Lucene search
GoogleOSV:GHSA-3CQR-58RM-57F8HistoryFeb 10, 2022 - 8:38 p.m.
Arbitrary Code Execution in Handlebars
2022-02-1020:38:19
Google
osv.dev
91
handlebars
arbitrary code execution
vulnerable software
javascript
xss
EPSS
0.007
Percentile
80.3%
Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim’s browser (effectively serving as XSS).
References
github.com/handlebars-lang/handlebars.js/commit/156061eb7707575293613d7fdf90e2bdaac029ee
github.com/handlebars-lang/handlebars.js/commit/d54137810a49939fd2ad01a91a34e182ece4528e
nvd.nist.gov/vuln/detail/CVE-2019-20920
snyk.io/vuln/SNYK-JS-HANDLEBARS-534478
www.npmjs.com/advisories/1316
www.npmjs.com/advisories/1324
www.npmjs.com/package/handlebars
Related
osv
osv
CVE-2019-20920
2020-09-30 18:15:17
debiancve
debiancve
CVE-2019-20920
2020-09-30 18:15:17
nvd
nvd
CVE-2019-20920
2020-09-30 18:15:17
veracode
veracode
Arbitrary Code Execution
2019-11-20 03:17:20
redhatcve
redhatcve
CVE-2019-20920
2020-09-30 16:18:42
cve
cve
CVE-2019-20920
2020-09-30 18:15:17
prion
prion
Cross site scripting
2020-09-30 18:15:00
ubuntucve
ubuntucve
CVE-2019-20920
2020-09-30 00:00:00
cvelist
cvelist
CVE-2019-20920
2020-09-30 12:30:56
github
github
Arbitrary Code Execution in Handlebars
2022-02-10 20:38:19
redhat
redhat
nessus
nessus
RHEL 8 : Red Hat Virtualization (RHSA-2020:5179)
2020-11-24 00:00:00
ibm
ibm