CVE-2021-23337 (CNNVD-202102-1137)

HIGH
中文标题:
lodash 代码注入漏洞
英文标题:
Command Injection
CVSS分数: 7.2
发布时间: 2021-02-15 12:15:14
漏洞类型: 代码注入
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

lodash是一款开源的JavaScript实用程序库。 lodash 中存在代码注入漏洞,该漏洞源于外部输入数据构造可执行命令过程中,网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞执行非法命令。

英文描述:

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

CWE类型:
CWE-94
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
lodash lodash * - - cpe:2.3:a:lodash:lodash:*:*:*:*:*:node.js:*:*
oracle banking_corporate_lending_process_management 14.2.0 - - cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*
oracle banking_corporate_lending_process_management 14.3.0 - - cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*
oracle banking_corporate_lending_process_management 14.5.0 - - cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*
oracle banking_credit_facilities_process_management 14.2.0 - - cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*
oracle banking_credit_facilities_process_management 14.3.0 - - cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*
oracle banking_credit_facilities_process_management 14.5.0 - - cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*
oracle banking_extensibility_workbench 14.2.0 - - cpe:2.3:a:oracle:banking_extensibility_workbench:14.2.0:*:*:*:*:*:*:*
oracle banking_extensibility_workbench 14.3.0 - - cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*
oracle banking_extensibility_workbench 14.5.0 - - cpe:2.3:a:oracle:banking_extensibility_workbench:14.5.0:*:*:*:*:*:*:*
oracle banking_supply_chain_finance 14.2.0 - - cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*
oracle banking_supply_chain_finance 14.3.0 - - cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*
oracle banking_supply_chain_finance 14.5.0 - - cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:*
oracle banking_trade_finance_process_management 14.2.0 - - cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2.0:*:*:*:*:*:*:*
oracle banking_trade_finance_process_management 14.3.0 - - cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3.0:*:*:*:*:*:*:*
oracle banking_trade_finance_process_management 14.5.0 - - cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:*
oracle communications_cloud_native_core_binding_support_function 1.9.0 - - cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.9.0:*:*:*:*:*:*:*
oracle communications_cloud_native_core_policy 1.11.0 - - cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:*
oracle communications_design_studio 7.4.2.0.0 - - cpe:2.3:a:oracle:communications_design_studio:7.4.2.0.0:*:*:*:*:*:*:*
oracle communications_services_gatekeeper 7.0 - - cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
oracle communications_session_border_controller 8.4 - - cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*
oracle communications_session_border_controller 9.0 - - cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*
oracle enterprise_communications_broker 3.2.0 - - cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*
oracle enterprise_communications_broker 3.3.0 - - cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*
oracle financial_services_crime_and_compliance_management_studio 8.0.8.2.0 - - cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*
oracle financial_services_crime_and_compliance_management_studio 8.0.8.3.0 - - cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*
oracle health_sciences_data_management_workbench 2.5.2.1 - - cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:*
oracle health_sciences_data_management_workbench 3.0.0.0 - - cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:*
oracle jd_edwards_enterpriseone_tools * - - cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.58 - - cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.59 - - cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
oracle primavera_gateway * - - cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
oracle primavera_unifier * - - cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
oracle primavera_unifier 18.8 - - cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
oracle primavera_unifier 19.12 - - cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
oracle primavera_unifier 20.12 - - cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
oracle retail_customer_management_and_segmentation_foundation 19.0 - - cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
netapp active_iq_unified_manager - - - cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
netapp cloud_manager - - - cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*
netapp system_manager 9.0 - - cpe:2.3:a:netapp:system_manager:9.0:*:*:*:*:*:*:*
siemens sinec_ins * - - cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*
siemens sinec_ins 1.0 - - cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
无标题 x_refsource_CONFIRM
cve.org
访问
CVSS评分详情
3.1 (cna)
HIGH
7.2
CVSS向量: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C
机密性
HIGH
完整性
HIGH
可用性
HIGH
时间信息
发布时间:
2021-02-15 12:15:14
修改时间:
2024-09-16 19:15:17
创建时间:
2025-11-11 15:36:40
更新时间:
2025-11-11 15:56:36
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2021-23337 2025-11-11 15:20:49 2025-11-11 07:36:40
NVD nvd_CVE-2021-23337 2025-11-11 14:57:33 2025-11-11 07:45:01
CNNVD cnnvd_CNNVD-202102-1137 2025-11-11 15:10:35 2025-11-11 07:56:36
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 15:56:36
vulnerability_type: 未提取 → 代码注入; cnnvd_id: 未提取 → CNNVD-202102-1137; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 代码注入
  • cnnvd_id: 未提取 -> CNNVD-202102-1137
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:45:01
affected_products_count: 0 → 42; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • affected_products_count: 0 -> 42
  • data_sources: ['cve'] -> ['cve', 'nvd']