-
Notifications
You must be signed in to change notification settings - Fork 206
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update handlebars 4.1.0. #166
Comments
That version range is incomplete. The fix was also ported to the 4.0.x line as the version 4.0.13. That link is to the following commit for 4.1.0 release: handlebars-lang/handlebars.js@edc6220 Here is the same commit contents that were applied as part of the 4.0.13 release: handlebars-lang/handlebars.js@7372d4e |
If it helps, this is the announcement made by the module on that particular issue, which shows the fixed versions: handlebars-lang/handlebars.js#1495 |
great! thanks for answering, I missed that info |
Trying to consolidate the information around this: so WS-2019-0103 seems to be coming though as a GitHub security alert on repos. I contacted GitHub regarding the inaccurate version range information in the alert. They have responded back saying they are looking into it. |
I've been emailing GitHub every business day and so far still no updates on the incorrect alert they have. |
July 14, 2019 Github continues with this warning!!! |
Email Github about this through their contact form as well. Maybe the more people who contact them about this, they may actually fix the version range on their alert. Just email the contents of the first to comments here or a link to here. I have sent numerous emails so far and got nothing but the automated response back. |
👋 I apologize for the missed communication here! I'm on the GitHub team that's responsible for vulnerability alerting. I'm working to correct these inaccuracies here. Thank you! |
Hi @jrichardsz and others, the warning should no longer be showing up on your repo. |
Handlebars.js before 4.1.0 has Remote Code Execution (RCE)
WS-2019-0103 (More information - handlebars-lang/handlebars.js@edc6220)
Vulnerable versions: < 4.1.0
Patched version: 4.1.0
The text was updated successfully, but these errors were encountered: