CVE-2021-32819

Source
https://cve.org/CVERecord?id=CVE-2021-32819
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32819.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-32819
Aliases
Published
2021-05-14T19:15:07.920Z
Modified
2026-07-08T22:13:53.068574Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. This issue is fixed in version 9.0.0. For complete details refer to the referenced GHSL-2021-023.

References

Affected packages

Git / github.com/bgub/squirrelly

Affected ranges

Type
GIT
Repo
https://github.com/bgub/squirrelly
Events
Database specific
{
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:squirrelly:squirrelly:8.0.8:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "8.0.8"
        },
        {
            "last_affected": "8.0.8"
        }
    ]
}

Affected versions

8.*
8.0.8
v8.*
v8.0.8

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32819.json"