Candidate: CVE-2021-23369
PublicDate: 2021-04-12 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23369
 https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8
 https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427
 https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767
 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074950
 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074951
 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074952
Description:
 The package handlebars before 4.7.7 are vulnerable to Remote Code Execution
 (RCE) when selecting certain compiling options to compile templates coming
 from an untrusted source.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_node-handlebars:
upstream_node-handlebars: released (4.7.7)
precise/esm_node-handlebars: DNE
trusty_node-handlebars: ignored (out of standard support)
trusty/esm_node-handlebars: DNE
xenial_node-handlebars: DNE
bionic_node-handlebars: needed
focal_node-handlebars: needed
groovy_node-handlebars: ignored (reached end-of-life)
hirsute_node-handlebars: ignored (reached end-of-life)
impish_node-handlebars: needed
jammy_node-handlebars: needed
devel_node-handlebars: needed

Patches_libjs-handlebars:
upstream_libjs-handlebars: needs-triage
precise/esm_libjs-handlebars: DNE
trusty_libjs-handlebars: ignored (out of standard support)
trusty/esm_libjs-handlebars: DNE
xenial_libjs-handlebars: DNE
bionic_libjs-handlebars: DNE
focal_libjs-handlebars: DNE
groovy_libjs-handlebars: DNE
hirsute_libjs-handlebars: DNE
impish_libjs-handlebars: DNE
jammy_libjs-handlebars: DNE
devel_libjs-handlebars: DNE