Description

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.

Remediation

References

CVE-2021-23369

Related Vulnerabilities

WordPress Plugin Wholesale Market for WooCommerce Arbitrary File Download (1.0.7)

MySQL CVE-2024-21218 Vulnerability (CVE-2024-21218)

XWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-29208)

MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7324)

Apache HTTP Server Other Vulnerability (CVE-2004-0492)

Severity

Critical

Classification

CVE-2021-23369 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities