Lucene search
Veracode Vulnerability DatabaseVERACODE:30514HistoryMay 17, 2021 - 4:01 p.m.
Information Disclosure
2021-05-1716:01:11
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.002 Low
EPSS
Percentile
53.0%
express-hbs is vulnerable to information disclosure. The layout parameter allows a remote attacker to access and retrieve arbitrary local files that are accessible by the process worker.
| CPE | Name | Operator | Version |
|---|---|---|---|
| express-hbs | le | 2.4.0 | |
| express-hbs | le | 2.4.0 |
References
github.com/advisories/GHSA-rwxp-hwwf-653v
github.com/TryGhost/express-hbs#%EF%B8%8F-this-creates-a-potential-security-vulnerability
github.com/TryGhost/express-hbs/commit/ff6fad6e357699412d4e916273314e5e7af1500e
securitylab.github.com/advisories/GHSL-2021-019-express-hbs/
www.npmjs.com/package/express-hbs
Related
osv
osv
BIT-handlebars-2021-32817
2024-03-06 10:53:03
CVE-2021-32817
2021-05-14 19:15:07
Insecure template handling in express-hbs
2021-05-17 20:58:51
cve
cve
CVE-2021-32817
2021-05-14 19:15:07
prion
prion
Information disclosure
2021-05-14 19:15:00
cvelist
cvelist
CVE-2021-32817 File disclosure in express-hbs
2021-05-14 18:15:14
nvd
nvd
CVE-2021-32817
2021-05-14 19:15:07
github
github
Insecure template handling in express-hbs
2021-05-17 20:58:51