VDB
CNVD-2021-29741
CNVD-2021-29741
PUBLISHED
CVSS 5.599999904632568 MEDIUM
Handlebars是一款语义化的Web模板系统。 Handlebars 4.7.7之前版本存在远程代码执行漏洞,该漏洞源于在选择某些编译选项来编译来自非受信任的源的模板时,Handlebars容易受到远程代码执行(Remote Code Execution, RCE)的攻击。目前没有详细漏洞细节提供。
Risk Scores
CVSS 3.1
5.599999904632568
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | handlebars | unspecified |
Exploit Intelligence
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767 (circl)
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074950 (circl)
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074951 (circl)
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074952 (circl)
- https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8 (circl)
- https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427 (circl)
- https://security.netapp.com/advisory/ntap-20210604-0008/ (circl)
- vul_jquery_fileupload_cve_2018_9206.yar (github-yara)
- vul_jquery_fileupload_cve_2018_9206.yar (github-yara)
Timeline
- Feb 15, 2017 CVE Published
- Oct 23, 2018 PoC Published
References
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767 url
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074950 url
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074951 url
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074952 url
- https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8 url
- https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427 url
- https://security.netapp.com/advisory/ntap-20210604-0008/ url