Filtered by vendor Handlebarsjs
Subscriptions
Filtered by product Handlebars
Subscriptions
Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-23369 | 2 Handlebarsjs, Redhat | 5 Handlebars, Acm, Jboss Enterprise Bpms Platform and 2 more | 2024-09-16 | 5.6 Medium |
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source. | ||||
CVE-2021-23383 | 3 Handlebarsjs, Netapp, Redhat | 6 Handlebars, E-series Performance Analyzer, Acm and 3 more | 2024-09-16 | 5.6 Medium |
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source. | ||||
CVE-2019-20922 | 2 Handlebarsjs, Redhat | 5 Handlebars, Jboss Enterprise Bpms Platform, Openshift and 2 more | 2024-08-05 | 7.5 High |
Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources. | ||||
CVE-2019-20920 | 2 Handlebarsjs, Redhat | 5 Handlebars, Jboss Enterprise Bpms Platform, Openshift and 2 more | 2024-08-05 | 8.1 High |
Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS). |
Page 1 of 1.