CVE-2021-23369

Remote Code Execution (RCE)

CVSS 5.6 MEDIUMEPSS 7.0%

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.6EPSS 7.0%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

12 abr 2021Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Productos afectados

n/a · handlebars

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8 https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427 https://security.netapp.com/advisory/ntap-20210604-0008/https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074950 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074951 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074952 https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767