CVE-2021-32817

Name of the Vulnerable Software and Affected Versions express-hbs (affected versions not specified)

Description The issue arises from express-hbs mixing pure template data with engine configuration options through the Express render API, potentially leading to file disclosure vulnerabilities in downstream applications. This is somewhat restricted, as only files with existing extensions can be included. Files lacking an extension will have .hbs appended to them.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.