CVE-2021-32819: Code Injection

May 14, 2021 (updated May 22, 2023)

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. There is currently no fix for these issues as of the publication of this CVE.

References

nvd.nist.gov/vuln/detail/CVE-2021-32819

Detect and mitigate CVE-2021-32819 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →