{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T07:35:26.987","vulnerabilities":[{"cve":{"id":"CVE-2021-32819","sourceIdentifier":"security-advisories@github.com","published":"2021-05-14T19:15:07.920","lastModified":"2024-11-21T06:07:48.903","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. This issue is fixed in version 9.0.0. For complete details refer to the referenced GHSL-2021-023."},{"lang":"es","value":"Squirrelly es un motor de plantillas implementado en JavaScript que funciona de inmediato con ExpressJS. Squirrelly mezcla datos de plantilla puros con opciones de configuración del motor mediante la API de renderizado Express. Al sobrescribir las opciones de configuración internas, puede ser desencadenada una ejecución de código remota en aplicaciones posteriores. Actualmente no presenta una solución para estos problemas a partir de la publicación de este CVE. La última versión de squirrelly es actualmente la versión 8.0.8. Para obtener detalles completos, consulte la referencia GHSL-2021-023"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:squirrelly:squirrelly:8.0.8:*:*:*:*:*:*:*","matchCriteriaId":"4A508EA2-C18C-426B-A8A4-F5DD122C1F44"}]}]}],"references":[{"url":"https://github.com/squirrellyjs/squirrelly/commit/c12418a026f73df645ba927fd29358efe02fed1e","source":"security-advisories@github.com"},{"url":"https://github.com/squirrellyjs/squirrelly/commit/dca7a1e7ee91d8a6ffffb655f3f15647486db9da","source":"security-advisories@github.com"},{"url":"https://github.com/squirrellyjs/squirrelly/pull/254","source":"security-advisories@github.com"},{"url":"https://securitylab.github.com/advisories/GHSL-2021-023-squirrelly/","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/squirrellyjs/squirrelly/commit/c12418a026f73df645ba927fd29358efe02fed1e","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/squirrellyjs/squirrelly/commit/dca7a1e7ee91d8a6ffffb655f3f15647486db9da","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/squirrellyjs/squirrelly/pull/254","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://securitylab.github.com/advisories/GHSL-2021-023-squirrelly/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}