5 matches found
BIT-HANDLEBARS-2021-32820 File disclosure in Express Handlebars
Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...
Insecure template handling in Express-handlebars
Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...
CVE-2021-32820
Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...
Information disclosure
Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...
CVE-2021-32820
Summary (concrete details from sources): The CVE-2021-32820 issue affects Express-handlebars, a Handlebars view engine for Express. The vulnerability arises because the render API’s layout parameter can cause local file disclosure in downstream apps by including files with existing extensions; fi...