VYPR

Lodash.template

by Lodash

npm: lodash.template

Source repositories

CVEs (1)

  • CVE-2026-4800HigMar 31, 2026
    risk 0.46cvss 8.1epss 0.02

    Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink. When an…