Candidate: CVE-2015-8861
PublicDate: 2017-01-23 21:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8861
Description:
 The handlebars package before 4.0.0 for Node.js allows remote attackers to
 conduct cross-site scripting (XSS) attacks by leveraging a template with an
 attribute that is not quoted.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]

Patches_node-handlebars:
upstream_node-handlebars: released (4.0.0)
precise_node-handlebars: DNE
precise/esm_node-handlebars: DNE
trusty_node-handlebars: DNE
trusty/esm_node-handlebars: DNE
vivid/stable-phone-overlay_node-handlebars: DNE
vivid/ubuntu-core_node-handlebars: DNE
wily_node-handlebars: ignored (reached end-of-life)
xenial_node-handlebars: DNE
yakkety_node-handlebars: ignored (reached end-of-life)
zesty_node-handlebars: ignored (reached end-of-life)
artful_node-handlebars: ignored (reached end-of-life)
bionic_node-handlebars: not-affected (3:4.0.10-5)
cosmic_node-handlebars: not-affected (3:4.0.10-5)
devel_node-handlebars: not-affected (3:4.0.10-5)