CVE-2021-23369
Remote Code Execution (RCE)
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
We have discovered 36,995 live websites that are affected by CVE-2021-23369.
Affected Software
| Product |  Handlebars |
| Category | JavaScript Frameworks |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 95 |
| Vulnerable Domains | 36,995 live websites (81.21% of Handlebars install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2021-23369 and the relative popularity of websitesDetails
- Published - Apr 12, 2021
- Updated - Jun 4, 2021
Credits
- Francois Lajeunesse-Robert
CVE References
CWE References
Countries
 United States | 19,788 websites |
 Germany | 1,809 websites |
 Canada | 1,594 websites |
 GB | 1,587 websites |
 France | 1,023 websites |
 Australia | 977 websites |
 Italy | 829 websites |
 Netherlands | 752 websites |
 Spain | 589 websites |
 Poland | 563 websites |
TLDs
| .com | 21,277 websites |
| .org | 1,713 websites |
| .de | 1,236 websites |
| .net | 906 websites |
| .co.uk | 747 websites |
| .com.au | 717 websites |
| .ca | 650 websites |
| .it | 578 websites |
| .nl | 543 websites |
| .pl | 467 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2021-23369 through included software libraries and plugins.References
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074950
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074951
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074952
- https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8
- https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427
- https://security.netapp.com/advisory/ntap-20210604-0008/
Websites affected by CVE-2021-23369
Top websites that are affected by CVE-2021-23369. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.********.com | United States | *,*** | |
| ***.*********.com | United States | *,*** | |
| ***.**********.com | United States | *,*** | |
| ***.****.gov | United States | *,*** | |
| ****.*********.com | United States | *,*** | |
| ***.*****.com | United States | *,*** | |
| **********.*********.com | United States | *,*** | |
| ********.*********.com | United States | *,*** | |
| **.ms |  Montserrat | *,*** | |
| ***.************.**.uk | GB | *,*** |