Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade oc-template-handlebars to latest version to fix security issue #1169

Closed
chriscartlidge opened this issue May 27, 2020 · 0 comments · Fixed by opencomponents/oc-client-node#104 or #1173
Closed

Upgrade oc-template-handlebars to latest version to fix security issue #1169

chriscartlidge opened this issue May 27, 2020 · 0 comments · Fixed by opencomponents/oc-client-node#104 or #1173

Comments

@chriscartlidge
Copy link
Contributor

Who is the bug affecting?

Any component that is using the handlebars template version 6.0.17 and below.

What is affected by this bug?

  • Node-Client
  • Brower-Client

When does this occur?

Versions of handlebars <4.5.3 have a security vulnerability which can lead to a cross-site scripting attack.

Where on the platform does it happen?

  • Clients

How do we replicate the issue?

See: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534988

Expected behaviour (i.e. solution)

  • OC is using the latest version of handlebars which doesn't have the XSS problem.

What version of OC, Node.js and OS are you using?

  • OC@0.48.7 & below

Other Comments
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@chriscartlidge