CVE-2021-32819

nvd nist nuclei

Published: May 14, 2021Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. This issue is fixed in version 9.0.0. For complete details refer to the referenced GHSL-2021-023.

Affected (1)

Products: Squirrelly: Squirrelly

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Squirrelly Squirrelly	Version 8.0.8

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

https://github.com/squirrellyjs/squirrelly/commit/c12418a026f73df645ba927fd29358efe02fed1e

Source: security-advisories@github.com

https://github.com/squirrellyjs/squirrelly/commit/dca7a1e7ee91d8a6ffffb655f3f15647486db9da

Source: security-advisories@github.com

https://github.com/squirrellyjs/squirrelly/pull/254

Source: security-advisories@github.com

https://securitylab.github.com/advisories/GHSL-2021-023-squirrelly/

Source: security-advisories@github.com

ExploitThird Party Advisory

https://github.com/squirrellyjs/squirrelly/commit/c12418a026f73df645ba927fd29358efe02fed1e

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/squirrellyjs/squirrelly/commit/dca7a1e7ee91d8a6ffffb655f3f15647486db9da

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/squirrellyjs/squirrelly/pull/254

Source: af854a3a-2127-422b-91ae-364da2661108

https://securitylab.github.com/advisories/GHSL-2021-023-squirrelly/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.