WS-2019-0103 (Medium) detected in handlebars-3.0.3.tgz - autoclosed

Question

WS-2019-0103 (Medium) detected in handlebars-3.0.3.tgz - autoclosed

mend-for-github-com opened this issue 4 years ago · 1 comments

mend-for-github-com commented 4 years ago

WS-2019-0103 - Medium Severity Vulnerability

Vulnerable Library - handlebars-3.0.3.tgz

Handlebars provides the power necessary to let you build semantic templates effectively with no frustration

Library home page: https://registry.npmjs.org/handlebars/-/handlebars-3.0.3.tgz

Dependency Hierarchy:

typedoc-markdown-theme-0.0.4.tgz (Root Library)
- typedoc-0.3.12.tgz
  - ❌ handlebars-3.0.3.tgz (Vulnerable Library)

Vulnerability Details

Handlebars.js before 4.1.0 has Remote Code Execution (RCE)

Publish Date: 2019-01-30

URL: WS-2019-0103

CVSS 2 Score Details (5.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: handlebars-lang/handlebars.js@edc6220

Release Date: 2019-05-30

Fix Resolution: 4.1.0

Answer 1 · 2022-05-27T06:05:47.000Z

✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.