Main Vulnerability Database Vulnerabilities #VU55264

#VU55264 Prototype pollution in handlebars.js - CVE-2019-19919

Published: July 22, 2021

Vulnerability identifier: #VU55264

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-19919

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
handlebars.js

Software vendor:
The Handlebars Templating Language

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.

Remediation

Install update from vendor's website.

External links

https://www.npmjs.com/advisories/1164

#VU55264 Prototype pollution in handlebars.js - CVE-2019-19919

Description

Remediation

External links

Please verify you're human