CVE-2019-20922

Опубликовано: 30 сент. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Низкий

Описание

Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources.

Ссылки

https://github.com/handlebars-lang/handlebars.js/commit/8d5530ee2c3ea9f0aee3fde310b9f36887d00b8b
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-HANDLEBARS-480388
Third Party Advisory
https://www.npmjs.com/advisories/1300
Third Party Advisory
https://github.com/handlebars-lang/handlebars.js/commit/8d5530ee2c3ea9f0aee3fde310b9f36887d00b8b
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-HANDLEBARS-480388
Third Party Advisory
https://www.npmjs.com/advisories/1300
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:handlebarsjs:handlebars:*:*:*:*:*:node.js:*:*

Версия от 4.0.0 (включая) до 4.4.5 (исключая)

EPSS

Процентиль: 52%

0.00295

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-400

Связанные уязвимости

CVE-2019-20922

CVSS3: 7.5

ubuntu

больше 5 лет назад

CVE-2019-20922

CVSS3: 7.5

redhat

больше 6 лет назад

CVE-2019-20922

CVSS3: 7.5

debian

больше 5 лет назад

Handlebars before 4.4.5 allows Regular Expression Denial of Service (R ...

GHSA-62gr-4qp9-h98f

CVSS3: 7.5

github

почти 4 года назад

Regular Expression Denial of Service in Handlebars

EPSS

Процентиль: 52%

0.00295

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-400