WS-2019-0064 (High) detected in handlebars-3.0.3.tgz - autoclosed

Question

WS-2019-0064 (High) detected in handlebars-3.0.3.tgz - autoclosed

mend-for-github-com opened this issue 4 years ago · 2 comments

mend-for-github-com commented 4 years ago

WS-2019-0064 - High Severity Vulnerability

Vulnerable Library - handlebars-3.0.3.tgz

Handlebars provides the power necessary to let you build semantic templates effectively with no frustration

Library home page: https://registry.npmjs.org/handlebars/-/handlebars-3.0.3.tgz

Dependency Hierarchy:

typedoc-markdown-theme-0.0.4.tgz (Root Library)
- typedoc-0.3.12.tgz
  - ❌ handlebars-3.0.3.tgz (Vulnerable Library)

Vulnerability Details

Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.

Publish Date: 2019-01-30

URL: WS-2019-0064

CVSS 2 Score Details (8.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/755/versions

Release Date: 2019-04-30

Fix Resolution: 1.0.6-2,4.0.14,4.1.2

Answer 1 · 2021-04-06T20:56:28.000Z

ℹ️ This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #150

Answer 2 · 2021-04-06T20:56:28.000Z

ℹ️ This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #150