9.8
CVE-2021-23369
- EPSS 2.54%
- Veröffentlicht 12.04.2021 14:15:14
- Zuletzt bearbeitet 21.11.2024 05:51:35
- Quelle report@snyk.io
- CVE-Watchlists
- Unerledigt
LoginThe package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Handlebarsjs ≫ Handlebars SwPlatformnode.js Version < 4.7.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.54% | 0.85 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| report@snyk.io | 5.6 | 2.2 | 3.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
|