Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
File disclosure in hbs
Vulnerability Description
The npm hbs package is an Express view engine wrapper for Handlebars. Depending on usage, users of hbs may be vulnerable to a file disclosure vulnerability. There is currently no patch for this vulnerability. hbs mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options a file disclosure vulnerability may be triggered in downstream applications. For an example PoC see the referenced GHSL-2021-020.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
文件和路径信息暴露
Vulnerability Title
TryGhost express-hbs 代码注入漏洞
Vulnerability Description
TryGhost express-hbs是具有多种布局、块和缓存部分的 Express 车把模板引擎。 TryGhost express-hbs 中存在代码注入漏洞,该漏洞源于产品的Express render API将纯模板数据与引擎配置选项混合在一起。攻击者可通过覆盖内部配置选项导致文件泄露。
CVSS Information
N/A
Vulnerability Type
N/A