WS-2019-0103 (Medium) detected in handlebars-4.0.11.tgz #31

mend-bolt-for-github · 2019-07-03T22:17:06Z

WS-2019-0103 - Medium Severity Vulnerability

Vulnerable Library - handlebars-4.0.11.tgz

Handlebars provides the power necessary to let you build semantic templates effectively with no frustration

Path to dependency file: amplify-cli/packages/amplify-cli/package.json

Path to vulnerable library: amplify-cli/packages/amplify-cli/node_modules/nyc/node_modules/handlebars/package.json

Dependency Hierarchy:

nyc-11.9.0.tgz (Root Library)
- istanbul-reports-1.4.0.tgz
  - ❌ handlebars-4.0.11.tgz (Vulnerable Library)

Vulnerability Details

Handlebars.js before 4.1.0 has Remote Code Execution (RCE)

Publish Date: 2019-01-30

CVSS 2 Score Details (5.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Release Date: 2019-05-30

Fix Resolution: 4.1.0

The text was updated successfully, but these errors were encountered:

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Jul 3, 2019