Description

Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources.

Remediation

References

CVE-2019-20922

Related Vulnerabilities

WordPress Plugin Zendesk Chat Unspecified Vulnerability (1.3.9)

WordPress Plugin HTML5 MP3 Player with Playlist Free Information Disclosure (2.6)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3826)

Internet Information Services Other Vulnerability (CVE-2002-0072)

MySQL CVE-2019-2593 Vulnerability (CVE-2019-2593)

Severity

High

Classification

CVE-2019-20922 CWE-835 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Tags

Missing Update Known Vulnerabilities