Home > Vulnerability Database > CVE-2021-32819

Mend.io Vulnerability Database

CVE-2021-32819

Date: May 13, 2021

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. This issue is fixed in version 9.0.0. For complete details refer to the referenced GHSL-2021-023.

Language: JS

Severity Score

8.0

Related Resources (8)

Url: https://github.com/squirrellyjs/squirrelly

Url: https://github.com/squirrellyjs/squirrelly/commit/dca7a1e7ee91d8a6ffffb655f3f15647486db9da

Url: https://github.com/squirrellyjs/squirrelly/commit/c12418a026f73df645ba927fd29358efe02fed1e

Url: https://securitylab.github.com/advisories/GHSL-2021-023-squirrelly/

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-32819

Url: https://github.com/squirrellyjs/squirrelly/pull/254

Url: https://securitylab.github.com/advisories/GHSL-2021-023-squirrelly

Url: https://www.mend.io/vulnerability-database/CVE-2021-32819

Severity Score

8.0

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	8.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-32819

Date: May 13, 2021

Language: JS

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?