Back to search
CVE-2019-20920
Published: Sep 30, 2020
Modified: Aug 5, 2024
PUBLISHED
Description
Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.npmjs.com/advisories/1316
x_refsource_MISC
https://www.npmjs.com/advisories/1324
x_refsource_MISC
https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now