I just wanted to Inform you that currently in the custom Policy Starterpack the TrustFrameworkBase.xml File comes with Handlebars Runtime version 4.7.6.
This Version has currently two critical exploits:
CVE-2021-23369 CVSS 3.x: 5.6 Medium (Snyk), 9.8 Critical (NVD)
CVE-2021-23383 CVSS 3.x: 5.6 Medium (Snyk), 9.8 Critical (NVD)
Hey,
I just wanted to Inform you that currently in the custom Policy Starterpack the TrustFrameworkBase.xml File comes with Handlebars Runtime version 4.7.6.
This Version has currently two critical exploits:
CVE-2021-23369 CVSS 3.x: 5.6 Medium (Snyk), 9.8 Critical (NVD) CVE-2021-23383 CVSS 3.x: 5.6 Medium (Snyk), 9.8 Critical (NVD)
A fast fix for this Issue would be to update the Handlebars versions corresponding to: https://learn.microsoft.com/en-us/azure/active-directory-b2c/page-layout#jquery-and-handlebars-versions. The exploit should be closed with update 4.7.7.
Regards, Andreas