Lodash Lodash.Template vulnerabilities
2 known vulnerabilities affecting lodash/lodash.template.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2026-4800CRITICALCVSS 9.8≤ 4.5.02026-03-31
CVE-2026-4800 [CRITICAL] CVE-2026-4800: Impact:
The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added valida
Impact:
The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink.
When an application passes untrusted input as options.imports key names, an attacker can
cvelistv5ghsanvdosv
CVE-2021-23337HIGHCVSS 7.2PoC≥ 4.0.0, < 4.18.02021-02-15
CVE-2021-23337 [HIGH] CWE-94 CVE-2021-23337: Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
ghsanvdosv