TEMP-0000000-345A3B

NameTEMP-0000000-345A3B
Descriptionhandlebars: quoteless attributes in templates can lead to content injection
SourceAutomatically generated temporary name. Not for external reference.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libjs-handlebars (PTS)jessie1.3.0-1vulnerable
buster, sid, stretch3:4.0.5-4vulnerable
ruby-handlebars-assets (PTS)stretch/contrib2:0.23.1-1vulnerable
buster/contrib2:0.23.2-2vulnerable
jessie0.15-2vulnerable
sid2:0.23.2+dfsg-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libjs-handlebarssource(unstable)(unfixed)unimportant
ruby-handlebars-assetssource(unstable)(unfixed)unimportant

Notes

fixed in 4.0.0
https://blog.srcclr.com/handlebars_vulnerability_research_findings/
https://github.com/wycats/handlebars.js/pull/1083
https://nodesecurity.io/advisories/61
Security hardening, not a vulnerability

Search for package or bug name: Reporting problems