CVE-2021-32820

Name of the Vulnerable Software and Affected Versions Express-handlebars (affected versions not specified)

Description The layout parameter in Express-handlebars may trigger file disclosure vulnerabilities in downstream applications, allowing inclusion of files with existing extensions. Files without extensions will have .handlebars appended to them. This issue is related to the mixing of pure template data with engine configuration options through the Express render API.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.