CVE-2019-20922

Published: Sep 30, 2020

Modified: Aug 5, 2024

PUBLISHED

Description

Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.npmjs.com/advisories/1300

x_refsource_MISC

https://snyk.io/vuln/SNYK-JS-HANDLEBARS-480388

x_refsource_MISC

https://github.com/handlebars-lang/handlebars.js/commit/8d5530ee2c3ea9f0aee3fde310b9f36887d00b8b

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-20922

Description

Affected Products

References