Lucene search
Redhat.comRH:CVE-2019-20920HistorySep 30, 2020 - 4:18 p.m.
CVE-2019-20920
2020-09-3016:18:42
redhat.com
access.redhat.com
25
nodejs handlebars
arbitrary code execution
template validation
cross-site scripting
confidentiality
EPSS
0.007
Percentile
80.3%
A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to arbitrary code execution. The package lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript into the system. This issue is used to run arbitrary code in a server processing Handlebars templates or on a victim’s browser (effectively serving as Cross-Site Scripting). The highest threat from this vulnerability is to confidentiality.
Related
osv
osv
CVE-2019-20920
2020-09-30 18:15:17
Arbitrary Code Execution in Handlebars
2022-02-10 20:38:19
debiancve
debiancve
CVE-2019-20920
2020-09-30 18:15:17
nvd
nvd
CVE-2019-20920
2020-09-30 18:15:17
veracode
veracode
Arbitrary Code Execution
2019-11-20 03:17:20
cve
cve
CVE-2019-20920
2020-09-30 18:15:17
prion
prion
Cross site scripting
2020-09-30 18:15:00
ubuntucve
ubuntucve
CVE-2019-20920
2020-09-30 00:00:00
cvelist
cvelist
CVE-2019-20920
2020-09-30 12:30:56
github
github
Arbitrary Code Execution in Handlebars
2022-02-10 20:38:19
redhat
redhat
nessus
nessus
RHEL 8 : Red Hat Virtualization (RHSA-2020:5179)
2020-11-24 00:00:00
ibm
ibm