RHEL 7 : nodejs-handlebars (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true opti...

nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads

A flaw was found in nodejs-handlebars, where it is vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's proto and defineGetter properties, which allows an attacker to execute arbitrary code through crafted payloads. The highest threat from this...

nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution

A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to arbitrary code execution. The package lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript into the system. This issue is used to...

nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option

A flaw was found in nodejs-handlebars. A missing check when getting prototype properties in the template function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system e.g. browser or server when the template is compiled with the...

Low: Red Hat Security Advisory: Openshift Logging 5.1.4 bug fix and security update

An update is now available for OpenShift Logging 5.1.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise security and bug fix update

Red Hat OpenShift Container Platform release 4.6.36 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...

CVE-2021-23383

A flaw was found in nodejs-handlebars. A unescaped value in the JavaScriptCompiler.prototype.depthedLookup function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system e.g. browser or server when the template is compiled with the...

CVE-2021-23369

A flaw was found in nodejs-handlebars. A missing check when getting prototype properties in the template function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system e.g. browser or server when the template is compiled with the...

nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution

A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to arbitrary code execution. The package lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript into the system. This issue is used to...

Low: Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update

An update is now available for Red Hat Virtualization Engine 4.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...

RHEL 8 : Red Hat Virtualization (RHSA-2020:5179)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5179 advisory. The org.ovirt.engine-root is a core component of oVirt. The following packages have been upgraded to a later upstream version: engine-db-que...

CVE-2019-20920

A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to arbitrary code execution. The package lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript into the system. This issue is used to...

CVE-2019-20922

A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to a denial of service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This flaw allows attackers to exhaust system resources, leading to a denial of...

CVE-2019-19919

A flaw was found in nodejs-handlebars, where it is vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's proto and defineGetter properties, which allows an attacker to execute arbitrary code through crafted payloads. The highest threat from this...

Fedora 30 : nodejs-handlebars (2019-c1213f866c)

Security fix for https://www.npmjs.com/advisories/755 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 23 : nodejs-handlebars-4.0.5-1.fc23 (2015-a7cbc13699)

Security fix for nodejs-handlebars: mustache: handlebars: Quoteless Attributes in Templates can lead to Content Injection Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and...

Fedora 22 : nodejs-handlebars-4.0.5-1.fc22 (2015-8b6882339c)

Security fix for nodejs-handlebars: mustache: handlebars: Quoteless Attributes in Templates can lead to Content Injection ---- New upstream release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted t...

Fedora Update for nodejs-handlebars FEDORA-2015-8

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...