CVE-2019-20920

CVE-2019-20920

Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim’s browser (effectively serving as XSS).

Source: CVE-2019-20920

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다