Candidate: CVE-2019-19919
PublicDate: 2019-12-20 23:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19919
 https://www.npmjs.com/advisories/1164
Description:
 Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution
 leading to Remote Code Execution. Templates may alter an Object's __proto__
 and __defineGetter__ properties, which may allow an attacker to execute
 arbitrary code through crafted payloads.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_node-handlebars:
upstream_node-handlebars: needs-triage
precise/esm_node-handlebars: DNE
trusty_node-handlebars: ignored (out of standard support)
trusty/esm_node-handlebars: DNE
xenial_node-handlebars: DNE
bionic_node-handlebars: needs-triage
disco_node-handlebars: ignored (reached end-of-life)
eoan_node-handlebars: ignored (reached end-of-life)
focal_node-handlebars: not-affected (3:4.5.3-1)
groovy_node-handlebars: not-affected (3:4.5.3-1)
hirsute_node-handlebars: not-affected (3:4.5.3-1)
impish_node-handlebars: not-affected (3:4.5.3-1)
jammy_node-handlebars: not-affected (3:4.5.3-1)
devel_node-handlebars: not-affected (3:4.5.3-1)