VDB
RHSA-2021%3A2500
RHSA-2021%3A2500
PUBLISHED
CVSS 8.100000381469727 HIGH
A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to arbitrary code execution. The package lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript into the system. This issue is used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). The highest threat from this vulnerability is to confidentiality.
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-logging-elasticsearch6@sha256:9422f9defd336d0f88bfb90c30ece336f06dd4524fdcc98a2d73d0fcfb7921bc_s390x as a component of Red Hat OpenShift Container Platform 4.6 | openshift4/ose-logging-elasticsearch6@sha256:9422f9defd336d0f88bfb90c30ece336f06dd4524fdcc98a2d73d0fcfb7921bc_s390x, * |
| Red Hat | openshift4/ose-logging-kibana6@sha256:2ebb7a246cf1e286e187f02db46342749a801bd3daf562aeddf283e36b5776ea_s390x as a component of Red Hat OpenShift Container Platform 4.6 | openshift4/ose-logging-kibana6@sha256:2ebb7a246cf1e286e187f02db46342749a801bd3daf562aeddf283e36b5776ea_s390x, * |
| Red Hat | openshift4/ose-cluster-logging-operator@sha256:b79954d4318d225f17b3a39a83a2b23090201849010147bea007ba1187364224_amd64 as a component of Red Hat OpenShift Container Platform 4.6 | openshift4/ose-cluster-logging-operator@sha256:b79954d4318d225f17b3a39a83a2b23090201849010147bea007ba1187364224_amd64, * |
| Red Hat | openshift4/ose-logging-fluentd@sha256:402a4a1cff69e71f4f6748c2cfb41577d884d3336bba6097e35fe93bcf7d0e5a_amd64 as a component of Red Hat OpenShift Container Platform 4.6 | *, openshift4/ose-logging-fluentd@sha256:402a4a1cff69e71f4f6748c2cfb41577d884d3336bba6097e35fe93bcf7d0e5a_amd64 |
| Red Hat | openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:984875b9b014c265f25e5ea8b7a4266d48a83ecc23c3862dcb3a0caec8f6c43f_s390x as a component of Red Hat OpenShift Container Platform 4.6 | *, openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:984875b9b014c265f25e5ea8b7a4266d48a83ecc23c3862dcb3a0caec8f6c43f_s390x |
| Red Hat | openshift4/ose-elasticsearch-operator@sha256:183a9a68771f4685064abcf6e4df19efcc9597eee3d140d05194db183327e9c5_ppc64le as a component of Red Hat OpenShift Container Platform 4.6 | *, openshift4/ose-elasticsearch-operator@sha256:183a9a68771f4685064abcf6e4df19efcc9597eee3d140d05194db183327e9c5_ppc64le |
| Red Hat | openshift4/ose-logging-fluentd@sha256:a3efef334dffd89a498460e5965f96d2097e36ebdf9f29a9cce66f8f46b528f5_ppc64le as a component of Red Hat OpenShift Container Platform 4.6 | *, openshift4/ose-logging-fluentd@sha256:a3efef334dffd89a498460e5965f96d2097e36ebdf9f29a9cce66f8f46b528f5_ppc64le |
| Red Hat | openshift4/ose-logging-curator5@sha256:75485d0c331b66fa4996cd2f642e370d241fc93560214a40ce2fd9385b7f3946_s390x as a component of Red Hat OpenShift Container Platform 4.6 | *, * |
| Red Hat | openshift4/ose-elasticsearch-operator@sha256:b53a9453c35968050accabadcdd4fc918b3893861a5152a5aa92ed6e79d87b67_amd64 as a component of Red Hat OpenShift Container Platform 4.6 | *, openshift4/ose-elasticsearch-operator@sha256:b53a9453c35968050accabadcdd4fc918b3893861a5152a5aa92ed6e79d87b67_amd64 |
| Red Hat | openshift4/ose-metering-ansible-operator@sha256:07b66cb72cbb2208c20dd20fa0ee2b711ea8519f9171ccaa6ed721ef709026c4_amd64 as a component of Red Hat OpenShift Container Platform 4.6 | *, openshift4/ose-metering-ansible-operator@sha256:07b66cb72cbb2208c20dd20fa0ee2b711ea8519f9171ccaa6ed721ef709026c4_amd64 |
| Red Hat | openshift4/ose-logging-fluentd@sha256:511b93c6e86d30f43d31ef06d1b998202d1f7ef3517a0d0432bbef97f3da8b51_s390x as a component of Red Hat OpenShift Container Platform 4.6 | openshift4/ose-logging-fluentd@sha256:511b93c6e86d30f43d31ef06d1b998202d1f7ef3517a0d0432bbef97f3da8b51_s390x, * |
| Red Hat | openshift4/ose-cluster-logging-operator@sha256:9ec64bf850e6ecf3d8b74c1d3bc96e3ef813be52c782b653b4d1de0a3912d97c_ppc64le as a component of Red Hat OpenShift Container Platform 4.6 | *, openshift4/ose-cluster-logging-operator@sha256:9ec64bf850e6ecf3d8b74c1d3bc96e3ef813be52c782b653b4d1de0a3912d97c_ppc64le |
| Red Hat | openshift4/ose-logging-curator5@sha256:69ae721c70713d7b96c8cb7310f027106240f69356c8a7f23db85428d3fd7748_amd64 as a component of Red Hat OpenShift Container Platform 4.6 | openshift4/ose-logging-curator5@sha256:69ae721c70713d7b96c8cb7310f027106240f69356c8a7f23db85428d3fd7748_amd64, * |
| Red Hat | openshift4/ose-logging-elasticsearch6@sha256:566d93dc1560cd55dad6122214bcfde9a58cd3fdcb0f07e8a7102b30a3a111f2_amd64 as a component of Red Hat OpenShift Container Platform 4.6 | openshift4/ose-logging-elasticsearch6@sha256:566d93dc1560cd55dad6122214bcfde9a58cd3fdcb0f07e8a7102b30a3a111f2_amd64, * |
| Red Hat | openshift4/ose-logging-kibana6@sha256:dcad4765e041cee0ccc825603f7a4c3250ffd3577a66778f5140dfee58fdbc2c_amd64 as a component of Red Hat OpenShift Container Platform 4.6 | openshift4/ose-logging-kibana6@sha256:dcad4765e041cee0ccc825603f7a4c3250ffd3577a66778f5140dfee58fdbc2c_amd64, * |
| Red Hat | openshift4/ose-cluster-logging-operator@sha256:f9003b1a4d6f0a2cc033f4d39e25592c3a509393ba13e857c1ad4251db9045ca_s390x as a component of Red Hat OpenShift Container Platform 4.6 | *, openshift4/ose-cluster-logging-operator@sha256:f9003b1a4d6f0a2cc033f4d39e25592c3a509393ba13e857c1ad4251db9045ca_s390x |
| Red Hat | openshift4/ose-elasticsearch-operator@sha256:0aacdde0fe2cd3e3332d75f557a5127e81f22543d403286b563d5b53907fabbc_s390x as a component of Red Hat OpenShift Container Platform 4.6 | *, openshift4/ose-elasticsearch-operator@sha256:0aacdde0fe2cd3e3332d75f557a5127e81f22543d403286b563d5b53907fabbc_s390x |
| Red Hat | openshift4/ose-logging-kibana6@sha256:a56a03988a016b7b9f4f54cffa91667dff7af9fc436ca49385369dca75aa6f29_ppc64le as a component of Red Hat OpenShift Container Platform 4.6 | *, * |
| Red Hat | openshift4/ose-logging-elasticsearch6@sha256:d4a56c38d2481af3f5be1e12499849c6630b80f2210e15df0925828780548a60_ppc64le as a component of Red Hat OpenShift Container Platform 4.6 | openshift4/ose-logging-elasticsearch6@sha256:d4a56c38d2481af3f5be1e12499849c6630b80f2210e15df0925828780548a60_ppc64le, * |
| Red Hat | openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:6a9a798c1b961fb17f1685dc3e8b4c8380fb2d5efc59f9f611ac9494793e5b01_ppc64le as a component of Red Hat OpenShift Container Platform 4.6 | openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:6a9a798c1b961fb17f1685dc3e8b4c8380fb2d5efc59f9f611ac9494793e5b01_ppc64le, * |
…and 2 more
Timeline
- Jun 29, 2021 CVE Published
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 14, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2021:2500 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1882256 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1882260 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1942609 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1948761 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1956688 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2500.json advisory
- https://access.redhat.com/security/cve/CVE-2019-20920 advisory
- https://www.cve.org/CVERecord?id=CVE-2019-20920 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-20920 advisory
- https://www.npmjs.com/advisories/1316 advisory
- https://www.npmjs.com/advisories/1324 advisory
- https://access.redhat.com/security/cve/CVE-2019-20922 advisory
- https://www.cve.org/CVERecord?id=CVE-2019-20922 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-20922 advisory
- https://www.npmjs.com/advisories/1300 advisory
- https://access.redhat.com/security/cve/CVE-2021-23369 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-23369 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-23369 advisory
…and 3 more