CVE-2019-19919 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2 Vulnerability Details CVEID:CVE-2018-1000134 DESCRIPTION: Ping Identity UnboundID LDAP SDK could allow a remote attacker to...

openSUSE 15 Security Update : php7 (openSUSE-SU-2021:1130-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1130-1 advisory. - Tenable.sc leverages third-party software to help provide underlying functionality. Multiple third-party components were found to contain...

openSUSE 15 Security Update : php7 (openSUSE-SU-2021:2575-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2575-1 advisory. - Tenable.sc leverages third-party software to help provide underlying functionality. Multiple third-party components were found to contain...

Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities - Handlebars.js ( CVE-2019-19919, CVE-2021-32820)

Summary The product includes an older version of Handlebars.js that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2019-19919 DESCRIPTION: Node.js handlebars could allow a remote attacker to execute arbitrary code on the system, caused by a prototype...

101 (>=0.3.0 <=0.7.1), 3c (>=0.0.1 <=1.0.0-alpha) +3347 more potentially affected by CVE-2019-19919 via handlebars (>=1.0.10 <=3.0.7)

handlebars NPM version =1.0.10, =0.3.0, =0.0.1, =0.0.1, =1.0.0, =1.0.1, =1.0.0, =1.31.0, =0.1.16, =0.9.33, =0.9.33, =5.0.2, =5.0.3, =5.0.6, =5.0.7 and more Source cves: CVE-2019-19919 Source advisory: OSV:GHSA-W457-6Q6X-CGP9...

CVE-2019-19919

Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's proto and defineGetter properties, which may allow an attacker to execute arbitrary code through crafted payloads...

CVE-2019-19919

CVE-2019-19919 affects the Node.js Handlebars package prior to 4.3.0. Root cause: a prototype pollution flaw that can alter Object.prototype properties, enabling an attacker to execute arbitrary code via crafted payloads (Remote Code Execution). Affected context includes Handlebars usage in serve...

Prototype Pollution

Overview Versions of handlebars prior to 3.0.8 or 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Objects' proto and defineGetter properties, which may allow an attacker to execute arbitrary code through crafted payloads. Recommendation Upgrade...