Version 1.13.7
underscore
JavaScript's utility _ belt
Install Instructions
npm install underscore
Current Version Release Date July 24, 2024
Language JavaScript/TypeScript
Package URL (purl) pkg:npm/underscore@1.13.7
Find underscore vulnerabilities in your supply chain.
underscore Vulnerabilities
Sort by
CVE (Latest)
CVE (Latest)
-
CVE (Latest)
-
CVE (Oldest)
-
CVSS Score (Highest)
-
CVSS Score (Lowest)
CVE  |
CVSS Score |
CWE(s) |
EPSS Score |
EPSS % |
Impacted Versions |
|---|---|---|---|---|---|
| CVE-2021-23358 | Low 3.3 | CWE-94 | 0.00685 | 0.80072 |
|
underscore Vulnerability Remediation Guidance
| CVE | Description | Full list of Impacted Versions | Fix |
|---|---|---|---|
| CVE-2021-23358 | The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized. | 1.4.4, 1.9.2, 1.6.0, 1.8.0, 1.8.3, 1.5.2, 1.10.0, 1.4.2 (Show all) | Minor → 1.12.1 |
Instantly see if these underscore vulnerabilities affect your code.