Contrib.social

Upgrade Handlebars JS to latest version 4.7.8

Open on Drupal.org →
Created on 9 November 2023, about 1 year ago

Problem/Motivation

opigno_dashboard uses Handlebars JS 1.3.0 in ng/package-lock.json which poses security vulnerabilities after scanning with security risk tools. Below is the description raised in the risk tools.

Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.

Supported Links: https://www.npmjs.com/advisories/1164
https://www.tenable.com/security/tns-2021-14

Steps to reproduce

Security risk tools reporting the usage of handlebar js prior to 4.3.0, The CVE number CVE-2019-19919 for handlebar JS security vulnerability exposed.

Proposed resolution

Update handlebar js to its latest version (4.7.8)

🐛 Bug report
Status

Active

Version

3.1

Component

Code

Created by

🇮🇳India kanchamk

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024