Description

Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources.

Remediation

References

CVE-2019-20922

Related Vulnerabilities

WordPress Plugin WP-Live Chat by 3CX Security Bypass (8.0.32)

WordPress Plugin Elementor-Header, Footer & Blocks Template Multiple Cross-Site Scripting Vulnerabilities (1.5.7)

LimeSurvey CVE-2009-1604 Vulnerability (CVE-2009-1604)

WordPress Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-14722)

PHP Resource Management Errors Vulnerability (CVE-2012-0830)

Severity

High

Classification

CVE-2019-20922 CWE-835 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities