Severity: high

    Command Injection

    lodash

    Overview

    lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

    Remediation

    Upgrade to version 4.17.21 or later

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      May 6th, 2021
    2. reported

      Reported by Anonymous
      May 6th, 2021