Lucene search
K

5 matches found

OSV
OSV
added 2024/03/06 10:52 a.m.53 views

BIT-HANDLEBARS-2021-32820 File disclosure in Express Handlebars

Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...

8.6CVSS8.5AI score0.17988EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/02/10 11:35 p.m.35 views

Insecure template handling in Express-handlebars

Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...

8.6CVSS8.4AI score0.17988EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2021/05/14 7:15 p.m.32 views

CVE-2021-32820

Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...

8.6CVSS0.17988EPSS
Exploits1References5
Prion
Prion
added 2021/05/14 7:15 p.m.20 views

Information disclosure

Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...

5CVSS8.6AI score0.17988EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2021/05/14 6:25 p.m.80 views

CVE-2021-32820

Summary (concrete details from sources): The CVE-2021-32820 issue affects Express-handlebars, a Handlebars view engine for Express. The vulnerability arises because the render API’s layout parameter can cause local file disclosure in downstream apps by including files with existing extensions; fi...

8.6CVSS8.6AI score0.17988EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder