CVE-2021-23824
- Source
- https://cve.org/CVERecord?id=CVE-2021-23824
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23824.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-23824
- Related
- Published
- 2022-01-13T15:15:07.867Z
- Modified
- 2026-04-11T13:53:56.769319Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting (XSS) vulnerability, assuming an attacker can influence the value entered into the template. If the template is used to render user-generated content, this vulnerability may escalate to a persistent XSS vulnerability.
- References
Affected packages
Git / github.com/crowcpp/crow
Database specific
vanir_signatures_modified
"2026-04-11T13:53:56Z"
vanir_signatures
[
{
"id": "CVE-2021-23824-12a79ab1",
"target": {
"file": "include/crow/utility.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"270180290808799704625861061071963024447",
"232430508883035158896717505508516657747",
"262664243122146650943640823496684020337",
"72337285499495489527186453586391144079",
"210137223262671306841970857292267352864"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/crowcpp/crow/commit/87adb19e43caf5a060674a9b67a86c8ced944892",
"signature_version": "v1"
},
{
"id": "CVE-2021-23824-22eb7570",
"target": {
"file": "include/crow/http_response.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"68347193707338572655780735745214112181",
"75431090170659190071408126813171719309",
"157678522115897480844164175230280748608",
"37161985171631011887247797072367031586",
"67535390915801926960878685503464815783",
"45366827396109642208091888567357783542",
"285088237170502484940756692658781383876",
"135602698476873454051713026587222441972",
"73663215777797141266836468008163805182",
"95435950148497200904841179096829750864",
"217174954001912010317510623687502841557",
"279653976715509980526134319444863917095",
"176533012934462203669160414455139652648",
"277029724309103089191107801048706139508",
"143238353659365097056005863158281479922",
"221726504558076280436272102859624986373",
"138479697390760696061275083667369529011",
"283842939065212764973117180184908921770",
"315981921241938525026606573486196366912",
"317682817095151544996293344635419117349",
"43378816146862448232118425391332105295",
"164605552352124896191158892769423192199",
"161258501924634158288687523602049523729",
"182455298857777160664476819403589201702",
"65915109713320646252000739139654791984",
"158071597432579624849081072753603277252",
"227144715926899675106876236250919234680",
"104828645232027109331820383377205191834",
"52871664903745865741000303345400916809",
"191562794977818463245293520321968551378",
"30049092263592282760743007935646778188",
"329096388342410688515348453215555472347",
"18955442849319742516805496374883681756",
"338527781759303255709051295625794130673",
"217396863888995966592027498847640252785",
"54757274091901067299804988371172780308",
"155705172552043438090110581887802727000",
"115348932578231244353017881372075402579",
"45550267283356082948463188906925400971",
"271106181268095997400693338505204172248",
"79014870458553426454902249664018404919",
"196513286044505674799016839639018707250",
"207225070235696650824225505123917810916",
"3771662287613236069616799698771665693",
"333836902015743260444556393546824413923",
"5658873948882411464177002242055743710",
"288821799621751021896467734449647932768",
"190025386497606822272273689781888281430",
"113447747807630860045925890588761452333",
"84738621452473768809203435676001643677",
"312093055513304837771342992103310862481",
"305102252216207780961680919205343573671",
"13998904698740384676166271143508475797",
"165547691074515685750241188019390975047",
"283582228540275494141313426393665307490",
"166923472804827984630825297533270852208",
"119730811597351196385659538186263990227",
"325674213517256725348523708649720537314",
"333783442241703727452495912133250926223",
"234426306562494503893313705075975745821",
"298360205172736888474250130942140416659",
"125692049191960348126948697095729673680",
"230509748127096425096171086515785006839",
"305260473803562333268612624121294879101",
"290523722846281548384725257884371325911",
"289399905188392423281004488477976025580",
"17071949305494217580846235623129035776",
"19691277313472666588625658890407023253",
"106505192027071638323232178624740006418",
"305409098144489412097085403687735955863",
"77989952832798681153193699558561840687",
"311479050556961999661709235459886293342",
"123530847225940689002393720425952988312",
"89244134167468305813329748891246035924",
"139250720037447251625193348273558269399",
"112281385015752418163076419586966723419",
"248903682042886180294500682043915925393",
"215831503921888146377477691678125399780"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/crowcpp/crow/commit/87adb19e43caf5a060674a9b67a86c8ced944892",
"signature_version": "v1"
},
{
"id": "CVE-2021-23824-26849bb1",
"target": {
"file": "include/crow/app.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"313507359345807944316742876431360507294",
"312531379085409338039787932094326032926",
"96877839320255063191841887532706315232",
"1889787201573999232941995969515666820"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/crowcpp/crow/commit/87adb19e43caf5a060674a9b67a86c8ced944892",
"signature_version": "v1"
},
{
"id": "CVE-2021-23824-299ee70e",
"target": {
"file": "include/crow/http_server.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"179176771308710962560420685199471274518",
"122508258239385338830746217484132799030",
"109118082435682703824262910338378089855",
"256488247781470943199559653485669475323"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/crowcpp/crow/commit/87adb19e43caf5a060674a9b67a86c8ced944892",
"signature_version": "v1"
},
{
"id": "CVE-2021-23824-71df0c38",
"target": {
"file": "include/crow/json.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"122524380980721106675981949636422885900",
"234882535746867209713223175226296615430",
"177942544145241628526823439774796657081",
"194901506599340692581975778161257661412"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/crowcpp/crow/commit/87adb19e43caf5a060674a9b67a86c8ced944892",
"signature_version": "v1"
},
{
"id": "CVE-2021-23824-8782a06a",
"target": {
"file": "include/crow/http_connection.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"23257185175207656591290547856034309718",
"188884322748650166457278578290889460076",
"65599411412293793072991413149637660606",
"237487198300810258255713003532364659368",
"214232837542504027761954615164472310268",
"5515553167555718878877076999958941397",
"59553920910973963754928455802851058255",
"131602138700337235516351043562070463877",
"188849883887590117210774193366568160557",
"302527409971546535106871598941405759529",
"171635833792731202707677143569781355111",
"269096808306269626648147267541817482295",
"221151944161876219310842424743111120394",
"228746098761434737560344535739990617318",
"87255461712494211372435342762839623976",
"262267691709341023166314018167645609009",
"34792941249117369370863400331806368734"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/crowcpp/crow/commit/87adb19e43caf5a060674a9b67a86c8ced944892",
"signature_version": "v1"
},
{
"id": "CVE-2021-23824-88779099",
"target": {
"file": "include/crow/mustache.h",
"function": "load"
},
"deprecated": false,
"digest": {
"function_hash": "287575781123955048104979900075719967873",
"length": 110.0
},
"signature_type": "Function",
"source": "https://github.com/crowcpp/crow/commit/87adb19e43caf5a060674a9b67a86c8ced944892",
"signature_version": "v1"
},
{
"id": "CVE-2021-23824-9d4323a6",
"target": {
"file": "include/crow/json.h",
"function": "escape"
},
"deprecated": false,
"digest": {
"function_hash": "204191044483675379121764141661263843381",
"length": 691.0
},
"signature_type": "Function",
"source": "https://github.com/crowcpp/crow/commit/87adb19e43caf5a060674a9b67a86c8ced944892",
"signature_version": "v1"
},
{
"id": "CVE-2021-23824-f86a49c4",
"target": {
"file": "include/crow/mustache.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"162099581623391762551084097667763895168",
"243279579843429086421829427123440591552",
"27729646556335079989917923631664481320",
"170758604772593712810658008823389633205",
"191419419061307971668790491110467767379",
"31923641268334282549809595137597329774",
"339372811886929845828192048734722593098",
"60957758119360296942378310682973869818",
"65150894221793065847095847805421330053",
"231241993418671370874560057640211673901",
"207594312623618426072648813375435649216",
"101000889827927546599743689497912205574"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/crowcpp/crow/commit/87adb19e43caf5a060674a9b67a86c8ced944892",
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23824.json"