express-handlebars icon indicating copy to clipboard operation
express-handlebars copied to clipboard

Published 20 hours ago verified publisher icon ericf

Security Issue [Denial of Service]

Open axago opened this issue 6 years ago • 5 comments

Remediation : Upgrade to version 4.4.5 or later.

Screen Shot 2019-11-07 at 22 38 18

axago avatar Nov 07 '19 21:11 axago

PR #267 should fix this

UziTech avatar Nov 07 '19 21:11 UziTech

Is this project abandoned? I ask this because the above simple PR has no answers for so much time. I do appreciate the work done here, but i feel that i have to look somewhere else for a solution.

Nonetheless thanks for all the effort put in here that have no doubt benefited so many people.

audiBookning avatar Jan 05 '20 01:01 audiBookning

I am running npm v6.13.4
I dont see any security issues with express-hadlebars
handlebars appears to be updating to latest by default hbs

BillGR17 avatar Jan 06 '20 11:01 BillGR17

True. It would pass since package.json has in the dependencies: "handlebars": "^4.1.2".

I was talking about the lack of feedback on this and others issues, since some month ago. I was asking: Is the package totally "in the wild"?

I was making a side comment, not wanting to create a whole new issue for that and also not seeking to overextend and sidetrack too much the goal of this one. Sorry it seem it was badly executed, since it was just a ping to the package devs or maintainers.

audiBookning avatar Jan 06 '20 12:01 audiBookning

I get what you are saying now. I don't know the answer to that question sorry.

BillGR17 avatar Jan 06 '20 13:01 BillGR17