WS-2019-0332 (Medium) detected in handlebars-4.1.0.tgz #11
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-github-com
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WS-2019-0332 - Medium Severity Vulnerability
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.1.0.tgz
Path to dependency file: dotenv-expand/package.json
Path to vulnerable library: dotenv-expand/node_modules/handlebars/package.json
Dependency Hierarchy:
Found in HEAD commit: 76f2af744d235e83423a6b3d04a4f551c958641e
Found in base branch: master
Arbitrary Code Execution vulnerability found in handlebars before 4.5.3. Lookup helper fails to validate templates. Attack may submit templates that execute arbitrary JavaScript in the system.It is due to an incomplete fix for a WS-2019-0331.
Publish Date: 2019-11-17
URL: WS-2019-0332
Base Score Metrics not available
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1324
Release Date: 2019-11-17
Fix Resolution: handlebars - 4.5.3
The text was updated successfully, but these errors were encountered: