CGA-8x67-7c82-4xhj

Published

Last updated

https://images.chainguard.dev/security/CGA-8x67-7c82-4xhj

Package

gitlab-rails-ee-fips-17.3

Repository

Chainguard

Latest Update

Not affected

Aliases

GHSA-q42p-pg8m-cqh6

Severity

Unknown

Summary

Prototype Pollution in handlebars

Description

Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.

Recommendation

For handlebars 4.1.x upgrade to 4.1.2 or later. For handlebars 4.0.x upgrade to 4.0.14 or later.

References

https://github.com/advisories/GHSA-q42p-pg8m-cqh6
https://github.com/handlebars-lang/handlebars.js/issues/1495
https://github.com/handlebars-lang/handlebars.js/commit/0d6d8c335ad81bad1b672fc56b6a44f6aa472dac
https://github.com/handlebars-lang/handlebars.js/commit/7372d4e9dffc9d70c09671aa28b9392a1577fd86
https://github.com/handlebars-lang/handlebars.js/commit/85c8783b34fc6d36145d8b53885ad0b9e3c3f9c4
https://github.com/handlebars-lang/handlebars.js/commit/cd38583216dce3252831916323202749431c773e
https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692
https://www.npmjs.com/advisories/755

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-8x67-7c82-4xhj

Severity

Summary

Description

Recommendation

References

Updates

Products

Why Chainguard

Customers

Company

Resources