Closed peardox closed 4 years ago
In the express-app I'm using hbs which depends on this vulnerable handlebars. Not sure what I can do to resolve it, I have the latest hbs package now.
Looks like hbs is aware and are tracking this: https://github.com/pillarjs/hbs/issues/185
Thanks for the report, I've updated the dependencies in 613924f2726fe3ac089e98601efc5fd78de65f54
There is a pull request on HBS that has been sitting for 27 days. Absolutely unbelievable. Upstream has limited any comments, issues and pull requests to collaborators which is again unbelievable.
Just updated HBS since they pushed a new release not too recently fixing the security warnings.
npm install gives
found 6 vulnerabilities (1 moderate, 4 high, 1 critical) run
npm audit fix
to fix them, ornpm audit
for detailsnpm audit gives
Critical Prototype Pollution
Package handlebars
Patched in >=4.0.14 <4.1.0 || >=4.1.2
Dependency of hbs
Path hbs > handlebars
More info https://npmjs.com/advisories/755
High Prototype Pollution
Package handlebars
Patched in >=4.3.0
Dependency of hbs
Path hbs > handlebars
More info https://npmjs.com/advisories/1164
Moderate Denial of Service
Package handlebars
Patched in >=4.4.5
Dependency of hbs
Path hbs > handlebars
More info https://npmjs.com/advisories/1300
High Arbitrary Code Execution
Package handlebars
Patched in >=4.5.2
Dependency of hbs
Path hbs > handlebars
More info https://npmjs.com/advisories/1316
High Arbitrary Code Execution
Package handlebars
Patched in >=4.5.3
Dependency of hbs
Path hbs > handlebars
More info https://npmjs.com/advisories/1324
High Prototype Pollution
Package handlebars
Patched in >=4.5.3
Dependency of hbs
Path hbs > handlebars
More info https://npmjs.com/advisories/1325
found 6 vulnerabilities (1 moderate, 4 high, 1 critical) in 203 scanned packages 6 vulnerabilities require manual review. See the full report for details. P