PT-2020-10877 · Handlebars · Handlebars

Published

2020-09-30

Updated

2022-02-10

CVE-2019-20922

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Handlebars versions prior to 4.4.5

Description The issue allows for Regular Expression Denial of Service (ReDoS) due to eager matching, which can cause the parser to enter an endless loop when processing crafted templates. This may enable attackers to exhaust system resources.

Recommendations For versions prior to 4.4.5, update to version 4.4.5 or later to resolve the issue.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2019-20922

GHSA-62GR-4QP9-H98F

RHSA-2020:5179

SNYK-JS-HANDLEBARS-480388

Affected Products

Handlebars

PT-2020-10877 · Handlebars · Handlebars

CVE-2019-20922

Weakness Enumeration

Related Identifiers

Affected Products

References · 10