Published: 30/09/2020 Updated: 15/10/2020

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.3 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Handlebars prior to 3.0.8 and 4.x prior to 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing malicious users to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).

Vulnerable Product	Search on Vulmon	Subscribe to Product
handlebarsjs handlebars

Synopsis Low: Red Hat Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic An update is now available for Red Hat Virtualization Engine 44Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System ...

Synopsis Critical: Red Hat Process Automation Manager 7132 security update Type/Severity Security Advisory: Critical Topic An update is now available for Red Hat Process Automation ManagerRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, which gi ...

CWE-94 https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478 https://www.npmjs.com/advisories/1324 https://www.npmjs.com/advisories/1316 https://access.redhat.com/errata/RHSA-2020:5179 https://nvd.nist.gov

CVE-2019-20920

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect