Vulnerability Report

CVE-2019-19919

RCE

Title: Handlebars.Js Project Handlebars.Js RCE

RCE

Proof Of Concept

PoC Available for CVE-2019-19919

CWE Category CWE-1321
Published Date Dec 20, 2019
Modified Date Nov 21, 2024
Exploit Status Available
Score 9.8 CVSS v3.1
Exploit Probability (EPSS)
24.75%

Vulnerability Summary

CVE-2019-19919: Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.

Impacted Vendors

H
handlebars.js_project 1
T
tenable 1

Reference Links

https://www.npmjs.com/advisories/1164 https://www.tenable.com/security/tns-2021-14 https://www.npmjs.com/advisories/1164 https://www.tenable.com/security/tns-2021-14
CVSS v3.1
Source Entity [email protected]
Severity CRITICAL
9.8
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0
Source Entity [email protected]
Severity HIGH
7.5
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:L/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2019-19919 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/fazilbaig1/CVE-2019-19919
View Code
MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector NETWORK
Complexity LOW
Privileges N/A
Interaction NONE
CVSS Vector String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Stack

No specific products linked.