CVE-2021-23383 Information
Jun 07, 2022
cve
Description
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1279032 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1279031 https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030 https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029 https://security.netapp.com/advisory/ntap-20210618-0007/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: