CVE-2019-20922

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-20922
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-20922.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-20922
Aliases
Downstream
Related
  • SNYK-JS-HANDLEBARS-480388
Published
2020-09-30T18:15:18.100Z
Modified
2026-02-03T07:04:34.967328Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources.

References

Affected packages

Git / github.com/handlebars-lang/handlebars.js

Affected ranges

Type
GIT
Repo
https://github.com/handlebars-lang/handlebars.js
Events
Fixed
8d5530ee2c3ea9f0aee3fde310b9f36887d00b8b
Introduced
bff5fab8f9d42e21950be00dcf1cedf4dc1a565b
Fixed
8d5530ee2c3ea9f0aee3fde310b9f36887d00b8b

Affected versions

v4.*
v4.0.0
v4.0.1
v4.0.10
v4.0.11
v4.0.12
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.1
v4.1.2
v4.1.2-0
v4.2.0
v4.2.1
v4.3.0
v4.3.1
v4.3.2
v4.3.3
v4.3.4
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-20922.json"