Description

Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources.

Remediation

References

CVE-2019-20922

Related Vulnerabilities

Apache Tomcat version older than 5.5.27

WordPress Plugin Events Made Easy Multiple Vulnerabilities (1.5.49)

Oracle Application Server CVE-2006-0284 Vulnerability (CVE-2006-0284)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-3094)

Joomla Improper Authentication Vulnerability (CVE-2014-6632)

Severity

High

Classification

CVE-2019-20922 CWE-835 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities