DirectorySecurity Advisories
Sign In
Security Advisories

CGA-24pm-f3rp-x72m

Published

Last updated

https://images.chainguard.dev/security/CGA-24pm-f3rp-x72m
Package

gitlab-rails-ee-17.0

Latest Update
Not affected
Aliases
  • CVE-2019-20920
  • GHSA-3cqr-58rm-57f8

Severity

8.1

High

CVSS V3

Summary

Arbitrary Code Execution in Handlebars

Description

Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images