Homepage
About Snyk

express-hbs@0.1.1 vulnerabilities

Express handlebars template engine complete with multiple layouts, partials and blocks.

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the express-hbs package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Information Exposure

express-hbs is an Express handlebars template engine complete with multiple layouts, partials and blocks.

Affected versions of this package are vulnerable to Information Exposure. The layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extensions (i.e. file.extension) can be included, files that lack an extension will have .hbs appended to them.

How to fix Information Exposure?

Upgrade express-hbs to version 2.4.0 or higher.

<2.4.0
Go back to all versions of this package