2 matches found
Handlebars information disclosure vulnerability (CNVD-2021-47374)
handlebars is a semantic Web template system. express-hbs suffers from an information disclosure vulnerability that stems from mixing pure template data with engine configuration options via the Express rendering API. Layout parameters may trigger a file disclosure vulnerability in downstream...
org.webjars.npm:directory-encoder (=0.7.2), org.webjars.npm:okta__okta-signin-widget (=2.21.0) potentially affected by CVE-2021-23369 via org.webjars.npm:handlebars (>=1.3.0 <=4.0.14)
org.webjars.npm:handlebars MAVEN version =1.3.0, =4.0.14 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:handlebars and may be impacted: - org.webjars.npm:directory-encoder =0.7.2 - org.webjars.npm:oktaokta-signin-widget =2.21.0 Source...