CVE-2019-20922

Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources.
Configurations

Configuration 1 (hide)

cpe:2.3:a:handlebarsjs:handlebars:*:*:*:*:*:node.js:*:*

History

21 Nov 2024, 04:39

Type Values Removed Values Added
References () https://github.com/handlebars-lang/handlebars.js/commit/8d5530ee2c3ea9f0aee3fde310b9f36887d00b8b - Patch, Third Party Advisory () https://github.com/handlebars-lang/handlebars.js/commit/8d5530ee2c3ea9f0aee3fde310b9f36887d00b8b - Patch, Third Party Advisory
References () https://snyk.io/vuln/SNYK-JS-HANDLEBARS-480388 - Third Party Advisory () https://snyk.io/vuln/SNYK-JS-HANDLEBARS-480388 - Third Party Advisory
References () https://www.npmjs.com/advisories/1300 - Third Party Advisory () https://www.npmjs.com/advisories/1300 - Third Party Advisory

Information

Published : 2020-09-30 18:15

Updated : 2024-11-21 04:39


NVD link : CVE-2019-20922

Mitre link : CVE-2019-20922

CVE.ORG link : CVE-2019-20922


JSON object : View

Products Affected

handlebarsjs

  • handlebars
CWE
CWE-400

Uncontrolled Resource Consumption