What is CVE-2021-32820?

CVE-2021-32820 is a vulnerability in Express-handlebars, classified under Information Disclosure. Published 2021-05-14.

Is CVE-2021-32820 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Express-handlebars

CVE-2021-32820

Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure v…

Vulnerability class: Information Disclosure

EPSS: 0.861 (99.4th percentile) — read the EPSS interpretation.

Affected products

Express-handlebars — versions <= 5.3.2

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

References

securitylab.github.com/advisories/GHSL-2021-018-express-handlebars/ (x_refsource_CONFIRM)
www.npmjs.com/package/express-handlebars (x_refsource_MISC)
github.com/express-handlebars/express-handlebars/pull/163 (x_refsource_MISC)
github.com/express-handlebars/express-handlebars/commit/78c47a235c4ad7bc2674bdd… (x_refsource_MISC)
github.com/express-handlebars/express-handlebars/blob/78c47a235c4ad7bc2674bddd8… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-32820?: CVE-2021-32820 is a vulnerability in Express-handlebars, classified under Information Disclosure. Published 2021-05-14.
Is CVE-2021-32820 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.