CVE-2021-23369

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2021-23369

Severity

Unknown

Description

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.

References

https://images.chainguard.dev/security/CGA-84m4-j477-f86m
https://github.com/advisories/GHSA-f2jv-r9rf-7988
https://images.chainguard.dev/security/CGA-gpgr-qvpf-p6g6
https://images.chainguard.dev/security/CGA-7q4q-cg78-9mmw
https://images.chainguard.dev/security/CGA-gxmf-qh5c-3pr8
https://images.chainguard.dev/security/CGA-f299-hhxm-mqqg
https://images.chainguard.dev/security/CGA-2fmf-wwvq-6h59
https://images.chainguard.dev/security/CGA-5h6j-66g8-3g72
https://images.chainguard.dev/security/CGA-fcr2-5h35-fxrr
https://images.chainguard.dev/security/CGA-h7xc-v2jh-3jgq
https://images.chainguard.dev/security/CGA-cwx5-hhx8-3295
https://images.chainguard.dev/security/CGA-44wj-j3rp-jg3r
https://images.chainguard.dev/security/CGA-cq48-388r-pjpg
https://images.chainguard.dev/security/CGA-2864-8f4w-cf62
https://images.chainguard.dev/security/CGA-hxpx-gx9p-8g9h
https://images.chainguard.dev/security/CGA-c3wc-jmpm-9grp
https://images.chainguard.dev/security/CGA-cg68-3v63-j974
https://images.chainguard.dev/security/CGA-vq77-673w-4gp8
https://images.chainguard.dev/security/CGA-h4r8-mwvm-9f5x
https://images.chainguard.dev/security/CGA-935r-hqf5-5h8w
https://images.chainguard.dev/security/CGA-j32v-gr6p-r9qw
https://images.chainguard.dev/security/CGA-7hp5-gxr4-cxrh
https://images.chainguard.dev/security/CGA-f7wm-hj4q-98qg
https://images.chainguard.dev/security/CGA-34fq-39h3-rp79
https://images.chainguard.dev/security/CGA-48g6-fmc5-qr8r
https://images.chainguard.dev/security/CGA-7rxh-r32r-wf5x
https://security.netapp.com/advisory/ntap-20210604-0008/
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074950
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074951
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074952
https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767
https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8
https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427
https://security-tracker.debian.org/tracker/CVE-2021-23369

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2021-23369

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources