Home

CVE-2021-23358

Description

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.

Risk Information

Base Score
7.2
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.078

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-23358 are fixed in Nessus Agent (10.1.0.20104)Windows
Vulnerabilities CVE-2021-23358 are fixed in Nessus Agent (x64) (10.1.0.20104)Windows
Vulnerabilities CVE-2021-23358 are fixed in Tenable Nessus 10.1.0Windows
Multiple vulnerabilities are affected in Oracle Commerce Platform 11.3.0Windows
Multiple vulnerabilities are affected in Oracle Commerce Platform 11.3.1Windows
Multiple vulnerabilities are affected in Oracle Commerce Platform 11.3.2Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0Windows
None (USN-4913-1) node-underscore_1.7.0~dfsg-1ubuntu1.1_all.debLinux
None (USN-4913-1) node-underscore_1.8.3~dfsg-1ubuntu0.1_all.debLinux
None (USN-4913-1) node-underscore_1.9.1~dfsg-1ubuntu0.20.04.1_all.debLinux
None (USN-4913-1) node-underscore_1.9.1~dfsg-1ubuntu0.20.10.1_all.debLinux
None (USN-4913-1) libjs-underscore_1.7.0~dfsg-1ubuntu1.1_all.debLinux
None (USN-4913-1) libjs-underscore_1.8.3~dfsg-1ubuntu0.1_all.debLinux
None (USN-4913-1) libjs-underscore_1.9.1~dfsg-1ubuntu0.20.04.1_all.debLinux
None (USN-4913-1) libjs-underscore_1.9.1~dfsg-1ubuntu0.20.10.1_all.debLinux
Javascript?s functional programming helper library (USN-4913-2) node-underscore_1.9.1~dfsg-1ubuntu0.21.04.1_all.debLinux
Javascript?s functional programming helper library (USN-4913-2) libjs-underscore_1.9.1~dfsg-1ubuntu0.21.04.1_all.debLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-346981Nessus Agent (10.8.4) (Manual Upload Required)
PATCH-346982Nessus Agent (x64) (10.8.4) (Manual Upload Required)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234