Remote Code Execution (RCE)
CVE-2021-23369

5.6MEDIUM

Key Information:

Vendor

Handlebarsjs

Status
Handlebars
Vendor
CVE Published:
12 April 2021

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2021-23369?

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.

Affected Version(s)

handlebars < 4.7.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-23369
Created by fazilbaig1

References

https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767
x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074950
x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074951
x_refsource_MISC

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Francois Lajeunesse-Robert
.
CVE-2021-23369 : Remote Code Execution (RCE)