CVE-2019-19919 – nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads

https://notcve.org/view.php?id=CVE-2019-19919

20 Dec 2019 — Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads. Las versiones anteriores a 4.3.0 de handlebars, son vulnerables a la Contaminación de Prototipos conllevando a una ejecución de código remota. Las plantillas pueden alterar las propiedades __proto__ y __defineGetter__ de un Objeto, lo que puede pe... • https://github.com/fazilbaig1/CVE-2019-19919 • CWE-471: Modification of Assumed-Immutable Data (MAID) CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •