Handlebarsjs Handlebars 4.0.6 for Node.js

CPE Details

Handlebarsjs Handlebars 4.0.6 for Node.js
handlebarsjs
handlebars
4.0.6
2020-10-02
15h12 +00:00
2020-10-02
15h12 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:handlebarsjs:handlebars:4.0.6:*:*:*:*:node.js:*:*

Informations

Vendor

handlebarsjs

Product

handlebars

Version

4.0.6

Target Software

node.js

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-23383 2021-05-04 08h35 +00:00 The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.
9.8
Critique
CVE-2021-23369 2021-04-12 13h10 +00:00 The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
9.8
Critique
CVE-2019-20920 2020-09-30 10h30 +00:00 Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).
8.1
Haute
CVE-2019-20922 2020-09-30 10h30 +00:00 Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources.
7.5
Haute