CVE-2021-23337 - Command Injection

Severity: Medium2021-07-12

Security Advisories

Abstract

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

The Oxygen Content Fusion product incorporates Lodash as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Content Fusion 4.1 and older versionsMedium Oxygen Content Fusion 4.1

Mitigation

None

Detail

CVE-2021-23337

Severity: High

CVSS Score: 7.2

The Lodash third-party library used by Oxygen Content Fusion product is an affected version mentioned in CVE-2021-23337 vulnerability description.

Starting with Content Fusion version 4.1 build 2021070912, the Lodash third-party was updated to version 4.17.21, which fixes the CVE-2021-23337.

List of Security Advisories

Video Tutorials
Upcoming Events
webinar
What is New in Oxygen XML Web Author 26.1
April 24, 2024

Products

Features

Shop

Resources

Support

Company

© 2002-2024 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor