GHSA-q42p-pg8m-cqh6
Suggest an improvement- Source
- https://github.com/advisories/GHSA-q42p-pg8m-cqh6
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/06/GHSA-q42p-pg8m-cqh6/GHSA-q42p-pg8m-cqh6.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-q42p-pg8m-cqh6
- Related
- Published
- 2019-06-05T14:07:48Z
- Modified
- 2021-08-04T20:54:05Z
- Severity
-
- 7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- Prototype Pollution in handlebars
- Details
-
Versions of
handlebarsprior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.Recommendation
For handlebars 4.1.x upgrade to 4.1.2 or later. For handlebars 4.0.x upgrade to 4.0.14 or later.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-471" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2019-06-05T13:55:39Z" }- References
-
- https://github.com/handlebars-lang/handlebars.js/issues/1495
- https://github.com/handlebars-lang/handlebars.js/commit/0d6d8c335ad81bad1b672fc56b6a44f6aa472dac
- https://github.com/handlebars-lang/handlebars.js/commit/7372d4e9dffc9d70c09671aa28b9392a1577fd86
- https://github.com/handlebars-lang/handlebars.js/commit/85c8783b34fc6d36145d8b53885ad0b9e3c3f9c4
- https://github.com/handlebars-lang/handlebars.js/commit/cd38583216dce3252831916323202749431c773e
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692
- https://www.npmjs.com/advisories/755
Affected packages
npm / handlebars
Package
- Name
- handlebars
- View open source insights on deps.dev
- Purl
- pkg:npm/handlebars
npm / handlebars
Package
- Name
- handlebars
- View open source insights on deps.dev
- Purl
- pkg:npm/handlebars
npm / handlebars
Package
- Name
- handlebars
- View open source insights on deps.dev
- Purl
- pkg:npm/handlebars