Lucene search

K

Handlebars Security Vulnerabilities - 2020

cve
cve

CVE-2019-20920

Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars template...

8.1CVSS

8.1AI Score

0.007EPSS

2020-09-30 06:15 PM
105
cve
cve

CVE-2019-20922

Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources.

7.5CVSS

7.3AI Score

0.002EPSS

2020-09-30 06:15 PM
80