Recently our website project ran a penetration test and the vendor gave out the result that the identified library appears to be vulnerable.
The identified library handlebars, version 4.7.7 is vulnerable.
- It is vulnerable to Remote Code Execution when Handlebars.compile() accepts a crafted pre-parsed AST object. This allows malicious JavaScript injection.
(1) https://identity.umbraco.com/5f36b6cc- f3ae-4a05-8ce1-826d1068a97d/b2c_1a_signinbackoffice/oauth2/v2.0/ authorize (client_id,client_info,environment_id,nonce,project_name,redirect_uri,response_mode,response_type,scope,state,x- client-SKU,x-client-brkrver,x-client-ver)
- /**! @license handlebars v4.7.7