Описание
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's proto and defineGetter properties, which may allow an attacker to execute arbitrary code through crafted payloads.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 3:4.5.3-1 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | not-affected | 3:4.5.3-1 |
| esm-apps/jammy | not-affected | 3:4.5.3-1 |
| esm-apps/noble | not-affected | 3:4.5.3-1 |
| esm-infra-legacy/trusty | DNE | |
| focal | not-affected | 3:4.5.3-1 |
Показывать по
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Poll ...
Уязвимость компонентов __proto__ и __defineGetter__ properties шаблонизатора Handlebars, позволяющая нарушителю выполнить произвольный код
7.5 High
CVSS2
9.8 Critical
CVSS3