CVE-2021-23337 - Command Injection
Severity: Medium2021-07-12
Abstract
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
The Oxygen Content Fusion product incorporates Lodash as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen Content Fusion 4.1 and older versions | Medium | Oxygen Content Fusion 4.1 |
Detail
CVE-2021-23337
Severity: High
CVSS Score: 7.2
The Lodash third-party library used by Oxygen Content Fusion product is an affected version mentioned in CVE-2021-23337 vulnerability description.
Starting with Content Fusion version 4.1 build 2021070912, the Lodash third-party was updated to version 4.17.21, which fixes the CVE-2021-23337.