You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Withdrawn GitHub has chosen to publish this CVE as a withdrawn advisory due to it not being a security issue. See this issue for more details. CVE description DISPUTED A command injection vulnerability in Lodash 4.17.21 allows attackers to achieve arbitrary code execution via the template function. This is a different parameter, method, and version than CVE-2021-23337. NOTE: the vendor's position is that it's the developer's responsibility to ensure that a template does not evaluate code that originates from untrusted input.
Could you please review if this need to be fixed or not needed.
The text was updated successfully, but these errors were encountered:
Withdrawn GitHub has chosen to publish this CVE as a withdrawn advisory due to it not being a security issue. See this issue for more details. CVE description DISPUTED A command injection vulnerability in Lodash 4.17.21 allows attackers to achieve arbitrary code execution via the template function. This is a different parameter, method, and version than CVE-2021-23337. NOTE: the vendor's position is that it's the developer's responsibility to ensure that a template does not evaluate code that originates from untrusted input.
Could you please review if this need to be fixed or not needed.
The text was updated successfully, but these errors were encountered: