Lucene search
K

32 matches found

RedhatCVE
RedhatCVE
added 2020/09/30 4:18 p.m.40 views

CVE-2019-20920

A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to arbitrary code execution. The package lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript into the system. This issue is used to...

8.1CVSS3.6AI score0.03193EPSS
Exploits1References5
CVE
CVE
added 2020/09/30 12:30 p.m.188 views

CVE-2019-20920

Technical details about CVE-2019-20920 are not publicly available in the provided connected documents. Monitor for updates.

8.1CVSS8.1AI score0.03193EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2020/09/30 12:30 p.m.44 views

CVE-2019-20920

Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars...

8.1CVSS8.9AI score0.03193EPSS
Exploits1
OSV
OSV
added 2020/09/04 2:57 p.m.8 views

GHSA-2CF5-4W76-R9QV Arbitrary Code Execution in handlebars

Versions of handlebars prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server...

7.3CVSS6.2AI score
Exploits0References1
OSV
OSV
added 2020/03/02 12:28 p.m.6 views

SUSE-SU-2020:0555-1 Security update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer

This update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer, python-jsonpatch, python-jsonpointer, python-scandir, python-PyYAML fixes the...

7.5CVSS7.8AI score0.07443EPSS
Exploits2References4
Node.js
Node.js
added 2019/11/14 3:29 p.m.18 views

Arbitrary Code Execution

Overview Versions of handlebars prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a...

7.6AI score
Exploits0Affected Software1
EUVD
EUVD
added 2018/03/14 5:0 p.m.6 views

EUVD-2018-0483

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability"...

8.8CVSS8.7AI score0.09948EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2016/03/14 9:24 a.m.6 views

openstack-heat: Vulnerability in Heat template validation leading to DoS

A vulnerability was discovered in the OpenStack Orchestration service heat, where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack-authenticated attacker could use...

5.5CVSS5.7AI score0.02928EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2016/03/14 9:24 a.m.5 views

openstack-heat: Vulnerability in Heat template validation leading to DoS

A vulnerability was discovered in the OpenStack Orchestration service heat, where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack-authenticated attacker could use...

5.5CVSS5.7AI score0.02928EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2016/02/18 4:41 p.m.6 views

openstack-heat: Vulnerability in Heat template validation leading to DoS

A vulnerability was discovered in the OpenStack Orchestration service heat, where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack-authenticated attacker could use...

5.5CVSS5.7AI score0.02928EPSS
Exploits0References4
OSV
OSV
added 2016/01/20 4:59 p.m.3 views

DEBIAN-CVE-2015-5295

The template-validate command in OpenStack Orchestration API Heat before 2015.1.3 kilo and 5.0.x before 5.0.1 liberty allows remote authenticated users to cause a denial of service memory consumption or determine the existence of local files via the resource type in a template, as demonstrated by...

5.4CVSS6.6AI score0.02928EPSS
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2015/08/11 12:0 a.m.7 views

Microsoft Office Memory Corruption (MS15-081: CVE-2015-2477)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is caused when the Office software fails to properly validate templates. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

9.3CVSS7AI score0.13601EPSS
Exploits0
Rows per page
Query Builder