CVE-2021-32819 HIGH

CVE-2021-32819: Remote code execution in squirrelly

Vendor Squirrellyjs

Product squirrelly

Weakness CWE-200 · Info exposure

Published May 14, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

8.0/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. This issue is fixed in version 9.0.0. For complete details refer to the referenced GHSL-2021-023.

Key dates

02Disclosure timeline

May 14, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-32819

Related vulnerabilities

CVE-2021-32819: Remote code execution in squirrelly

01Description

02Disclosure timeline

03References

04Related CVE