CVE-2021-23369 — MEDIUM (5.6)

Q: What is CVE-2021-23369?

CVE-2021-23369 is a vulnerability with a CVSS score of 5.6 (MEDIUM). The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.

Q: How severe is CVE-2021-23369?

CVE-2021-23369 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-23369?

Check the references section above for vendor advisories and patch information. Affected products include: Handlebarsjs Handlebars.

Vulnerability Description

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.

CVSS Score

5.6

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Handlebarsjs	Handlebars	< 4.7.7

References

https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f0PatchThird Party Advisory
https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25PatchThird Party Advisory
https://security.netapp.com/advisory/ntap-20210604-0008/Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074950ExploitThird Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074951ExploitThird Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074952ExploitThird Party Advisory
https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767ExploitThird Party Advisory
https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f0PatchThird Party Advisory
https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25PatchThird Party Advisory
https://security.netapp.com/advisory/ntap-20210604-0008/Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074950ExploitThird Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074951ExploitThird Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074952ExploitThird Party Advisory
https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767ExploitThird Party Advisory

FAQ

What is CVE-2021-23369?

CVE-2021-23369 is a vulnerability with a CVSS score of 5.6 (MEDIUM). The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.

How severe is CVE-2021-23369?

CVE-2021-23369 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-23369?

Check the references section above for vendor advisories and patch information. Affected products include: Handlebarsjs Handlebars.