CVE-2021-23337
high severity
Vulnerable versions: < 4.17.21
Patched version: 4.17.21
lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
gopkg.in/macaron.v1
CVE-2020-12666
moderate severity
Vulnerable versions: < 1.3.7
Patched version: 1.3.7
macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL.
CVE-2021-23337 high severity Vulnerable versions: < 4.17.21 Patched version: 4.17.21 lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
CVE-2020-12666 moderate severity Vulnerable versions: < 1.3.7 Patched version: 1.3.7 macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL.