[Pkg-javascript-devel] Bug#923042: node-handlebars: Prototype Pollution allowing an attacker to execute arbitrary code
Jonas Smedegaard
dr at jones.dk
Sat Feb 23 14:15:25 GMT 2019
Source: node-handlebars
Version: 3:4.0.10-5
Severity: grave
Tags: security upstream
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
At https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692 this is reported:
> Affected versions of this package are vulnerable to Prototype Pollution. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.
All releases of handlebars older than 4.0.13 should be affected.
- Jonas
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlxxVXoACgkQLHwxRsGg
ASGoEA/+NGvVunzYs3SvvZRC8SaGuV8s3I9BolYz9w5/HA2jks61I0QPKL+NioOC
Ky9+4X0nIQcsotu3eOJe3q7abbRrSdILO00RmvFsoHlHeSBYqQB+FoAG439QyNmb
vzPaJ0cU2h+WujuCZxRI2kl0xcUzchHq2iEqJW2aueEuxhdOAPCrykzDWo6bL8FU
mknTpLeukJ7Ownj7H3XbT8z2pFZ1Pv2sq4UsMEcu6FljGec9qWm1Ohn0qq9WQYrP
a2zhQpF77QhDDUEBVP/HeQTx4In8RetM4Iim3XH93KG5j1VY8R+2pVbynbMWbk6c
C6h1vm6hezmtiuJtw6p5oy5Kda1/waxFaIUfCHIF9DhdTV2ZY74MapdC2e8HAD9g
iKq9Eq2P+OYMBkGRbcAvOcUQgpX4dJWihelv1DJQJWYbYCJaG+hTUd+S0cHakfLa
+IdiZ3h4dVUmIuWKV1fmUhUBWnr7mHTPLe4tiIQqqD3T51zIUO1xMu953L0xprH2
UdESnJG4ySryK06SKaljtfXRz3WlsPrPGTJu2LYN9Y6xEugu+dm3heqdxnv8Ek4A
P2rrPWlULbUI9Rk8lkcFiNLNeS7zzHflcp2qY02CLN8zSGkaBIVf/RKnhSO624pA
lV0BTfNiEk2tGAYV8vN/TOcZQb1gQRdT0qoFgU63bQaVvDS7gig=
=JfmR
-----END PGP SIGNATURE-----
More information about the Pkg-javascript-devel
mailing list