Snyk has reported a vulnerability in the handlebars package. Details are as follows:
Severity
CVSS Score: 7.3 (HIGH severity)
- Vulnerable module:
handlebars
- Introduced through:
react-scripts@2.1.3
Detailed paths and remediation
- Introduced through: status-js-web@0.1.0 › react-scripts@2.1.3 › jest@23.6.0 › jest-cli@23.6.0 › istanbul-api@1.3.7 › istanbul-reports@1.5.1 › handlebars@4.0.12
- Remediation: Your dependencies are out of date, otherwise you would be using a newer handlebars than
handlebars@4.0.12. Try reinstalling your dependencies. If the problem persists, one of your dependencies may be bundling outdated modules.
Other details
handlebars is an extension to the Mustache templating language.
Affected versions of this package are vulnerable to Prototype Pollution. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.
More Information
GH Issue
Snyk has reported a vulnerability in the
handlebarspackage. Details are as follows:Severity
CVSS Score: 7.3 (HIGH severity)
handlebarsreact-scripts@2.1.3Detailed paths and remediation
handlebars@4.0.12. Try reinstalling your dependencies. If the problem persists, one of your dependencies may be bundling outdated modules.Other details
handlebars is an extension to the Mustache templating language.
Affected versions of this package are vulnerable to Prototype Pollution. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.
More Information
GH Issue