CVE-2019-20920

by Fred · 30/09/2020

Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim’s browser (effectively serving as XSS).

Date published : 2020-09-30

https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478

https://www.npmjs.com/advisories/1316

CVE-2019-20920

Related

Recent Posts

Categories

Latest CWE

CVE-2019-20920

Share this:

Related

Recent Posts

Categories

Tags

Latest CWE