Security Advisory

CVE-2021-23358

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-03-29 13:15:34

Last updated 2025-11-03 21:44:35

Assigner snyk

State PUBLISHED

Description

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.

← Browse all CVEs View on cve.org ↗