Home > Vulnerability Database > WS-2019-0103

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

WS-2019-0103

Good to know:

Date: January 30, 2019

Handlebars.js before 4.1.0 has Remote Code Execution (RCE)

Language: Java

Severity Score

5.6

Related Resources (3)

Url: https://github.com/wycats/handlebars.js/issues/1267#issue-187151586

Url: https://github.com/wycats/handlebars.js/commit/edc6220d51139b32c28e51641fadad59a543ae57

Url: https://www.mend.io/vulnerability-database/WS-2019-0103

Severity Score

5.6

Weakness Type (CWE)

Code

CWE-17

Top Fix

Upgrade Version

Upgrade to version antwebes/api-social-bundle - no_fix;folksyfolks/l5-swagger - 3.1.4;folksyfolks/l5-swagger - 2.1;folksyfolks/l5-swagger - dev-upgrade-to-swagger-ui-4;librenms/librenms - dev-ottorei-patch-1;librenms/librenms - dev-analysis-GP2gvA;librenms/librenms - dev-ottorei-chrony-docs;librenms/librenms - dev-dependabot/npm_and_yarn/axios-1.7.4;librenms/librenms - dev-pr12764;librenms/librenms - dev-CiscoNac;librenms/librenms - dev-refactor-discovery;librenms/librenms - 1.38-full;librenms/librenms - 22.6.0;librenms/librenms - dev-dependabot/npm_and_yarn/follow-redirects-1.14.8;librenms/librenms - 22.4.x-dev;librenms/librenms - 201606;librenms/librenms - dev-dependabot/composer/composer/composer-2.1.9;librenms/librenms - dev-php73;librenms/librenms - 201507;librenms/librenms - dev-analysis-22NN39;librenms/librenms - dev-vlan-discovery-only;librenms/librenms - dev-dependabot/npm_and_yarn/elliptic-6.5.4;imjarek/laravel-swagger - 5.0;dreadnaught/laramie - dev-feature/bulk-hook-refactor;dreadnaught/laramie - dev-dependabot/npm_and_yarn/src/bulma-1.0.2;dreadnaught/laramie - dev-dependabot/npm_and_yarn/src/trix-2.1.9;dreadnaught/laramie - dev-dependabot/composer/guzzlehttp/psr7-1.8.5;dreadnaught/laramie - dev-dependabot/composer/erusev/parsedown-1.7.2;dreadnaught/laramie - dev-dependabot/npm_and_yarn/src/bulma-1.0.3;dreadnaught/laramie - no_fix;dreadnaught/laramie - dev-dependabot/npm_and_yarn/src/tributejs-5.1.3;dreadnaught/laramie - dev-feature/add-way-to-get-underlying-filtered-query-builder;dreadnaught/laramie - dev-dependabot/npm_and_yarn/src/fortawesome/fontawesome-free-6.6.0;dreadnaught/laramie - dev-main;darkaonline/l5-swagger - v2.0;darkaonline/l5-swagger - 3.0.1;darkaonline/l5-swagger - dev-upgrade-to-swagger-ui-4;pronto/mobilebundle - 2.0.1-beta1;pronto/mobilebundle - no_fix;pronto/mobilebundle - 0.2.2;pronto/mobilebundle - 0.1.0;quantimodo/docs - dev-renovate/npm-nanoid-vulnerability;quantimodo/docs - dev-renovate/npm-path-parse-vulnerability;quantimodo/docs - no_fix;quantimodo/docs - dev-renovate/npm-glob-parent-vulnerability;antonio-salieri/egctweet_plain - no_fix;swagger-api/swagger-ui - 3.x-dev;swagger-api/swagger-ui - dev-dependabot/github_actions/master/dependabot/fetch-metadata-2.0.0;dynamic/silverstripe-locator - 1.2.1;dynamic/silverstripe-locator - 1.1.1;luracast/restler - 2.2.0;luracast/restler - 4.0.0;luracast/restler - 5.0.6;luracast/restler - 1.0.20;luracast/restler - dev-features/proxy-api;luracast/restler - 5.07;jjdoor/swagger-lume - 2.0;TRA.EServices.FormBuilder - no_fix;gbksoft/yii2-swagger - v1.0.0;gbksoft/yii2-swagger - v1.1.0;gbksoft/yii2-swagger - v1.0.2;gbksoft/yii2-swagger - v1.0.3;gbksoft/yii2-swagger - v1.0.4;gbksoft/yii2-swagger - v1.0.1;hadeswang/jlapp-swaggervel - 2.0.x-dev;tiderjian/think-core - v7.0.1;tiderjian/think-core - v12.0.5;tiderjian/think-core - v12.0.8;tiderjian/think-core - v2.3.5;tiderjian/think-core - dev-dependabot/npm_and_yarn/asset/libs/label-select/ssri-6.0.2;tiderjian/think-core - dev-dependabot/npm_and_yarn/asset/libs/label-select/ajv-6.12.6;tiderjian/think-core - v3.1.2;tiderjian/think-core - v11.19.10;tiderjian/think-core - v11.34.3;tiderjian/think-core - dev-dependabot/npm_and_yarn/asset/libs/label-select/tar-4.4.19;tiderjian/think-core - v11.34.0;tiderjian/think-core - v11.34.7;tiderjian/think-core - v11.13.4;tiderjian/think-core - v11.13.10;tiderjian/think-core - v12.0.0;tiderjian/think-core - v8.0.4;tiderjian/think-core - v11.30.4;tiderjian/think-core - v8.0.1;tiderjian/think-core - dev-dependabot/npm_and_yarn/asset/libs/label-select/postcss-7.0.36;tiderjian/think-core - v11.13.6;tiderjian/think-core - v11.33.4;tiderjian/think-core - v11.x-dev;tiderjian/think-core - v7.2.0;tiderjian/think-core - v11.30.0;tiderjian/think-core - v13.0.0;treo/treopim - 3.25.15-rc10;treo/treopim - no_fix;treo/treopim - 3.25.18-rc2;treo/treopim - 3.24.0;treo/treopim - 3.25.1-rc24;treo/treopim - 3.24.27-rc5;treo/treopim - 3.24.1;treo/treopim - 3.25.15-rc6;treo/treopim - 3.25.5-rc3;treo/treopim - 3.25.19-rc3;treo/treopim - 3.23.0;treo/treopim - 3.25.1-rc30;treo/treopim - 3.25.2-rc3;treo/treopim - 3.24.29-rc3;treo/treopim - 3.25.17-rc5;treo/treopim - 3.25.8-rc1;treo/treopim - 3.25.3-rc1;treo/treopim - 3.25.15-rc8;treo/treopim - foo;treo/treopim - 3.24.32;treo/treopim - 3.25.0-rc20;treo/treopim - 3.25.12-rc2;treo/treopim - 3.20.14;treo/treopim - 3.25.15-rc3;jagermesh/bright - v2.0.22;hos/hos-framework - no_fix;jnbruno/akeed - 0.0.3;jnbruno/akeed - no_fix;squareproton/bond - no_fix;firdaushatta/l5-swagger - 5.0;firdaushatta/l5-swagger - dev-firdaushatta-patch-1;firdaushatta/l5-swagger - dev-firdaushatta-patch-2;firdaushatta/l5-swagger - dev-upgrade-to-swagger-ui-4;rutatiina/ui - no_fix;codesleeve/sprockets - no_fix;mreko/l5-swagger - 3.0.1;mreko/l5-swagger - 4.0.1;mreko/l5-swagger - v2.0;magento/community-edition - dev-lenaorobei-patch-2;magento/community-edition - 2.2.x-dev;magento/community-edition - 0.42.0-beta10;magento/community-edition - 0.42.0-beta9;magento/community-edition - dev-converted-magento-magento2-2.4.3;magento/community-edition - 2.2.0-RC1.1;appserver-io/appserver - 1.1.32;appserver-io/appserver - final;appserver-io/appserver - 1.1.27;appserver-io/appserver - no_fix;appserver-io/appserver - 1.1.1-alpha1;tribalsystems/zenario - 7.6.41504;tribalsystems/zenario - 8.2.46436;tribalsystems/zenario - 7.0.2e;tribalsystems/zenario - 7.5.40440;tribalsystems/zenario - 9.0.55141;tribalsystems/zenario - 8.5.51340;tribalsystems/zenario - 8.0.44237;tribalsystems/zenario - 8.1.45530;tribalsystems/zenario - 9.1.55143;tribalsystems/zenario - 8.9.55141;tribalsystems/zenario - 7.7.42682;tribalsystems/zenario - 9.2.55826;tribalsystems/zenario - 8.3.47997;tribalsystems/zenario - 42085;rodchyn/api-platform-core - v2.1.0-beta.1;osfed/l4crud - no_fix;EmberJS - 1.0.0;EmberJS - 2.2.0;EmberJS - 1.0.5;EmberJS - 1.3.0;evolutioncms/evolution - 1.4.15;evolutioncms/evolution - 3.1.10;evolutioncms/evolution - 1.4.17;evolutioncms/evolution - no_fix;evolutioncms/evolution - 3.1.8;evolutioncms/evolution - 1.4.1;evolutioncms/evolution - 3.1.6;evolutioncms/evolution - 1.3.0;yangsuda/slimcms - 2.0.1.x-dev;yangsuda/slimcms - 2.0.0;hasangilak/l5-swagger - 5.0;cromwell - 0.30;raftx24/l5-swagger - v2.0;raftx24/l5-swagger - 4.0.1;raftx24/l5-swagger - 3.0.1;kubotak-is/l5-swagger - 4.0.1;kubotak-is/l5-swagger - v2.0;kubotak-is/l5-swagger - 3.0.1;egov/vws - no_fix;siu-toba/framework - dev-feature/formatoFechaConGuion;siu-toba/framework - dev-feature/chngRestExceptions;siu-toba/framework - dev-feature/updateLibs;siu-toba/framework - dev-feature/fixApiKeysByEnv;siu-toba/framework - dev-support/v3.3;siu-toba/framework - dev-feature/addIdFuenteUsuarios;siu-toba/framework - v3.3.6;Bower - no_fix;superup/mobwebbundle - no_fix;Handlebars - 100.0.0;davigs/swagger-lume - 2.0;treolabs/treocore - 3.25.3;treolabs/treocore - 3.24.29-rc3;treolabs/treocore - 3.25.1-rc24;treolabs/treocore - 3.25.8;treolabs/treocore - 3.25.19-rc3;treolabs/treocore - 3.24.0;treolabs/treocore - 3.25.12-rc4;treolabs/treocore - 3.25.0-rc20;treolabs/treocore - 3.24.27-rc5;treolabs/treocore - 3.24.32;treolabs/treocore - 3.25.5-rc3;treolabs/treocore - 3.25.15-rc3;treolabs/treocore - 3.23.0;treolabs/treocore - 1.0.0;treolabs/treocore - no_fix;treolabs/treocore - 3.25.15-rc8;treolabs/treocore - 3.24.1;treolabs/treocore - 3.25.17-rc5;treolabs/treocore - 3.25.15-rc10;treolabs/treocore - 3.25.2-rc3;treolabs/treocore - 3.25.18-rc2;treolabs/treocore - 3.25.15-rc6;dolibarr/dolibarr - dev-scrutinizer-patch-2;dolibarr/dolibarr - 14.0.0;dolibarr/dolibarr - 12.1.x-dev;dolibarr/dolibarr - dev-scrutinizer-patch-4;dolibarr/dolibarr - dev-revert-15607-12edit-extrafield-computed-multiline;dolibarr/dolibarr - dev-revert-19608-patch-2;dreamfactory/df-swagger-ui - no_fix;dreamfactory/df-swagger-ui - v3.0.0;dreamfactory/df-swagger-ui - 0.4.0;dandisy/webcore - 1.0.6;dandisy/webcore - no_fix;dandisy/webcore - 1.0.0;esnanta/yii2-news - no_fix;esnanta/yii2-news - dev-update-news;sfs/admin-bundle - 1.0.0;sfs/admin-bundle - dev-feature/sf5;sfs/admin-bundle - no_fix;centurion/app - no_fix;andriybazyuta/l4-asset-emblem - no_fix;kjda/translation-bundle - no_fix;cr3a7ure/core - dev-docminor;cr3a7ure/core - dev-class;cr3a7ure/core - no_fix;mpcmf/mpcmf-web-app - 1.0.0.x-dev;mpcmf/mpcmf-web-app - no_fix;yiixwom/yii-xwom - v0.1.2;yiixwom/yii-xwom - no_fix;yiixwom/yii-xwom - 1.0.6;allmobilize/amazeui - v1.0.0;gzero/api - v1.0.0;gzero/api - v0.0.1;nhiepphong/backend - no_fix;opencontent/ocwebhookserver-ls - dev-job-control;opencontent/ocwebhookserver-ls - 1.0.0;opencontent/ocwebhookserver-ls - 1.1.4;opencontent/ocwebhookserver-ls - no_fix;smskin/l5-swagger - 5.0;dennis1804/iq-swagger - no_fix;dennis1804/iq-swagger - dev-dependabot/composer/illuminate/support-approx-8.16;thinkerforthink/thinker - v1.0.0;Bnsights.Mvc2 - 1.2.1.93;evocms/evolution - 1.4.20;evocms/evolution - dev-fix/evo-3x-184;evocms/evolution - 3.1.20;evocms/evolution - dev-shit-and-sticks;evocms/evolution - dev-fix/3x-refactor;evocms/evolution - 3.1.1;evocms/evolution - 1.4.2;evocms/evolution - dev-users;evocms/evolution - dev-frozen_urls;evocms/evolution - dev-fix/codemirror-remove-addon-tern;evocms/evolution - 2.0.0-RC;evocms/evolution - no_fix;evocms/evolution - dev-Issue24;brt/blog-bundle - 0.8.0;brt/blog-bundle - 0.8.3.2;brt/blog-bundle - no_fix;brt/blog-bundle - 0.8.1;pods-framework/pods - dev-dependabot/npm_and_yarn/async-2.6.4;pods-framework/pods - dev-dependabot/npm_and_yarn/multi-cf87d80143;pods-framework/pods - 2.7.2;pods-framework/pods - dev-feature/2.8/WPML;pods-framework/pods - 2.7;pods-framework/pods - dev-dependabot/npm_and_yarn/node-fetch-2.6.7;pods-framework/pods - dev-feature/4098-wpmu-queries;pods-framework/pods - dev-feature/numbers-support-leading-zeroes;pods-framework/pods - dev-test/skc-testing-3;apex/apex - 1.2.16;apex/apex - 1.5.0;wheelpros/shipping-method-calculator - 2.2.5;wheelpros/shipping-method-calculator - 2.2.x-dev;wheelpros/shipping-method-calculator - 0.42.0-beta10;wheelpros/shipping-method-calculator - 0.42.0-beta9;w3yyb/phalphp - no_fix;xtwoend/minion-cms - no_fix;poqcz/restler - 2.2.0;poqcz/restler - 4.0.0;poqcz/restler - dev-master;woldy/cms - no_fix;rutatiina/accountant - no_fix;zfcampus/zf-apigility-documentation-swagger - 0.9.0;zfcampus/zf-apigility-documentation-swagger - no_fix;dreamfactory/dreamfactory - 2.1.0;dreamfactory/dreamfactory - dev-feature/df-installer;dreamfactory/dreamfactory - dev-dependabot/add-v2-config-file;components/handlebars.js - v3.0.8;components/handlebars.js - v4.0.13;components/handlebars.js - v3.0.4;components/handlebars.js - dev-jaylinski-patch-1;magetest/magento - v2.0.1.0;20steps/bricks-rest-core - v1.0.0-beta;20steps/bricks-rest-core - v2.0.0;sada/sadata-component - no_fix;mymdz/l5-swagger - 5.0;dunglas/todomvc-bundle - no_fix;kennersoft/kennercore - dev-documentation-v1;kennersoft/kennercore - 3.25.37;kennersoft/kennercore - no_fix;kennersoft/kennercore - v1.6.6;kennersoft/kennercore - 3.25.35;tadpole - no_fix;vsmoraes/swagger-ui-bundle - v0.1.0;vsmoraes/swagger-ui-bundle - no_fix;vsmoraes/swagger-ui-bundle - v0.1.2;restler/framework - dev-master;restler/framework - 3.0.0-RC1;restler/framework - 5.07;restler/framework - 5.0.6;restler/framework - 4.0.0;za-web/octo-gallery - no_fix;activelamp/swagger-ui-bundle - v0.1.2;activelamp/swagger-ui-bundle - v0.1.0;is-iot-ipc-server - no_fix;wheelpros/fitment-platform-api - 2.2.x-dev;wheelpros/fitment-platform-api - 2.2.5;wheelpros/fitment-platform-api - 0.42.0-beta10;wheelpros/fitment-platform-api - 0.42.0-beta9;keyteqlabs/keymedia-ezpublish - exceed-2.0.0-rc.3;keyteqlabs/keymedia-ezpublish - no_fix;laminas-api-tools/api-tools-documentation-swagger - 1.3.x-dev;vanthao03596/fortify-limitless - 1.0.2;seax_svm - 0.2.8;davin.bao/apidoc - no_fix;pyntax/pyntax - dev-develop/pyntax-api-module;pyntax/pyntax - 0.9.2;xjryanse/admin - v0.0.145;xjryanse/admin - v0.0.1;xjryanse/admin - v0.0.148;xjryanse/admin - v0.1.15;mmitasch/flow4ember - no_fix;plagtracker/api-client - no_fix;dedegunawan/my-framework - no_fix;vjeantet/silex-simple-rest-swagger - no_fix;opine/layout - v2.0.8;opine/layout - v2.0.1;opine/layout - v2.0.7;opine/layout - v2.0.2;opine/layout - v2.0.6;jsdom - 11.11.0;speedovation/laravelmart - no_fix;speedovation/laravelmart - 0.2;iwanli/laravel5-swagger - no_fix;cal127/phpcrud - v0.1;jessekoska/swagger-lume - v2.0.24;logiks/logiks-core - no_fix;logiks/logiks-core - v4.0.0;logiks/logiks-core - v3.0;smellems/wet4 - dev-master;pmvc-app/swagger_ui - no_fix;computerundsound/curserver - no_fix;computerundsound/curserver - 2.2.0;digitalunited/wp-elastic-api - v0.1.4;digitalunited/wp-elastic-api - v0.1.3;digitalunited/wp-elastic-api - v0.1.2;digitalunited/wp-elastic-api - v0.1;osidea/eosadm - no_fix;osidea/eosadm - 0.0.2-beta.1;isobar-nz/web-console - 2.1.1;isobar-nz/web-console - 2.0.2;isobar-nz/web-console - 2.0.x-dev;elefant/cms - dev-master;dunglas/api-bundle - v2.0.0-rc.5;dunglas/api-bundle - v2.0.5;dunglas/api-bundle - v2.0.9;dunglas/api-bundle - dev-sf-dev-2;SmartTheme.UI - no_fix;jlapp/swaggervel - 2.0.x-dev;kphcdr/ppphp - 1.0;kphcdr/ppphp - 2.3.0;flask-restful-swagger - no_fix;seax_scheme - no_fix;shopxo/shopxo - v2.2.0;shopxo/shopxo - v2.2.8.x-dev;shopxo/shopxo - v2.2.5.x-dev;shopxo/shopxo - v2.2.1;shopxo/shopxo - v2.0.3;shopxo/shopxo - v2.2.7;shopxo/shopxo - no_fix;shopxo/shopxo - 2.1.0;evolution-cms-extras/doclister - no_fix;jacoob/vino-blog - no_fix;ea/yii2-contact-manager - no_fix;arionum/node - v0.1a;openi-ict/api-builder - no_fix;perfectpanel/swaggergen - no_fix;dandisy/laravel-generator - 1.2.7;dandisy/laravel-generator - dev-dependabot/npm_and_yarn/templates/vuejs/js/eslint-4.19.1;dandisy/laravel-generator - 1.0.0;kizi/easyminer-easyminercenter - no_fix;kizi/easyminer-easyminercenter - v2.0;ServiceStack.Api.Swagger - 4.5.12;gajendrajain20/laravel-pioneer-cms - no_fix;leaphly/leaphly-sandbox - no_fix;handlebars - 4.0.13;handlebars - 3.0.8;insidion/swagger-bundle - 1.0.0;spescina/mediabrowser - 3.0.0;opencontent/ocopendata_forms-ls - 1.6.10;opencontent/ocopendata_forms-ls - no_fix;opencontent/ocopendata_forms-ls - 1.5.2;opencontent/ocopendata_forms-ls - 1.0beta;flask-apispec - 0.4.0;flask-apispec - 0.7.0;steamuloabeaujou/api-platform - v2.1.0-beta.1;ralphowino/swagger - no_fix;elefant/app-products - 1.0.0;regulus/fractal - v0.4.7;bokeh - 0.9.0;Handlebars.js - 4.0.0;dreamfactory/app-admin - no_fix;dreamfactory/app-admin - 1.0.4;efwplusRuntime - no_fix;envrin/apex - 1.0.1;envrin/apex - 1.2.2;subbly/cms - dev-packaging;visiosoft/l5-swagger - 3.x-dev;ramzyvirani/laravel-boilerplate - no_fix;ramzyvirani/laravel-boilerplate - dev-snyk-fix-6118335e7ee4db4dc6929725f8b9be70;ramzyvirani/laravel-boilerplate - dev-snyk-fix-ad10bb3d08f682b4190aefeb23a5c3d5;antonio-salieri/egc_tweet - no_fix;microservice/raptor - no_fix;tariqul/multiauth - no_fix;sergeyfast/eazy-jsonrpc - v1.0;sergeyfast/eazy-jsonrpc - no_fix;damian-nz/l5-swagger - 4.0.0;damian-nz/l5-swagger - dev-master;damian-nz/l5-swagger - no_fix;tiderjian/qscmf - dev-rebuild1;tiderjian/qscmf - v2.0.0;bseries/base_core - no_fix;bseries/base_core - v1.5.0;bseries/base_core - v1.3.0;bseries/base_core - v1.0.0;bseries/base_core - v1.4.0;kamaelkz/yii2-admin-panel - no_fix;MIDIator.WebClient - 1.0.105;esandri/swagger-ui-big - dev-cbt-run-e2e;mediabet-kamaelkz/yii2-admin-panel - no_fix;adrexia/silverstripe-gumby-theme - 2;EmberJSPackage - no_fix;rich2k/l5-swagger - 5.0;enlx/apidoc-template - 0.1.0;acosf/archersys - 1.0;adaclare/server-manager - no_fix;alt3/cakephp-swagger - no_fix;abs/helper-pkg - no_fix;haotx/swagger-lume - no_fix;bmilesp/bootstrap_extend - 2.1.x-dev;bmilesp/bootstrap_extend - no_fix;Raml.Parser - 1.0.7;danijelsingularity98/swaggergen - no_fix;dvixi/yii2-alpaca-json - 0.9-dev;dvixi/yii2-alpaca-json - no_fix;tractorcow/web-console - v0.9.5;adrexia/silverstripe-pure - no_fix;rtablada/laravel-faq - 1.0.x-dev;dandisy/adminlte-templates - 1.2.2;frameworks/handlebars.js - no_fix;frameworks/handlebars.js - 1.1.0;frameworks/handlebars.js - 0.1.3;frameworks/handlebars.js - 1.2.0;pleio/pleio_rest - no_fix;Ncapsulate.Bower - no_fix;iramgutierrez/lumen-resource-api - no_fix;contentasaurus/c-rex-admin - v1.0.1;contentasaurus/c-rex-admin - v1.0.7;kbrabrand/zf2-swagger-ui - no_fix;dreamfactory/df-api-docs-ui - 1.1.0;mahmoodbabaei/etribes-code-challenge - no_fix;zulfajuniadi/php-rest-server - no_fix;auspice - no_fix;svgsynoptic2 - 4.1.4;Odn.Swagger.Net - no_fix;vanderlee/swaggergen - 2.0-beta-1;vanderlee/swaggergen - 2.0.1;vanderlee/swaggergen - no_fix;SmartAdmin.UI - no_fix;secp256k1 - 0.6.0;sjje/swaggervel - dev-master;sjje/swaggervel - 2.0.x-dev;kevupton/auto-swagger-ui - v0.1.0;msbios/cpanel - v1.0.48;msbios/cpanel - no_fix;msbios/cpanel - v1.0.44;g3n1us/editor - no_fix;askatlas-ai/api-connector - dev-feature/df-installer;api-platform/core - v2.1.0-beta.1;api-platform/core - dev-sf-dev-2;imikemiller/l5-swagger-redoc - 4.0.1;imikemiller/l5-swagger-redoc - v2.0;imikemiller/l5-swagger-redoc - 3.0.1;wheelpros/image-generator-plus - 2.2.x-dev;wheelpros/image-generator-plus - 0.42.0-beta9;wheelpros/image-generator-plus - 2.2.5;wheelpros/image-generator-plus - 0.42.0-beta10;alexmaramaldo/swaggervel-2 - no_fix;cargic/blog - no_fix;yaangvu/swagger-lume - 2.0;kbrabrand/silex-swagger-ui - no_fix;pmurkin/bootstrapi - no_fix;codesleeve/l4-asset-handlebars - no_fix;dhawton/l5-swagger-redoc - 4.0.1;dhawton/l5-swagger-redoc - 3.0.1;dhawton/l5-swagger-redoc - v2.0;juzaweb/l5-swagger - 5.0;devisephp/cms - v.2.1.0-beta.4;Moxie - 1.0.4;seldatdirect/swagger-lume - no_fix;libgraviton/swagger-ui - v1.0;superius/omnihubfonts - no_fix;ng-grid - 2.0.4;fmarmo/swagger-lume - 2.0;flex360/pilot - dev-dependabot/npm_and_yarn/dns-packet-1.3.4;flex360/pilot - no_fix;handlebars.js - 4.1.0;o2relax/laravel-shop - no_fix;jessekoska/swagger-ui-lumen - no_fix;lithiumdev/l5-swagger - v1.0.0;parm/parm-web - no_fix;yangsuda/slimcms-public - no_fix;open-resource-manager/core - no_fix;keeko/developer-app - v0.2;restaurare/ewlist - no_fix;helingfeng/l5-swagger - 5.0;clubmaster/formextra - no_fix;clubmaster/formextra - 1.0;eyecatchup/restler - 0.3.0;ServiceStack.Api.Swagger.Signed - 4.5.12;dunglas/json-ld-api-bundle - dev-sf-dev-2;tasmaniski/laminas-swagger - no_fix;pwptemplatepusintek - no_fix;govtnz/swagger-ui - v1.0;driberac/blank - no_fix;dwij/laraadmin - 1.0.1;phprest/phprest-sample-heroku-app - no_fix;nehakadam/calenstyle - no_fix;KarmaNodeModules - no_fix;danijelsingulatiry98/swaggergen - no_fix;dersam/carty - no_fix;connexion - 2.3.0;Eglober.Ics.Theme - no_fix;JYM.IdentityServer.Swagger - no_fix;guitarpoet/clips-tool - dev-picture;fxmonster/l5-swagger - 5.0;pragmaticlinux/ember - no_fix;iramgutierrez/laravel-resource-api - 1.0.27;myVisasNodeJs - no_fix;kartik-v/yii2-widget-typeahead - no_fix;riverslei/laravel-swagger - no_fix;zquintana/lara-swag - no_fix;dandisy/webcore-base - no_fix;dandisy/webcore-base - 1.0.0;bluzphp/skeleton - 1.0.1;tuupke/laravel-swagger - 2.0.0;subbly/backend - no_fix;yanev/laraadmin - no_fix;neelbhanushali/laravel-apidocjs - no_fix;dingdayu/qiniupan - no_fix;vegas-cmf/media - v1.1.x-dev;ci-blox/ignition-go - 1.0.0-beta.1;ci-blox/ignition-go - no_fix;ernestoponce/slimproject - no_fix;jinsoft/laravel-swagger - no_fix;tasmaniski/zend-swagger - no_fix;latrell/swagger - 1.0.2;seax_util - 0.1.2;ant-ipc-server - no_fix;basalam/laravel-kendo-ui - no_fix;toml - 0.1.27;lanos/yetiweb - no_fix;pharmit/swaggervel - 2.0.x-dev;luoxiaojun1992/sf - v1.0.0;org.jboss.weld.servlet:weld-servlet:2.4.8.Final;org.jboss.weld.servlet:weld-servlet:2.4.0.Final;org.jboss.weld.servlet:weld-servlet:2.4.0.CR1;io.hawt.swagger:hawtio-swagger-ui:no_fix;io.hawt.swagger:hawtio-swagger-ui:no_fix;io.hawt.swagger:hawtio-swagger-ui:no_fix;io.hawt.swagger:hawtio-swagger-ui:no_fix;io.hawt.swagger:hawtio-swagger-ui:no_fix;io.hawt.swagger:hawtio-swagger-ui:no_fix;io.hawt.swagger:hawtio-swagger-ui:no_fix;io.hawt.swagger:hawtio-swagger-ui:no_fix;io.hawt.swagger:hawtio-swagger-ui:no_fix;io.hawt.swagger:hawtio-swagger-ui:no_fix;io.hawt.swagger:hawtio-swagger-ui:no_fix;io.hawt.swagger:hawtio-swagger-ui:no_fix;io.hawt.swagger:hawtio-swagger-ui:no_fix;io.hawt.swagger:hawtio-swagger-ui:no_fix;io.hawt.swagger:hawtio-swagger-ui:no_fix;io.hawt.swagger:hawtio-swagger-ui:no_fix;io.hawt.swagger:hawtio-swagger-ui:no_fix;io.hawt.swagger:hawtio-swagger-ui:no_fix;io.hawt.swagger:hawtio-swagger-ui:no_fix;io.hawt.swagger:hawtio-swagger-ui:no_fix;org.jboss.windup.reporting:windup-reporting-impl:6.3.5.Final;org.jboss.windup.reporting:windup-reporting-impl:6.3.9.Final;org.jboss.windup.reporting:windup-reporting-impl:6.3.7.Final;org.jboss.windup.reporting:windup-reporting-impl:6.3.8.Final;org.jboss.windup.reporting:windup-reporting-impl:6.3.3.Final;org.jboss.windup.reporting:windup-reporting-impl:6.1.3.Final;org.jboss.windup.reporting:windup-reporting-impl:6.1.10.Final;org.jboss.windup.reporting:windup-reporting-impl:6.1.8.Final;org.jboss.windup.reporting:windup-reporting-impl:6.2.5.Final;org.jboss.windup.reporting:windup-reporting-impl:6.2.0.Alpha1;org.jboss.windup.reporting:windup-reporting-impl:6.1.0.Alpha1;org.jboss.windup.reporting:windup-reporting-impl:6.1.4.Final;org.jboss.windup.reporting:windup-reporting-impl:6.3.0.Final;org.jboss.windup.reporting:windup-reporting-impl:6.3.2.Final;org.jboss.windup.reporting:windup-reporting-impl:no_fix;org.jboss.windup.reporting:windup-reporting-impl:6.3.4.Final;org.jboss.weld.probe:weld-probe-core:2.4.2.Final;org.jboss.weld.probe:weld-probe-core:2.4.8.Final;org.jboss.weld.probe:weld-probe-core:3.0.6.Final;org.jboss.weld.probe:weld-probe-core:2.4.3.Final;org.jboss.weld.probe:weld-probe-core:2.3.5.Final;org.jboss.weld.probe:weld-probe-core:3.0.4.Final;org.jboss.weld.probe:weld-probe-core:3.1.0.Beta1;org.jboss.weld.probe:weld-probe-core:3.1.1.Final;org.jboss.weld.probe:weld-probe-core:3.1.4.Final;org.jboss.weld.probe:weld-probe-core:2.3.4.Final;org.jboss.weld.probe:weld-probe-core:3.1.3.Final;org.jboss.weld.probe:weld-probe-core:3.1.5.Final;org.jboss.weld.probe:weld-probe-core:2.3.2.Final;org.jboss.weld.probe:weld-probe-core:2.4.4.Final;org.jboss.weld.probe:weld-probe-core:3.1.2.Final;org.jboss.weld.probe:weld-probe-core:3.0.5.Final;org.apache.camel:camel-example-swagger-xml:2.17.1;org.apache.camel:camel-example-swagger-xml:2.17.1;org.apache.camel:camel-example-swagger-xml:2.17.1;org.apache.camel:camel-example-swagger-xml:2.17.1;org.webjars:handlebars:1.0.rc.1;org.webjars:handlebars:4.0.11;org.webjars:handlebars:2.0.0-alpha.2;org.webjars:handlebars:4.7.6;org.webjars.npm:github-com-alexwolfe-Buttons:no_fix;org.webjars.npm:alpaca:no_fix;org.webjars:openui5:1.28.11;org.webjars:openui5:1.28.16;org.webjars.npm:swagger-tools:no_fix;org.jboss.redhat-fuse.apicurio:fuse-apicurito-generator:no_fix;org.jboss.redhat-fuse.apicurio:fuse-apicurito-generator:no_fix;org.jboss.redhat-fuse.apicurio:fuse-apicurito-generator:no_fix;org.jboss.redhat-fuse.apicurio:fuse-apicurito-generator:no_fix;org.jboss.redhat-fuse.apicurio:fuse-apicurito-generator:no_fix;org.apache.camel:camel-example-servlet-rest-tomcat:2.15.2;org.apache.camel:camel-example-servlet-rest-tomcat:2.15.2;org.apache.camel:camel-example-servlet-rest-tomcat:2.15.1;org.apache.camel:camel-example-servlet-rest-tomcat:2.15.2;org.apache.camel:camel-example-servlet-rest-tomcat:2.15.2;org.apache.camel:camel-example-servlet-rest-tomcat:2.15.2;org.webjars.npm:github-com-gitana-alpaca:no_fix;org.webjars.npm:github-com-Echo360-swagger-ui:no_fix;org.webjars.npm:apidoc:no_fix;io.fabric8.quickstarts.cxf.jaxrs:spring-boot-cxf-jaxrs-xml:no_fix;org.webjars.npm:pouchdb-find:no_fix;org.webjars.npm:swagger-ui-cimpress:no_fix;org.jboss.weld.se:weld-se:2.4.0.Final;org.jboss.weld.se:weld-se:2.4.0.CR1;org.webjars.npm:mirador:no_fix;org.webjars.npm:handlebars:4.1.1;org.webjars.npm:swagger-ui:3.0.2;org.webjars.bower:handlebars:4.0.3;org.webjars.bower:handlebars:4.0.10;org.webjars.bower:jsonpath-object-transform:no_fix;org.webjars.npm:bower:1.8.12;org.webjars:swagger-ui:2.2.8;org.webjars.bower:swagger-ui:3.0.2;org.webjars:jel-camel:no_fix;org.webjars.npm:github-com-jensoleg-swagger-ui:no_fix;org.webjars:browser-sync:no_fix

Learn More

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2019-0103

Good to know:

Date: January 30, 2019

Language: Java

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?