express-hbs is vulnerable to information disclosure. The layout
parameter allows a remote attacker to access and retrieve arbitrary local files that are accessible by the process worker.
CPE | Name | Operator | Version |
---|---|---|---|
express-hbs | le | 2.4.0 | |
express-hbs | le | 2.4.0 |
github.com/advisories/GHSA-rwxp-hwwf-653v
github.com/TryGhost/express-hbs#%EF%B8%8F-this-creates-a-potential-security-vulnerability
github.com/TryGhost/express-hbs/commit/ff6fad6e357699412d4e916273314e5e7af1500e
securitylab.github.com/advisories/GHSL-2021-019-express-hbs/
www.npmjs.com/package/express-hbs