Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.webjars.npm/handlebars@4.1.2

Type maven

Namespace org.webjars.npm

Name handlebars

Version 4.1.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.7.7

Latest_non_vulnerable_version 4.7.7

Affected_by_vulnerabilities

url VCID-xxez-8xav-cfdz

vulnerability_id VCID-xxez-8xav-cfdz

summary

Remote code execution in handlebars when compiling templates
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when
selecting certain compiling options to compile templates coming from an untrusted source.
This vulnerability has been assigned the CVE identifier CVE-2021-23369.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23369.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23369.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-23369

reference_id

reference_type

scores

value	0.03582
scoring_system	epss
scoring_elements	0.87954
published_at	2026-06-04T12:55:00Z

value	0.03582
scoring_system	epss
scoring_elements	0.87978
published_at	2026-06-06T12:55:00Z

value	0.03582
scoring_system	epss
scoring_elements	0.87975
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-23369

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23369
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23369

reference_url

https://github.com/advisories/GHSA-f2jv-r9rf-7988

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements

url

https://github.com/advisories/GHSA-f2jv-r9rf-7988

reference_url

https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8

reference_url

https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427

reference_url

https://github.com/wycats/handlebars.js

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/wycats/handlebars.js

reference_url

https://security.netapp.com/advisory/ntap-20210604-0008

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210604-0008

reference_url	https://security.netapp.com/advisory/ntap-20210604-0008/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210604-0008/

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074950

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074950

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074951

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074951

reference_url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074952

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074952

reference_url

https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1948761
reference_id	1948761
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1948761

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-23369

reference_id

CVE-2021-23369

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-23369

reference_url	https://access.redhat.com/errata/RHSA-2021:2500
reference_id	RHSA-2021:2500
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2500

reference_url	https://access.redhat.com/errata/RHSA-2021:4032
reference_id	RHSA-2021:4032
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4032

reference_url	https://access.redhat.com/errata/RHSA-2021:4628
reference_id	RHSA-2021:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4628

reference_url	https://access.redhat.com/errata/RHSA-2023:1334
reference_id	RHSA-2023:1334
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1334

fixed_packages

url	pkg:maven/org.webjars.npm/handlebars@4.7.7
purl	pkg:maven/org.webjars.npm/handlebars@4.7.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.webjars.npm/handlebars@4.7.7

aliases CVE-2021-23369, GHSA-f2jv-r9rf-7988

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xxez-8xav-cfdz

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.webjars.npm/handlebars@4.1.2

Package Instance