WS-2019-0331 (Medium) detected in handlebars-4.0.10.tgz #22

dev-mend-for-github-com · 2022-01-31T12:11:27Z

WS-2019-0331 - Medium Severity Vulnerability

Vulnerable Library - handlebars-4.0.10.tgz

Handlebars provides the power necessary to let you build semantic templates effectively with no frustration

Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.0.10.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/handlebars/package.json

Dependency Hierarchy:

❌ handlebars-4.0.10.tgz (Vulnerable Library)

Found in HEAD commit: f54f834a8df51dd444de7ce0e914d6aaa8c707dc

Found in base branch: dev_branch

Vulnerability Details

Arbitrary Code Execution vulnerability found in handlebars before 4.5.2. Lookup helper fails to validate templates. Attack may submit templates that execute arbitrary JavaScript in the system.

Publish Date: 2019-11-13

URL: WS-2019-0331

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/1316

Release Date: 2019-11-13

Fix Resolution: 4.1.2-0

⛑️ Automatic Remediation is available for this issue

dev-mend-for-github-com bot added the security vulnerability Security vulnerability detected by WhiteSource label Jan 31, 2022

dev-mend-for-github-com bot mentioned this issue Jan 31, 2022

Update dependency handlebars to v4.7.4 (dev_branch) #25

Open

1 task

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2019-0331 (Medium) detected in handlebars-4.0.10.tgz #22

WS-2019-0331 (Medium) detected in handlebars-4.0.10.tgz #22

dev-mend-for-github-com bot commented Jan 31, 2022

WS-2019-0331 (Medium) detected in handlebars-4.0.10.tgz #22

WS-2019-0331 (Medium) detected in handlebars-4.0.10.tgz #22

Comments

dev-mend-for-github-com bot commented Jan 31, 2022

WS-2019-0331 - Medium Severity Vulnerability