USN-4913-1: Underscore vulnerability
14 April 2021
Underscore could be made to inject arbitrary code if it received a specially crafted input.
It was discovered that Underscore incorrectly handled certain inputs.
An attacker could possibly use this issue to inject arbitrary code.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.
- USN-4913-2: libjs-underscore, underscore, node-underscore