CGA-vw95-j44r-gj9x

Published

Last updated

https://images.chainguard.dev/security/CGA-vw95-j44r-gj9x

Package

gitlab-rails-ee-fips-17.2

Latest Update

Not affected

Aliases

GHSA-2cf5-4w76-r9qv

Severity

7.3

High

CVSS V3

Summary

Arbitrary Code Execution in handlebars

Description

Versions of handlebars prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).

The following template can be used to demonstrate the vulnerability:


	{{#with split as |a|}}
		{{pop (push "alert('Vulnerable Handlebars JS');")}}
		{{#with (concat (lookup join (slice 0 1)))}}
			{{#each (slice 2 3)}}
				{{#with (apply 0 a)}}
					{{.}}
				{{/with}}
			{{/each}}
		{{/with}}
	{{/with}}
{{/with}}```


## Recommendation

Upgrade to version 3.0.8, 4.5.2 or later.

References

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-vw95-j44r-gj9x

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources