pr-triage/app:package.json

GitHub App built with Probot that support pull request workflow.

Vulnerabilities

1 via 1 paths

Dependencies

350

Source

GitHub

Commit

ed9f794f

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

low severity

Information Exposure

  • Vulnerable module: hbs
  • Introduced through: probot@10.19.0

Detailed paths

  • Introduced through: pr-triage@pr-triage/app#ed9f794fa5ea88f542fec36f2154182a6722d458 probot@10.19.0 hbs@4.2.0

Overview

hbs is an Express.js template engine plugin for Handlebars

Affected versions of this package are vulnerable to Information Exposure. hbs mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options a file disclosure vulnerability may be triggered in downstream applications.

Remediation

There is no fixed version for hbs.

References