VDB
RHSA-2021%3A4032
RHSA-2021%3A4032
PUBLISHED
CVSS 9.800000190734863 CRITICAL
A flaw was found in nodejs-handlebars. A missing check when getting prototype properties in the template function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system (e.g. browser or server) when the template is compiled with the strict:true option. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift-logging/elasticsearch-proxy-rhel8@sha256:d061766695a0801eeae79cd39fde97f5cbc6ff833e46649ba38de45cd4926548_amd64 as a component of OpenShift Logging 5.2 | *, openshift-logging/elasticsearch-proxy-rhel8@sha256:d061766695a0801eeae79cd39fde97f5cbc6ff833e46649ba38de45cd4926548_amd64 |
| Red Hat | openshift-logging/logging-curator5-rhel8@sha256:0c9651598197299acbab7c9c9096f19824af82b070a0ffd0377ce4c438132638_amd64 as a component of OpenShift Logging 5.2 | openshift-logging/logging-curator5-rhel8@sha256:0c9651598197299acbab7c9c9096f19824af82b070a0ffd0377ce4c438132638_amd64, * |
| Red Hat | openshift-logging/kibana6-rhel8@sha256:1da6f77d09222d32065b47261e11ae89a2b977e6db68cec7ece0ae7ac01e6ca4_s390x as a component of OpenShift Logging 5.2 | *, * |
| Red Hat | openshift-logging/fluentd-rhel8@sha256:5a7c23e6546cc4e6f1f61f735f6476f24b6adad3bca6f735c1dfb9fdf1c38595_ppc64le as a component of OpenShift Logging 5.2 | openshift-logging/fluentd-rhel8@sha256:5a7c23e6546cc4e6f1f61f735f6476f24b6adad3bca6f735c1dfb9fdf1c38595_ppc64le, * |
| Red Hat | openshift-logging/fluentd-rhel8@sha256:4c678fcc688431b2f267fb33f959baab0871c6a80888257fcb2a8124a41cec59_amd64 as a component of OpenShift Logging 5.2 | *, * |
| Red Hat | openshift-logging/elasticsearch-proxy-rhel8@sha256:4a23a6b3ab38187ec0f6cd0a81e8f850303bdda28f52c43d6040caa9c82dcce2_s390x as a component of OpenShift Logging 5.2 | *, openshift-logging/elasticsearch-proxy-rhel8@sha256:4a23a6b3ab38187ec0f6cd0a81e8f850303bdda28f52c43d6040caa9c82dcce2_s390x |
| Red Hat | openshift-logging/cluster-logging-operator-bundle@sha256:ff207601a17a7b475557cd5a688610895d7cba760e75c3ef5f18568abdf656d2_amd64 as a component of OpenShift Logging 5.2 | *, openshift-logging/cluster-logging-operator-bundle@sha256:ff207601a17a7b475557cd5a688610895d7cba760e75c3ef5f18568abdf656d2_amd64 |
| Red Hat | openshift-logging/cluster-logging-rhel8-operator@sha256:6182a51b309967a356bbbfa593a3727a8a8d90e11d56af906ff18daeb023eebb_amd64 as a component of OpenShift Logging 5.2 | *, openshift-logging/cluster-logging-rhel8-operator@sha256:6182a51b309967a356bbbfa593a3727a8a8d90e11d56af906ff18daeb023eebb_amd64 |
| Red Hat | openshift-logging/elasticsearch-rhel8-operator@sha256:91697db2fd83da8d67df891a3aededc01dbdd702d7263af3dfa9150c804d3e3f_s390x as a component of OpenShift Logging 5.2 | *, * |
| Red Hat | openshift-logging/logging-curator5-rhel8@sha256:1cb6404bf5173c1fc73b26cefcb2f2e8c6a6048877e180892a9d2bd6be6c8337_ppc64le as a component of OpenShift Logging 5.2 | *, * |
| Red Hat | openshift-logging/elasticsearch6-rhel8@sha256:91541558240e4390d3815b952d181efe3f005a7c276cb5425d0ca7d8051faa36_ppc64le as a component of OpenShift Logging 5.2 | openshift-logging/elasticsearch6-rhel8@sha256:91541558240e4390d3815b952d181efe3f005a7c276cb5425d0ca7d8051faa36_ppc64le, * |
| Red Hat | openshift-logging/elasticsearch6-rhel8@sha256:90ab02de683b8758bb96922a7c470c7844762ea75c773def56a263973b2a13d7_s390x as a component of OpenShift Logging 5.2 | openshift-logging/elasticsearch6-rhel8@sha256:90ab02de683b8758bb96922a7c470c7844762ea75c773def56a263973b2a13d7_s390x, * |
| Red Hat | openshift-logging/cluster-logging-rhel8-operator@sha256:f2ee9ff18134ec7131f2d8534c7e55c1bffbb2817f66a79ce893eb8ec302d83d_ppc64le as a component of OpenShift Logging 5.2 | openshift-logging/cluster-logging-rhel8-operator@sha256:f2ee9ff18134ec7131f2d8534c7e55c1bffbb2817f66a79ce893eb8ec302d83d_ppc64le, * |
| Red Hat | openshift-logging/eventrouter-rhel8@sha256:fa15296a4514f1943c860b1b83786bad485b17f0e267f2144d6d8dfffb243b54_s390x as a component of OpenShift Logging 5.2 | *, openshift-logging/eventrouter-rhel8@sha256:fa15296a4514f1943c860b1b83786bad485b17f0e267f2144d6d8dfffb243b54_s390x |
| Red Hat | openshift-logging/elasticsearch-proxy-rhel8@sha256:bb9d7b29530509e5ea5d033b5bf15d334460b15560384d7633384a29fa9cfa99_ppc64le as a component of OpenShift Logging 5.2 | openshift-logging/elasticsearch-proxy-rhel8@sha256:bb9d7b29530509e5ea5d033b5bf15d334460b15560384d7633384a29fa9cfa99_ppc64le, * |
| Red Hat | openshift-logging/kibana6-rhel8@sha256:6997e36e31d4e1c609917a335559486921abaf72399ebf51babba3be28fba9d1_ppc64le as a component of OpenShift Logging 5.2 | *, openshift-logging/kibana6-rhel8@sha256:6997e36e31d4e1c609917a335559486921abaf72399ebf51babba3be28fba9d1_ppc64le |
| Red Hat | openshift-logging/kibana6-rhel8@sha256:7d67dc6b9c286252beb36bd5558ca724d715c3f7070a1550f27cdc361907b86e_amd64 as a component of OpenShift Logging 5.2 | openshift-logging/kibana6-rhel8@sha256:7d67dc6b9c286252beb36bd5558ca724d715c3f7070a1550f27cdc361907b86e_amd64, * |
| Red Hat | openshift-logging/elasticsearch6-rhel8@sha256:3793a9fbc4428b0ed464c9a5787f8726b8244370d39b5386a1d93272344e44eb_amd64 as a component of OpenShift Logging 5.2 | *, * |
| Red Hat | openshift-logging/log-file-metric-exporter-rhel8@sha256:69fcc0f06834828043279e1092f8381a3b407109125cc3e2aa01e80efc4c99ab_amd64 as a component of OpenShift Logging 5.2 | openshift-logging/log-file-metric-exporter-rhel8@sha256:69fcc0f06834828043279e1092f8381a3b407109125cc3e2aa01e80efc4c99ab_amd64, * |
| Red Hat | openshift-logging/elasticsearch-rhel8-operator@sha256:d6196500fb2e68dd5756f4a3e8bbc17ae27d78eb84bf915234b901378763ff68_amd64 as a component of OpenShift Logging 5.2 | *, openshift-logging/elasticsearch-rhel8-operator@sha256:d6196500fb2e68dd5756f4a3e8bbc17ae27d78eb84bf915234b901378763ff68_amd64 |
…and 9 more
Timeline
- Nov 17, 2021 CVE Published
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 14, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2021:4032 advisory
- https://access.redhat.com/security/updates/classification/#low advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1948761 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1956688 issue
- https://issues.redhat.com/browse/LOG-1857 advisory
- https://issues.redhat.com/browse/LOG-1904 advisory
- https://issues.redhat.com/browse/LOG-1916 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4032.json advisory
- https://access.redhat.com/security/cve/CVE-2021-23369 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-23369 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-23369 advisory
- https://access.redhat.com/security/cve/CVE-2021-23383 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-23383 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-23383 advisory