CVE-2021-23358

RHSA-2026:2769 Red Hat Security Advisory: Red Hat Ceph Storage 7.1 security and bug fix updates

Details

CVSS v3: 3.3
CVSS v2: 6.5
NVD published: 2021-03-29 14:15:18
EPSS: 1.1% probability · 77.8th percentile — 2026-04-03
Affected versions: cpe:2.3:a:underscorejs:underscore:*:*:*:*:*:node.js:*:* cpe:2.3:a:underscorejs:underscore:*:*:*:*:*:node.js:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Summary: The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
Remediation: Not available in our cache.
Exploit info: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503 https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.