23 - 16:37 | about 12 years |