From DHS/US-CERT’s National Vulnerability Database CVE-2021-23416
This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input.
All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.
This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path.
IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 192434.