WS-2019-0103 (Medium) detected in handlebars-4.0.10.tgz #16

dev-mend-for-github-com · 2022-01-31T12:11:15Z

WS-2019-0103 - Medium Severity Vulnerability

Vulnerable Library - handlebars-4.0.10.tgz

Handlebars provides the power necessary to let you build semantic templates effectively with no frustration

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/handlebars/package.json

Dependency Hierarchy:

Found in base branch: dev_branch

Vulnerability Details

Handlebars.js before 4.1.0 has Remote Code Execution (RCE)

Publish Date: 2019-01-30

CVSS 3 Score Details (5.6)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2019-01-30

Fix Resolution: 4.0.13

⛑️ Automatic Remediation is available for this issue

The text was updated successfully, but these errors were encountered:

dev-mend-for-github-com bot added the security vulnerability Security vulnerability detected by WhiteSource label Jan 31, 2022

dev-mend-for-github-com bot mentioned this issue Jan 31, 2022

Update dependency handlebars to v4.7.4 (dev_branch) #25

Open

1 task