Detected gcp-api-key: Uncovered a GCP API key, which could lead to unauthorized access to Google Cloud services and data breaches
Uncovered a GCP API key, which could lead to unauthorized access to Google Cloud services and data breaches.
gitleaks
Command Injection in lodash
grypeCVE-2021-23337EPSS 22.4%
lodash vulnerable to Code Injection via `_.template` imports key names
grypeCVE-2026-4800EPSS 1.0%
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()
grype
lodash: lodash: Arbitrary code execution via untrusted input in template imports
Impact:
The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink.
When an a…
trivyCVE-2026-4800
nodejs-lodash: command injection via template
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
trivyCVE-2021-23337
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()
### Impact
The serialize-javascript npm package (versions <= 7.0.2) contains a code injection vulnerability. It is an incomplete fix for CVE-2020-7660.
While `RegExp.source` is sanitized, `RegExp.flags` is interpolated directly into the generated output without escaping. A simi…
trivy