VulnerableCode Package Details - pkg:deb/debian/underscore@1.9.1~dfsg-1%2Bdeb10u1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/underscore@1.9.1~dfsg-1%2Bdeb10u1

purl	pkg:deb/debian/underscore@1.9.1~dfsg-1%2Bdeb10u1

Next non-vulnerable version	1.13.8~dfsg+~1.13.0-1
Latest non-vulnerable version	1.13.8~dfsg+~1.13.0-1
Risk	4.5

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-864e-hkby-qfh6 Aliases: CVE-2021-23358 GHSA-cf4h-3jhx-xvhq	Arbitrary Code Execution in underscore The package `underscore` from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.	1.9.1~dfsg-3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-864e-hkby-qfh6	Arbitrary Code Execution in underscore The package `underscore` from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.	CVE-2021-23358 GHSA-cf4h-3jhx-xvhq

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T20:04:49.859803+00:00	Debian Oval Importer	Affected by	VCID-864e-hkby-qfh6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T14:46:22.860172+00:00	Debian Oval Importer	Fixing	VCID-864e-hkby-qfh6	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.4.0
2026-04-11T19:46:26.519379+00:00	Debian Oval Importer	Affected by	VCID-864e-hkby-qfh6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T14:34:38.608576+00:00	Debian Oval Importer	Fixing	VCID-864e-hkby-qfh6	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.3.0
2026-04-08T19:29:14.181426+00:00	Debian Oval Importer	Affected by	VCID-864e-hkby-qfh6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-07T23:07:50.787024+00:00	Debian Oval Importer	Fixing	VCID-864e-hkby-qfh6	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.1.0