Описание
[handlebars: quoteless attributes in templates can lead to content injection]
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libjs-handlebars | unfixed | package | ||
| ruby-handlebars-assets | unfixed | package |
Примечания
fixed in 4.0.0
https://blog.srcclr.com/handlebars_vulnerability_research_findings/
https://github.com/wycats/handlebars.js/pull/1083
https://nodesecurity.io/advisories/61
Security hardening, not a vulnerability