Remote Code Execution (RCE)

squirrelly is vulnerable to remote code execution. The vulnerability exists because of an insecure template handling, allowing overwriting of internal configuration options that can trigger remote code execution...

GHSA-RWXP-HWWF-653V Insecure template handling in express-hbs

express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...