Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-09-30T12:30:56
Updated: 2024-08-05T03:00:18.770Z
Reserved: 2020-09-30T00:00:00
Link: CVE-2019-20920
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-09-30T18:15:17.927
Modified: 2024-11-21T04:39:41.583
Link: CVE-2019-20920
Redhat