The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
References
Configurations
History
21 Nov 2024, 05:51
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8 - Patch, Third Party Advisory | |
References | () https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427 - Patch, Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20210604-0008/ - Third Party Advisory | |
References | () https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074950 - Exploit, Third Party Advisory | |
References | () https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074951 - Exploit, Third Party Advisory | |
References | () https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074952 - Exploit, Third Party Advisory | |
References | () https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767 - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 5.6 |
Information
Published : 2021-04-12 14:15
Updated : 2024-11-21 05:51
NVD link : CVE-2021-23369
Mitre link : CVE-2021-23369
CVE.ORG link : CVE-2021-23369
JSON object : View
Products Affected
handlebarsjs
- handlebars
CWE