CVE-2021-23358: Code Injection

March 29, 2021 (updated November 9, 2023)

The underscore package is are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.

References

nvd.nist.gov/vuln/detail/CVE-2021-23358

Code Behaviors & Features

Detect and mitigate CVE-2021-23358 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →