ID CVE-2019-20922
Summary Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources.
References
Vulnerable Configurations
  • cpe:2.3:a:handlebarsjs:handlebars:4.0.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.0.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.0.1:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.0.1:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.0.2:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.0.2:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.0.3:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.0.3:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.0.4:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.0.4:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.0.5:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.0.5:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.0.6:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.0.6:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.0.7:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.0.7:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.0.8:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.0.8:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.0.9:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.0.9:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.0.10:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.0.10:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.0.11:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.0.11:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.0.12:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.0.12:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.0.13:-:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.0.13:-:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.0.13:beta0:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.0.13:beta0:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.0.13-0:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.0.13-0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.0.14:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.0.14:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.1.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.1.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.1.1:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.1.1:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.1.2:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.1.2:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.1.2-0:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.1.2-0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.2.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.2.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.2.1:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.2.1:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.2.2:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.2.2:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.3.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.3.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.3.1:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.3.1:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.3.2:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.3.2:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.3.3:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.3.3:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.3.4:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.3.4:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.3.5:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.3.5:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.4.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.4.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.4.1:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.4.1:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.4.2:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.4.2:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.4.3:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.4.3:*:*:*:*:node.js:*:*
  • cpe:2.3:a:handlebarsjs:handlebars:4.4.4:*:*:*:*:node.js:*:*
    cpe:2.3:a:handlebarsjs:handlebars:4.4.4:*:*:*:*:node.js:*:*
CVSS
Base: 7.8 (as of 21-07-2021 - 11:39)
Impact:
Exploitability:
CWE CWE-835
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
redhat via4
rpms
  • engine-db-query-0:1.6.2-1.el8ev
  • ovirt-engine-0:4.4.3.8-0.1.el8ev
  • ovirt-engine-backend-0:4.4.3.8-0.1.el8ev
  • ovirt-engine-dbscripts-0:4.4.3.8-0.1.el8ev
  • ovirt-engine-dwh-0:4.4.3.1-1.el8ev
  • ovirt-engine-dwh-grafana-integration-setup-0:4.4.3.1-1.el8ev
  • ovirt-engine-dwh-setup-0:4.4.3.1-1.el8ev
  • ovirt-engine-extension-aaa-ldap-0:1.4.2-1.el8ev
  • ovirt-engine-extension-aaa-ldap-setup-0:1.4.2-1.el8ev
  • ovirt-engine-extension-logger-log4j-0:1.1.1-1.el8ev
  • ovirt-engine-health-check-bundler-0:4.4.3.8-0.1.el8ev
  • ovirt-engine-metrics-0:1.4.2.1-1.el8ev
  • ovirt-engine-restapi-0:4.4.3.8-0.1.el8ev
  • ovirt-engine-setup-0:4.4.3.8-0.1.el8ev
  • ovirt-engine-setup-base-0:4.4.3.8-0.1.el8ev
  • ovirt-engine-setup-plugin-cinderlib-0:4.4.3.8-0.1.el8ev
  • ovirt-engine-setup-plugin-imageio-0:4.4.3.8-0.1.el8ev
  • ovirt-engine-setup-plugin-ovirt-engine-0:4.4.3.8-0.1.el8ev
  • ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.3.8-0.1.el8ev
  • ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev
  • ovirt-engine-setup-plugin-websocket-proxy-0:4.4.3.8-0.1.el8ev
  • ovirt-engine-tools-0:4.4.3.8-0.1.el8ev
  • ovirt-engine-tools-backup-0:4.4.3.8-0.1.el8ev
  • ovirt-engine-ui-extensions-0:1.2.4-1.el8ev
  • ovirt-engine-vmconsole-proxy-helper-0:4.4.3.8-0.1.el8ev
  • ovirt-engine-webadmin-portal-0:4.4.3.8-0.1.el8ev
  • ovirt-engine-websocket-proxy-0:4.4.3.8-0.1.el8ev
  • ovirt-log-collector-0:4.4.4-1.el8ev
  • ovirt-web-ui-0:1.6.5-1.el8ev
  • python3-ovirt-engine-lib-0:4.4.3.8-0.1.el8ev
  • rhv-log-collector-analyzer-0:1.0.5-1.el8ev
  • rhvm-0:4.4.3.8-0.1.el8ev
  • rhvm-branding-rhv-0:4.4.6-1.el8ev
refmap via4
misc
Last major update 21-07-2021 - 11:39
Published 30-09-2020 - 18:15
Last modified 21-07-2021 - 11:39
Back to Top