Intel

AIKIDO-2026-273611

squirrelly is vulnerable to Code Injection

Code Injection Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Today

81

High Risk

This Affects:

JSsquirrelly
8.0.0 - 9.1.0
Fixed in 9.1.1
Are you affected? Scan for Free

TL;DR

The template compiler in compile-string.ts embeds the defaultFilter configuration option directly into the generated JavaScript function source without escaping. When an application forwards attacker-controlled data into the Squirrelly render options, a crafted defaultFilter value breaks out of the generated string literal and injects arbitrary code that runs while the template is compiled and rendered. This results in remote code execution in the Node.js process. The fix serializes the filter name with JSON.stringify before embedding it so the value is treated as data rather than code.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and your application passes untrusted input into the Squirrelly configuration options (for example forwarding request data as render options).

Background info

squirrelly is vulnerable to Code Injection in versions 8.0.0 - 9.1.0.

How to fix this

Upgrade the squirrelly library to the patch version.