19 matches found
Express-handlebars - Local File Inclusion
Express-handlebars is susceptible to local file inclusion because it mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...
CVE-2021-32820
Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...
BIT-HANDLEBARS-2021-32817 File disclosure in express-hbs
express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...
BIT-HANDLEBARS-2021-32820 File disclosure in Express Handlebars
Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...
@42mo/42mo-web-styles (>=0.0.16 <=0.0.30), @absa-subatomic/openshift-api (>=0.0.1 <=0.0.2) +771 more potentially affected by CVE-2021-32820 via express-handlebars (>=1.0.1 <=5.3.0)
express-handlebars NPM version =1.0.1, =0.0.16, =0.0.1, =2.0.1, =2.6.4, =1.0.0, =0.3.85, =1.0.5-master.20190403074739, =1.0.0-M.5a, =1.0.0-drift-sdm.20190822144852, =0.1.0-master.20191109234452, =0.1.0, =0.1.1, =0.1.0-ipcrm-custom-event.20191122150318, =0.1.15, =0.1.29-master.20190822002550,...
GHSA-FR76-2WP8-FP92 Insecure template handling in Express-handlebars
Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...
Insecure template handling in Express-handlebars
Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...
Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities - Handlebars.js ( CVE-2019-19919, CVE-2021-32820)
Summary The product includes an older version of Handlebars.js that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2019-19919 DESCRIPTION: Node.js handlebars could allow a remote attacker to execute arbitrary code on the system, caused by a prototype...
GHSA-RWXP-HWWF-653V Insecure template handling in express-hbs
express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...
Information Disclosure
express-handlebars is vulnerable to information disclosure. The vulnerability exists due to a the mixing of untrusted data with the express-handlebars options passed to the template data...
CVE-2021-32817
express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...
CVE-2021-32820
Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...
CVE-2021-32817
express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...
CVE-2021-32820
Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...
Information disclosure
Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...
CVE-2021-32820 File disclosure in Express Handlebars
Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...
CVE-2021-32820
Summary (concrete details from sources): The CVE-2021-32820 issue affects Express-handlebars, a Handlebars view engine for Express. The vulnerability arises because the render API’s layout parameter can cause local file disclosure in downstream apps by including files with existing extensions; fi...
CVE-2021-32817 File disclosure in express-hbs
express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...
handlebars 代码注入漏洞
handlebars is a semanticized web template system. A code injection vulnerability exists in Express-handlebars, where a layout parameter may trigger a file disclosure vulnerability in a downstream application...