DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2019-20920

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2019-20920

CGA ID

CGA-5wrh-ccg5-m38p

Severity

8.1

High

CVSS V3

Description

Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).

References

  • https://images.chainguard.dev/security/CGA-5wrh-ccg5-m38p

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images