CVE-2021-23369

ADVISORY - github

Summary

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.

EPSS Score⁠: 0.0966 (0.949)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-noinfo⁠

ADVISORY - github

CWE-94⁠

Improper Control of Generation of Code ('Code Injection')

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-78⁠

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-94⁠

Improper Control of Generation of Code ('Code Injection')

Impacted images

Advisories

NIST

CREATED

4 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2021-23369⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-noinfo⁠

CVSS SCORE

5.6medium

GitHub

CREATED

4 years ago

UPDATED

2 years ago

ADVISORY IDGHSA-f2jv-r9rf-7988⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-94⁠

CVSS SCORE

9.8critical

Debian

CREATED

4 years ago

UPDATED

14 days ago

ADVISORY IDCVE-2021-23369⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

4 years ago

UPDATED

11 months ago

ADVISORY IDCVE-2021-23369⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

9.8medium

GitLab

CREATED

4 years ago

UPDATED

2 years ago

ADVISORY ID

CVE-2021-23369

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-78⁠CWE-937⁠

CVSS SCORE

9.8critical

Red Hat

CREATED

4 years ago

UPDATED

2 years ago

ADVISORY IDCVE-2021-23369⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-94⁠

CVSS SCORE

9.8medium

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-44wj-j3rp-jg3r

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-34fq-39h3-rp79

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY ID

CGA-f7wm-hj4q-98qg

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

8 months ago

UPDATED

8 months ago

ADVISORY ID

CGA-7q4q-cg78-9mmw

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

5 months ago

UPDATED

5 months ago

ADVISORY ID

CGA-fcr2-5h35-fxrr

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY ID

CGA-935r-hqf5-5h8w

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

8 months ago

UPDATED

8 months ago

ADVISORY ID

CGA-gpgr-qvpf-p6g6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY ID

CGA-h4r8-mwvm-9f5x

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

7 months ago

UPDATED

7 months ago

ADVISORY ID

CGA-5h6j-66g8-3g72

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

8 months ago

UPDATED

8 months ago

ADVISORY ID

CGA-hxpx-gx9p-8g9h

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

5 months ago

UPDATED

5 months ago

ADVISORY ID

CGA-j32v-gr6p-r9qw

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

8 months ago

UPDATED

8 months ago

ADVISORY ID

CGA-c3wc-jmpm-9grp

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

8 months ago

UPDATED

8 months ago

ADVISORY ID

CGA-2fmf-wwvq-6h59

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY ID

CGA-cq48-388r-pjpg

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 month ago

UPDATED

1 month ago

ADVISORY ID

CGA-48g6-fmc5-qr8r

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

13 days ago

UPDATED

13 days ago

ADVISORY ID

CGA-2864-8f4w-cf62

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

13 days ago

UPDATED

13 days ago

ADVISORY ID

CGA-7rxh-r32r-wf5x

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

intheWild

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDCVE-2021-23369⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY