Описание
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's proto and defineGetter properties, which may allow an attacker to execute arbitrary code through crafted payloads.
A flaw was found in nodejs-handlebars, where it is vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's proto and defineGetter properties, which allows an attacker to execute arbitrary code through crafted payloads. The highest threat from this vulnerability is to confidentiality and integrity.
Отчет
Red Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates so it has been given a low impact rating.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | kibana | Affected | ||
| Red Hat OpenShift Container Platform 4 | kibana | Affected | ||
| Red Hat Quay 3 | nodejs-handlebars | Affected | ||
| RHPAM 7.13.1 async | handlebars | Fixed | RHSA-2023:1334 | 20.03.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.2 Medium
CVSS3
Связанные уязвимости
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Poll ...
Уязвимость компонентов __proto__ и __defineGetter__ properties шаблонизатора Handlebars, позволяющая нарушителю выполнить произвольный код
EPSS
4.2 Medium
CVSS3