express-handlebars@5.2.1

Vulnerabilities

1 via 1 paths

Dependencies

18

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

low severity

Information Exposure

  • Vulnerable module: express-handlebars
  • Introduced through: express-handlebars@5.2.1

Detailed paths

  • Introduced through: express-handlebars@5.2.1

Overview

express-handlebars is an A Handlebars view engine for Express which doesn't suck.

Affected versions of this package are vulnerable to Information Exposure. The layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extensions (i.e. file.extension) can be included, files that lack an extension will have .handlebars appended to them.

Remediation

There is no fixed version for express-handlebars.

References