CVE-2021-23369

critical

Description

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.

References

Advisories
More

https://security.netapp.com/advisory/ntap-20210604-0008/

https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427

https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8

https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074952

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074951

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074950

Details

Source: Mitre, NVD

Published: 2021-04-12

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.04324

Detections

Analytics