Home > Vulnerability Database > CVE-2021-32819

Mend Vulnerability Database

CVE-2021-32819

Good to know:

Date: May 14, 2021

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. There is currently no fix for these issues as of the publication of this CVE. The latest version of squirrelly is currently 8.0.8. For complete details refer to the referenced GHSL-2021-023.

Language: JS

Severity Score

8.8

Related Resources (4)

Url: https://www.npmjs.com/package/squirrelly

Url: https://securitylab.github.com/advisories/GHSL-2021-023-squirrelly/

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-32819

Url: https://www.mend.io/vulnerability-database/CVE-2021-32819

Severity Score

8.8

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

No fix version available

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend Vulnerability Database

We found results for “”

CVE-2021-32819

Good to know:

Date: May 14, 2021

Language: JS

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?