cristanchelo
commented
2 years ago -Versions of handlebars prior to 4.3.0 are vulnerable to prototype pollution leading to remote code execution. templates may alter an object's proto and definegetter properties, which may allow an attacker to execute arbitrary code through crafted payloads. GHSA-w457-6q6x-cgp9 -CVEs CVE-2019-19919 CVSS V2: 7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P CVSS V3: 9.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-Versions of handlebars prior to 4.3.0 are vulnerable to prototype pollution leading to remote code execution. templates may alter an object's proto and definegetter properties, which may allow an attacker to execute arbitrary code through crafted payloads. https://github.com/advisories/GHSA-w457-6q6x-cgp9 -CVEs CVE-2019-19919 CVSS V2: 7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P CVSS V3: 9.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H