9.8
CVE-2021-23369
- EPSS 7.03%
- Veröffentlicht 12.04.2021 14:15:14
- Zuletzt bearbeitet 21.11.2024 05:51:35
- Quelle report@snyk.io
- CVE-Watchlists
- Unerledigt
Remote Code Execution (RCE)
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Handlebarsjs ≫ Handlebars SwPlatformnode.js Version < 4.7.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.03% | 0.934 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| report@snyk.io | 5.6 | 2.2 | 3.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
|
https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8
https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427
https://security.netapp.com/advisory/ntap-20210604-0008/
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074950
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074951
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074952
https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767