15 matches found
Nodejs Squirrelly - Remote Code Execution
Nodejs Squirrelly is susceptible to remote code execution. Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuratio...
Exploit for Code Injection in Squirrelly
CVE-2024-40453 - Squirrelly v9.0.0 RCE Disclaimer: This sc...
CVE-2021-32819
Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...
@miragon/miranum-cli (>=0.5.5 <=0.5.12) potentially affected by CVE-2024-40453 via squirrelly (=9.0.0)
squirrelly NPM version =9.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on squirrelly and may be impacted: - @miragon/miranum-cli =0.5.5, =0.5.12 Source cves: CVE-2024-40453 Source advisory: OSV:GHSA-W5PW-GMCW-RFC8...
Squirrelly 安全漏洞
Squirrelly is a modern, configurable, and ultra-fast template engine implemented in JavaScript by Squirrelly Open Source. A security vulnerability exists in Squirrelly version v9.0.0, which stems from the discovery of a contained code injection vulnerability via the component options.varName...
CVE-2024-40453
squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName...
VulnCheck KEV: CVE-2021-32819
Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...
Insecure template handling in Squirrelly
Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...
GHSA-Q8J6-PWQX-PM96 Insecure template handling in Squirrelly
Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...
CVE-2021-32819
Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...
CVE-2021-32819
Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...
Remote code execution
Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...
PT-2021-19952 · Unknown +1 · Squirrelly +1
Name of the Vulnerable Software and Affected Versions: Squirrelly versions prior to 9.0.0 Description: Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. It mixes pure template data with engine configuration options through the Express render API. ...
Squirrelly 信息泄露漏洞
npm Npm squirrelly is an application from the American company npm. It provides a modern, configurable and powerful Express template engine implemented in JavaScript. Squirrelly suffers from an information disclosure vulnerability that stems from mixing pure template data with engine configuratio...
CVE-2021-32819
CVE-2021-32819 - Nodejs Squirrelly RCE : The Squirrelly template engine for Node.js is vulnerable when Express’s render API is used to mix template data with engine configuration options, enabling remote code execution in downstream applications. The root cause is overwriting internal configurati...