express-handlebars is vulnerable to information disclosure. The vulnerability exists due to a the mixing of untrusted data with the express-handlebars options passed to the template data.
CPE | Name | Operator | Version |
---|---|---|---|
express-handlebars | le | 5.3.0 | |
express-handlebars | le | 5.3.0 |
blog.shoebpatel.com/2021/01/23/The-Secret-Parameter-LFR-and-Potential-RCE-in-NodeJS-Apps/
github.com/express-handlebars/express-handlebars/blob/78c47a235c4ad7bc2674bddd8ec2721567ed8c72/README.md#danger-
github.com/express-handlebars/express-handlebars/commit/78c47a235c4ad7bc2674bddd8ec2721567ed8c72
github.com/express-handlebars/express-handlebars/commit/78c47a235c4ad7bc2674bddd8ec2721567ed8c72
github.com/express-handlebars/express-handlebars/pull/163
securitylab.github.com/advisories/GHSL-2021-018-express-handlebars/
www.npmjs.com/package/express-handlebars