CVE-2021-23383 — MEDIUM (5.6)

Q: What is CVE-2021-23383?

CVE-2021-23383 is a vulnerability with a CVSS score of 5.6 (MEDIUM). The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.

Q: How severe is CVE-2021-23383?

CVE-2021-23383 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-23383?

Check the references section above for vendor advisories and patch information. Affected products include: Handlebarsjs Handlebars, Netapp E-Series Performance Analyzer.

Vulnerability Description

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.

CVSS Score

5.6

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Handlebarsjs	Handlebars	< 4.7.7
Netapp	E-Series Performance Analyzer	-

Related Weaknesses (CWE)

CWE-1321

References

https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25PatchThird Party Advisory
https://security.netapp.com/advisory/ntap-20210618-0007/Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1279031ExploitPatchThird Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1279032ExploitPatchThird Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030ExploitPatchThird Party Advisory
https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029ExploitPatchThird Party Advisory
https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25PatchThird Party Advisory
https://security.netapp.com/advisory/ntap-20210618-0007/Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1279031ExploitPatchThird Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1279032ExploitPatchThird Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030ExploitPatchThird Party Advisory
https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029ExploitPatchThird Party Advisory

FAQ

What is CVE-2021-23383?

CVE-2021-23383 is a vulnerability with a CVSS score of 5.6 (MEDIUM). The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.

How severe is CVE-2021-23383?

CVE-2021-23383 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-23383?

Check the references section above for vendor advisories and patch information. Affected products include: Handlebarsjs Handlebars, Netapp E-Series Performance Analyzer.