WS-2019-0103 (Medium) detected in handlebars-4.0.10.tgz #45

mend-for-github-com · 2021-12-16T14:26:59Z

WS-2019-0103 - Medium Severity Vulnerability

Vulnerable Library - handlebars-4.0.10.tgz

Handlebars provides the power necessary to let you build semantic templates effectively with no frustration

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/handlebars/package.json

Dependency Hierarchy:

jest-cli-20.0.4.tgz (Root Library)
- istanbul-api-1.1.14.tgz
  - istanbul-reports-1.1.2.tgz
    - ❌ handlebars-4.0.10.tgz (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Handlebars.js before 4.1.0 has Remote Code Execution (RCE)

Publish Date: 2019-01-30

CVSS 3 Score Details (5.6)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2019-01-30

Fix Resolution: 4.1.0

The text was updated successfully, but these errors were encountered:

mend-for-github-com bot added the security vulnerability Security vulnerability detected by WhiteSource label Dec 16, 2021