How severe is CVE-2021-32817?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2021-32817?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2021-32817 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extentions (i.e. file.extension) can be included, files that lack an extension will have .hbs appended to them. For complete details refer to the referenced GHSL-2021-019 report. Notes in documentation have been added to help users of express-hbs avoid this potential information exposure vulnerability.

Related Vulnerabilities

CVE-2016-0723

MEDIUM

CVSS:6.8(Medium)

Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (u...

CWE-2002016

CVE-2016-1187

MEDIUM

CVSS:6.8(Medium)

Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.

CWE-2002016

CVE-2016-2981

MEDIUM

CVSS:6.8(Medium)

An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965.

CWE-2002016

CVE-2016-5972

MEDIUM

CVSS:6.8(Medium)

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive inf...

CWE-2002016

CVE-2016-6034

MEDIUM

CVSS:6.8(Medium)

IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges.

CWE-2002016

CVE-2017-7526

MEDIUM

CVSS:6.8(Medium)

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion....

CWE-2002017