Lucene search
MitreCVELIST:CVE-2019-20920HistorySep 30, 2020 - 12:30 p.m.
CVE-2019-20920
2020-09-3012:30:56
mitre
www.cve.org
16
handlebars
arbitrary code execution
lookup helper
templates
javascript
server
xss
Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim’s browser (effectively serving as XSS).
Related
osv
osv
CVE-2019-20920
2020-09-30 18:15:17
Arbitrary Code Execution in Handlebars
2022-02-10 20:38:19
debiancve
debiancve
CVE-2019-20920
2020-09-30 18:15:17
nvd
nvd
CVE-2019-20920
2020-09-30 18:15:17
veracode
veracode
Arbitrary Code Execution
2019-11-20 03:17:20
redhatcve
redhatcve
CVE-2019-20920
2020-09-30 16:18:42
cve
cve
CVE-2019-20920
2020-09-30 18:15:17
prion
prion
Cross site scripting
2020-09-30 18:15:00
ubuntucve
ubuntucve
CVE-2019-20920
2020-09-30 00:00:00
github
github
Arbitrary Code Execution in Handlebars
2022-02-10 20:38:19
redhat
redhat
nessus
nessus
RHEL 8 : Red Hat Virtualization (RHSA-2020:5179)
2020-11-24 00:00:00
ibm
ibm