CVE-2021-32819

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-32819
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32819.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-32819
Aliases
Published
2021-05-14T19:15:07Z
Modified
2025-01-15T01:54:41.316749Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. This issue is fixed in version 9.0.0. For complete details refer to the referenced GHSL-2021-023.

References

Affected packages

Git / github.com/squirrellyjs/squirrelly

Affected ranges

Type
GIT
Repo
https://github.com/squirrellyjs/squirrelly
Events

Affected versions

v8.*

v8.0.0
v8.0.0-beta.0
v8.0.0-beta.1
v8.0.0-beta.10
v8.0.0-beta.11
v8.0.0-beta.12
v8.0.0-beta.2
v8.0.0-beta.3
v8.0.0-beta.4
v8.0.0-beta.5
v8.0.0-beta.6
v8.0.0-beta.7
v8.0.0-beta.8
v8.0.0-beta.9
v8.0.1
v8.0.2
v8.0.3
v8.0.4
v8.0.5
v8.0.6
v8.0.7
v8.0.8