Lucene search
+L

8 matches found

Nuclei
Nuclei
added 2 days ago149 views

Nodejs Squirrelly - Remote Code Execution

Nodejs Squirrelly is susceptible to remote code execution. Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuratio...

8.8CVSS8.7AI score0.59844EPSS
Exploits2
OSV
OSV
added 2021/05/17 8:58 p.m.29 views

GHSA-Q8J6-PWQX-PM96 Insecure template handling in Squirrelly

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...

8CVSS8.9AI score0.59844EPSS
Exploits2References6
Github Security Blog
Github Security Blog
added 2021/05/17 8:58 p.m.58 views

Insecure template handling in Squirrelly

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...

8.8CVSS8.9AI score0.59844EPSS
Exploits2References6Affected Software1
NVD
NVD
added 2021/05/14 7:15 p.m.15 views

CVE-2021-32819

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...

8.8CVSS0.59844EPSS
Exploits2References4
OSV
OSV
added 2021/05/14 7:15 p.m.20 views

CVE-2021-32819

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...

8.8CVSS7.4AI score
Exploits0References4
Prion
Prion
added 2021/05/14 7:15 p.m.19 views

Remote code execution

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...

6.8CVSS8.7AI score0.59844EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2021/05/14 12:0 a.m.127 views

CVE-2021-32819

CVE-2021-32819 - Nodejs Squirrelly RCE : The Squirrelly template engine for Node.js is vulnerable when Express’s render API is used to mix template data with engine configuration options, enabling remote code execution in downstream applications. The root cause is overwriting internal configurati...

8.8CVSS8.3AI score0.59844EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2021/05/14 12:0 a.m.26 views

CVE-2021-32819 Remote code execution in squirrelly

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...

8CVSS9AI score0.59844EPSS
Exploits2References4
Rows per page
Query Builder