GSD-2021-23369 — Vulnetix

GSD-2021-23369 PUBLISHED CVSS 5.599999904632568 MEDIUM

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.

Risk Scores

CVSS v3.1

5.599999904632568

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Affected Products

Vendor	Product	Versions
n/a	handlebars	unspecified

Timeline

Feb 15, 2017 CVE Published
Oct 23, 2018 PoC Published

References

https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767 url
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074950 url
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074951 url
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074952 url
https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8 url
https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427 url
https://security.netapp.com/advisory/ntap-20210604-0008/ url

Open in Interactive Console →