2 matches found
CVE-2021-32817
express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...
7ghost (>=4.11.0 <=4.11.46), @dobbse/wiki (>=0.12.1-d <=0.12.1-e) +87 more potentially affected by CVE-2021-32817 via express-hbs (>=0.1.6 <=2.4.0)
express-hbs NPM version =0.1.6, =4.11.0, =0.12.1-d, =1.3.1, =3.41.6, =1.0.1, =3.0.7, =4.0.0, =5.1.1, =4.0.4, =1.0.1, =3.40.4-ez-bin.0, =3.41.6-ez-bin.10 - @zce/ghost =2.12.0 and more Source cves: CVE-2021-32817 Source advisory: OSV:GHSA-RWXP-HWWF-653V...