CVE-2021-23369 Information
Jun 07, 2022
cve
Description
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074952 https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8 https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427 https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074951 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074950 https://security.netapp.com/advisory/ntap-20210604-0008/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: