9.8
CVE-2021-23369
- EPSS 3.58%
- Veröffentlicht 12.04.2021 14:15:14
- Zuletzt bearbeitet 21.11.2024 05:51:35
- Quelle report@snyk.io
- CVE-Watchlists
- Unerledigt
LoginRemote Code Execution (RCE)
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Handlebarsjs ≫ Handlebars SwPlatformnode.js Version < 4.7.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.58% | 0.878 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| report@snyk.io | 5.6 | 2.2 | 3.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
|