Homepage

express-hbs@0.8.2 vulnerabilities

Express handlebars template engine complete with multiple layouts, partials and blocks.

  • latest version

    2.5.0

  • latest non vulnerable version

    2.5.0

  • first published

    13 years ago

  • latest version published

    2 years ago

  • licenses detected

  • View express-hbs package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the express-hbs package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Information Exposure

    express-hbs is an Express handlebars template engine complete with multiple layouts, partials and blocks.

    Affected versions of this package are vulnerable to Information Exposure. The layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extensions (i.e. file.extension) can be included, files that lack an extension will have .hbs appended to them.

    How to fix Information Exposure?

    Upgrade express-hbs to version 2.4.0 or higher.

    <2.4.0
    Go back to all versions of this package