express-hbs@2.3.0 vulnerabilities

Express handlebars template engine complete with multiple layouts, partials and blocks.

Direct Vulnerabilities

Known vulnerabilities in the express-hbs package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Information Exposure

express-hbs is an Express handlebars template engine complete with multiple layouts, partials and blocks.

Affected versions of this package are vulnerable to Information Exposure. The layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extensions (i.e. file.extension) can be included, files that lack an extension will have .hbs appended to them.

How to fix Information Exposure?

Upgrade express-hbs to version 2.4.0 or higher.

<2.4.0