The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| underscore(npm) | 1.3.2 | 1.12.1 | N/A |
CVSS Metrics
