Exploitation Summary
EIP tracks 1 public exploit for CVE-2021-23337. PoCs published by khayashi4337. A Nuclei detection template is also available.
AI-analyzed exploit summary The repository contains a partial Lodash template module but lacks exploit code or technical details related to CVE-2021-23337. It appears to be a placeholder or incomplete project.
Description
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Exploits (1)
nomisec
STUB
by khayashi4337 · poc
https://github.com/khayashi4337/lodash.template-fixed
The repository contains a partial Lodash template module but lacks exploit code or technical details related to CVE-2021-23337. It appears to be a placeholder or incomplete project.
Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target:
lodash.template v4.5.0
No auth needed
Prerequisites:
None
MITRE ATT&CK
devstral-2 · analyzed Mar 02, 2026
Full analysis →
Nuclei Templates (1)
Lodash Template - Server-Side Template Injection (RCE)
HIGHVERIFIEDby DhiyaneshDk
Shodan:
http.component:"lodash"
FOFA:
body="lodash"
References (13)
Core 13
Core References
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-LODASH-1040724
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932
Broken Link x_refsource_misc
https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com//security-alerts/cpujul2021.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210312-0006/
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2022.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2022.html
Patch, Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
Scores
CVSS v3
7.2
EPSS
0.0240
EPSS Percentile
85.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (47)
lodash/lodash
< 4.17.21
netapp/active_iq_unified_manager
(3 CPE variants)
netapp/cloud_manager
netapp/system_manager
9.0
npm/lodash
0 - 4.17.21npm
npm/lodash-es
0 - 4.17.21npm
npm/lodash-template
0npm
npm/lodash.template
0npm
oracle/banking_corporate_lending_process_management
14.2.0
oracle/banking_corporate_lending_process_management
14.3.0
... and 37 more
Published
Feb 15, 2021
Tracked Since
Feb 18, 2026