EUVD-2021-1190

Malware in sbrugna...

CVE-2021-32817

express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...

TryGhost express-hbs information disclosure vulnerability

TryGhost express-hbs is an Express handlebar template engine with multiple layouts, blocks and cache sections. tryGhost express-hbs suffers from an information disclosure vulnerability that stems from the product's Express render API mixing pure template data with engine configuration options,...

TryGhost express-hbs 代码注入漏洞

TryGhost express-hbs is an Express handlebar template engine with multiple layouts, blocks and cache sections. tryGhost express-hbs suffers from an information disclosure vulnerability that stems from the product's Express render API mixing pure template data with engine configuration options,...

Handlebars information disclosure vulnerability (CNVD-2021-47375)

handlebars is a semantic Web template system. An information disclosure vulnerability exists in express-hbs that stems from mixing pure template data with engine configuration options via the Express rendering API. Layout parameters may trigger a file disclosure vulnerability in downstream...

7ghost (>=4.11.0 <=4.11.46), @dobbse/wiki (>=0.12.1-d <=0.12.1-e) +87 more potentially affected by CVE-2021-32817 via express-hbs (>=0.1.6 <=2.4.0)

express-hbs NPM version =0.1.6, =4.11.0, =0.12.1-d, =1.3.1, =3.41.6, =1.0.1, =3.0.7, =4.0.0, =5.1.1, =4.0.4, =1.0.1, =3.40.4-ez-bin.0, =3.41.6-ez-bin.10 - @zce/ghost =2.12.0 and more Source cves: CVE-2021-32817 Source advisory: OSV:GHSA-RWXP-HWWF-653V...

Information Disclosure

express-hbs is vulnerable to information disclosure. The layout parameter allows a remote attacker to access and retrieve arbitrary local files that are accessible by the process worker...

Information disclosure

express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...

CVE-2021-32817

CVE-2021-32817 affects express-hbs, an Express handlebars template engine. The vulnerability arises from mixing template data with engine configuration via the render API, where the layout parameter may trigger information disclosure in downstream apps. The attack surface is constrained: only fil...

PT-2021-19950 · Unknown · Express-Hbs

Name of the Vulnerable Software and Affected Versions: express-hbs affected versions not specified Description: The issue arises from express-hbs mixing pure template data with engine configuration options through the Express render API, potentially leading to file disclosure vulnerabilities in...

express-hbs 代码注入漏洞

handlebars is a semantic Web template system. An information disclosure vulnerability exists in express-hbs that stems from mixing pure template data with engine configuration options via the Express rendering API. Layout parameters may trigger a file disclosure vulnerability in downstream...

GitHub Security Lab: [JavaScript]: add query for Express-HBS LFR

This bug was reported directly to GitHub Security Lab...