CVE-2021-32819

Name of the Vulnerable Software and Affected Versions Squirrelly versions prior to 9.0.0

Description Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. It mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options, remote code execution may be triggered in downstream applications.

Recommendations For versions prior to 9.0.0, update to version 9.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the Express render API to minimize the risk of exploitation.