Lucene search
K

6 matches found

OSV
OSV
added 2024/03/06 10:53 a.m.44 views

BIT-HANDLEBARS-2021-32817 File disclosure in express-hbs

express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...

6.8CVSS6.7AI score0.01268EPSS
Exploits1References5
NVD
NVD
added 2021/05/14 7:15 p.m.40 views

CVE-2021-32817

express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...

6.8CVSS0.01268EPSS
Exploits1References4
OSV
OSV
added 2021/05/14 7:15 p.m.14 views

CVE-2021-32817

express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...

6.8CVSS6.7AI score
Exploits0References4
Prion
Prion
added 2021/05/14 7:15 p.m.19 views

Information disclosure

express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...

4.3CVSS6.7AI score0.01268EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2021/05/14 6:15 p.m.35 views

CVE-2021-32817 File disclosure in express-hbs

express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...

5.4CVSS6.9AI score0.01268EPSS
Exploits1References4
CVE
CVE
added 2021/05/14 6:15 p.m.63 views

CVE-2021-32817

CVE-2021-32817 affects express-hbs, an Express handlebars template engine. The vulnerability arises from mixing template data with engine configuration via the render API, where the layout parameter may trigger information disclosure in downstream apps. The attack surface is constrained: only fil...

6.8CVSS6.2AI score0.01268EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder