CVE-2021-23369
Description
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.808
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.4.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 14.1.1.0.0 | Windows |
| Vulnerabilities CVE-2023-5363,CVE-2021-23369,CVE-2021-23383,CVE-2018-9206 are fixed in Nessus 6.3.1 | Windows |
| Vulnerabilities CVE-2023-5363,CVE-2021-23369,CVE-2021-23383,CVE-2018-9206 are fixed in Tenable Nessus 6.3.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 20.0.0.2 | Windows |
| Vulnerabilities CVE-2021-23369 are fixed in WebJars - handlebars 4.7.7 | Windows |
| Vulnerabilities CVE-2021-23369 are fixed in WebJars - handlebars.js 4.7.7 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 18.0.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 19.0.0.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 22.0.1 | Windows |
| Vulnerabilities CVE-2021-23369 are fixed in WebJars - handlebars for Linux 4.7.7 | Linux |
| Vulnerabilities CVE-2021-23369 are fixed in WebJars - handlebars.js for Linux 4.7.7 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234