CVE-2021-23337

📊 7.2 HIGH⚡ 0.3%🎯 0 exploits

📅 Published Feb 15, 2021

📋 Status: Modified

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

🎯 Affected Products & Systems

48 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	lodash	lodash	< 4.17.21 Target SW: node.js	Vulnerable	cpe:2.3:a:lodash:lodash::::::node.js::*
📱App	oracle	banking corporate lending process management	14.2.0	Vulnerable	cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:::::::*
📱App	oracle	banking corporate lending process management	14.3.0	Vulnerable	cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:::::::*
📱App	oracle	banking corporate lending process management	14.5.0	Vulnerable	cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:::::::*
📱App	oracle	banking credit facilities process management	14.2.0	Vulnerable	cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:::::::*
📱App	oracle	banking credit facilities process management	14.3.0	Vulnerable	cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:::::::*
📱App	oracle	banking credit facilities process management	14.5.0	Vulnerable	cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:::::::*
📱App	oracle	banking extensibility workbench	14.2.0	Vulnerable	cpe:2.3:a:oracle:banking_extensibility_workbench:14.2.0:::::::*
📱App	oracle	banking extensibility workbench	14.3.0	Vulnerable	cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:::::::*
📱App	oracle	banking extensibility workbench	14.5.0	Vulnerable	cpe:2.3:a:oracle:banking_extensibility_workbench:14.5.0:::::::*
📱App	oracle	banking supply chain finance	14.2.0	Vulnerable	cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:::::::*
📱App	oracle	banking supply chain finance	14.3.0	Vulnerable	cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:::::::*
📱App	oracle	banking supply chain finance	14.5.0	Vulnerable	cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:::::::*
📱App	oracle	banking trade finance process management	14.2.0	Vulnerable	cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2.0:::::::*
📱App	oracle	banking trade finance process management	14.3.0	Vulnerable	cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3.0:::::::*
📱App	oracle	banking trade finance process management	14.5.0	Vulnerable	cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:::::::*
📱App	oracle	communications cloud native core binding support function	1.9.0	Vulnerable	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.9.0:::::::*
📱App	oracle	communications cloud native core policy	1.11.0	Vulnerable	cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:::::::*
📱App	oracle	communications design studio	7.4.2.0.0	Vulnerable	cpe:2.3:a:oracle:communications_design_studio:7.4.2.0.0:::::::*
📱App	oracle	communications services gatekeeper	7.0	Vulnerable	cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:::::::*
📱App	oracle	communications session border controller	8.4	Vulnerable	cpe:2.3:a:oracle:communications_session_border_controller:8.4:::::::*
📱App	oracle	communications session border controller	9.0	Vulnerable	cpe:2.3:a:oracle:communications_session_border_controller:9.0:::::::*
📱App	oracle	enterprise communications broker	3.2.0	Vulnerable	cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:::::::*
📱App	oracle	enterprise communications broker	3.3.0	Vulnerable	cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:::::::*
📱App	oracle	financial services crime and compliance management studio	8.0.8.2.0	Vulnerable	cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:::::::*
📱App	oracle	financial services crime and compliance management studio	8.0.8.3.0	Vulnerable	cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:::::::*
📱App	oracle	health sciences data management workbench	2.5.2.1	Vulnerable	cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:::::::*
📱App	oracle	health sciences data management workbench	3.0.0.0	Vulnerable	cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:::::::*
📱App	oracle	jd edwards enterpriseone tools	< 9.2.6.1	Vulnerable	cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::
📱App	oracle	peoplesoft enterprise peopletools	8.58	Vulnerable	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
📱App	oracle	peoplesoft enterprise peopletools	8.59	Vulnerable	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:::::::*
📱App	oracle	primavera gateway	≥ 17.12.0 ∧ ≤ 17.12.11	Vulnerable	cpe:2.3:a:oracle:primavera_gateway::::::::
📱App	oracle	primavera gateway	≥ 18.8.0 ∧ ≤ 18.8.12	Vulnerable	cpe:2.3:a:oracle:primavera_gateway::::::::
📱App	oracle	primavera gateway	≥ 19.12.0 ∧ ≤ 19.12.11	Vulnerable	cpe:2.3:a:oracle:primavera_gateway::::::::
📱App	oracle	primavera gateway	≥ 20.12.0 ∧ ≤ 20.12.7	Vulnerable	cpe:2.3:a:oracle:primavera_gateway::::::::
📱App	oracle	primavera unifier	≥ 17.7 ∧ ≤ 17.12	Vulnerable	cpe:2.3:a:oracle:primavera_unifier::::::::
📱App	oracle	primavera unifier	18.8	Vulnerable	cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
📱App	oracle	primavera unifier	19.12	Vulnerable	cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
📱App	oracle	primavera unifier	20.12	Vulnerable	cpe:2.3:a:oracle:primavera_unifier:20.12:::::::*
📱App	oracle	retail customer management and segmentation foundation	19.0	Vulnerable	cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:::::::*
📱App	netapp	active iq unified manager	All versions Target SW: linux	Vulnerable	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::
📱App	netapp	active iq unified manager	All versions Target SW: vmware_vsphere	Vulnerable	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
📱App	netapp	active iq unified manager	All versions Target SW: windows	Vulnerable	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
📱App	netapp	cloud manager	All versions	Vulnerable	cpe:2.3:a:netapp:cloud_manager:-:::::::*
📱App	netapp	system manager	9.0	Vulnerable	cpe:2.3:a:netapp:system_manager:9.0:::::::*
📱App	siemens	sinec ins	< 1.0	Vulnerable	cpe:2.3:a:siemens:sinec_ins::::::::
📱App	siemens	sinec ins	1.0	Vulnerable	cpe:2.3:a:siemens:sinec_ins:1.0:-::::::
📱App	siemens	sinec ins	1.0	Vulnerable	cpe:2.3:a:siemens:sinec_ins:1.0:sp1::::::

📱

lodash / lodash

Application

Vulnerable

Version: < 4.17.21

Target SW: node.js

CPE:

cpe:2.3:a:lodash:lodash:*:*:*:*:*:node.js:*:*

📱

oracle / banking corporate lending process management

Application

Vulnerable

Version: 14.2.0

CPE:

cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*

📱

oracle / banking corporate lending process management

Application

Vulnerable

Version: 14.3.0

CPE:

cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*

📱

oracle / banking corporate lending process management

Application

Vulnerable

Version: 14.5.0

CPE:

cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*

📱

oracle / banking credit facilities process management

Application

Vulnerable

Version: 14.2.0

CPE:

cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*

📱

oracle / banking credit facilities process management

Application

Vulnerable

Version: 14.3.0

CPE:

cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*

📱

oracle / banking credit facilities process management

Application

Vulnerable

Version: 14.5.0

CPE:

cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*

📱

oracle / banking extensibility workbench

Application

Vulnerable

Version: 14.2.0

CPE:

cpe:2.3:a:oracle:banking_extensibility_workbench:14.2.0:*:*:*:*:*:*:*

📱

oracle / banking extensibility workbench

Application

Vulnerable

Version: 14.3.0

CPE:

cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*

📱

oracle / banking extensibility workbench

Application

Vulnerable

Version: 14.5.0

CPE:

cpe:2.3:a:oracle:banking_extensibility_workbench:14.5.0:*:*:*:*:*:*:*

📱

oracle / banking supply chain finance

Application

Vulnerable

Version: 14.2.0

CPE:

cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*

📱

oracle / banking supply chain finance

Application

Vulnerable

Version: 14.3.0

CPE:

cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*

📱

oracle / banking supply chain finance

Application

Vulnerable

Version: 14.5.0

CPE:

cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:*

📱

oracle / banking trade finance process management

Application

Vulnerable

Version: 14.2.0

CPE:

cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2.0:*:*:*:*:*:*:*

📱

oracle / banking trade finance process management

Application

Vulnerable

Version: 14.3.0

CPE:

cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3.0:*:*:*:*:*:*:*

📱

oracle / banking trade finance process management

Application

Vulnerable

Version: 14.5.0

CPE:

cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:*

📱

oracle / communications cloud native core binding support function

Application

Vulnerable

Version: 1.9.0

CPE:

cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.9.0:*:*:*:*:*:*:*

📱

oracle / communications cloud native core policy

Application

Vulnerable

Version: 1.11.0

CPE:

cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:*

📱

oracle / communications design studio

Application

Vulnerable

Version: 7.4.2.0.0

CPE:

cpe:2.3:a:oracle:communications_design_studio:7.4.2.0.0:*:*:*:*:*:*:*

📱

oracle / communications services gatekeeper

Application

Vulnerable

Version: 7.0

CPE:

cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*

📱

oracle / communications session border controller

Application

Vulnerable

Version: 8.4

CPE:

cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*

📱

oracle / communications session border controller

Application

Vulnerable

Version: 9.0

CPE:

cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*

📱

oracle / enterprise communications broker

Application

Vulnerable

Version: 3.2.0

CPE:

cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*

📱

oracle / enterprise communications broker

Application

Vulnerable

Version: 3.3.0

CPE:

cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*

📱

oracle / financial services crime and compliance management studio

Application

Vulnerable

Version: 8.0.8.2.0

CPE:

cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*

📱

oracle / financial services crime and compliance management studio

Application

Vulnerable

Version: 8.0.8.3.0

CPE:

cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*

📱

oracle / health sciences data management workbench

Application

Vulnerable

Version: 2.5.2.1

CPE:

cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:*

📱

oracle / health sciences data management workbench

Application

Vulnerable

Version: 3.0.0.0

CPE:

cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:*

📱

oracle / jd edwards enterpriseone tools

Application

Vulnerable

Version: < 9.2.6.1

CPE:

cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*

📱

oracle / peoplesoft enterprise peopletools

Application

Vulnerable

Version: 8.58

CPE:

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*

📱

oracle / peoplesoft enterprise peopletools

Application

Vulnerable

Version: 8.59

CPE:

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*

📱

oracle / primavera gateway

Application

Vulnerable

Version: ≥ 17.12.0 ∧ ≤ 17.12.11

CPE:

cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*

📱

oracle / primavera gateway

Application

Vulnerable

Version: ≥ 18.8.0 ∧ ≤ 18.8.12

CPE:

cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*

📱

oracle / primavera gateway

Application

Vulnerable

Version: ≥ 19.12.0 ∧ ≤ 19.12.11

CPE:

cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*

📱

oracle / primavera gateway

Application

Vulnerable

Version: ≥ 20.12.0 ∧ ≤ 20.12.7

CPE:

cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*

📱

oracle / primavera unifier

Application

Vulnerable

Version: ≥ 17.7 ∧ ≤ 17.12

CPE:

cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*

📱

oracle / primavera unifier

Application

Vulnerable

Version: 18.8

CPE:

cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*

📱

oracle / primavera unifier

Application

Vulnerable

Version: 19.12

CPE:

cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*

📱

oracle / primavera unifier

Application

Vulnerable

Version: 20.12

CPE:

cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*

📱

oracle / retail customer management and segmentation foundation

Application

Vulnerable

Version: 19.0

CPE:

cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*

📱

netapp / active iq unified manager

Application

Vulnerable

Version: All versions

Target SW: linux

CPE:

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*

📱

netapp / active iq unified manager

Application

Vulnerable

Version: All versions

Target SW: vmware_vsphere

CPE:

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

📱

netapp / active iq unified manager

Application

Vulnerable

Version: All versions

Target SW: windows

CPE:

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*

📱

netapp / cloud manager

Application

Vulnerable

Version: All versions

CPE:

cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*

📱

netapp / system manager

Application

Vulnerable

Version: 9.0

CPE:

cpe:2.3:a:netapp:system_manager:9.0:*:*:*:*:*:*:*

📱

siemens / sinec ins

Application

Vulnerable

Version: < 1.0

CPE:

cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*

📱

siemens / sinec ins

Application

Vulnerable

Version: 1.0

CPE:

cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*

📱

siemens / sinec ins

Application

Vulnerable

Version: 1.0

CPE:

cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*

48 products•scroll for more

Metrics

7.2 HIGHCVSS v3.1[email protected]

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector:

NETWORK

Complexity:

LOW

Privileges:

HIGH

User Interaction:

NONE

Confidentiality:

HIGH

Integrity:

HIGH

Availability:

HIGH

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Modified

CVSS Details

7.2 (HIGH)v3.1

Source: [email protected]

EPSS Details

0.3% (Minimal)51.1th percentile

Last updated: Nov 1, 2025

Exploitation probability within 30 days

Published Date

Feb 15, 2021 (4 years ago)

Last Modified

Nov 21, 2024 (11 months ago)

Security Weaknesses1

CWE-94

References8

NVDpatchpatch+5