CVE-2021-32822

Name of the Vulnerable Software and Affected Versions hbs (affected versions not specified)

Description The hbs package, an Express view engine wrapper for Handlebars, may be vulnerable to a file disclosure issue depending on its usage. This occurs because hbs combines pure template data with engine configuration options through the Express render API, allowing the overwrite of internal configuration options. This can trigger a file disclosure vulnerability in downstream applications.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.