CVE-2021-23337 - Command Injection

Severity: Medium2021-07-12

Security Advisories


Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

The Oxygen Content Fusion product incorporates Lodash as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Content Fusion 4.1 and older versionsMedium Oxygen Content Fusion 4.1





Severity: High

CVSS Score: 7.2

The Lodash third-party library used by Oxygen Content Fusion product is an affected version mentioned in CVE-2021-23337 vulnerability description.

Starting with Content Fusion version 4.1 build 2021070912, the Lodash third-party was updated to version 4.17.21, which fixes the CVE-2021-23337.

List of Security Advisories