Security Issue [Denial of Service]

yads / nodemailer-express-handlebars

A plugin for nodemailer that uses express-handlebars view engine to generate emails

87 stars 30 forks source link

Security Issue [Denial of Service] #31

Open axago opened 5 years ago

axago commented 5 years ago

Remediation : Upgrade to version 4.4.5 or later.

Screen Shot 2019-11-07 at 22 38 18

milo526 commented 5 years ago

NPM Security advisory 1324 Handlebars sadly has multiple security issues at the moment. I think we need to wait for a merge on https://github.com/ericf/express-handlebars/pull/267 and than require that version of express-handlebars for this library.

Handlebars vulnerabilities: https://www.npmjs.com/advisories/1300 https://www.npmjs.com/advisories/1316 https://www.npmjs.com/advisories/1324 https://www.npmjs.com/advisories/1325