CVE-2019-19919: Update Handlebars to 4.5.3

General

Escalation

General

Escalation

Description

The handlebars package has the Prototype Pollution vulnerability (CVE-2019-19919).

PMM versions were not affected by this vulnerability, as this package is used as a build dependency only.

Solution: update handlebars to version 4.5.3.

https://github.com/percona/pmm-server/pull/188

NOTE: this must be fixed for pmm1 version only becauthe there is no such page in pmm2

How to test

None

How to document

None

Linked issues

clones

PMM-5226

Prototype Pollution vulnerability (CVE-2019-19919) in handlebars

Smart Checklist

Activity

Show:

Done

Details
Assignee
Unassigned
Reporter
Roma Novikov(Deactivated)
Priority
High
Components
Labels
CVE
Needs QA
Yes
Needs Doc
No
Fix versions
1.17.4
Story Points
1
Sprint
None
Affects versions
1.17.3

Smart Checklist

Created January 28, 2020 at 8:11 AM

Updated November 13, 2024 at 8:32 AM

Resolved February 20, 2020 at 9:35 PM

CVE-2019-19919: Update Handlebars to 4.5.3

Description

How to test

How to document

Linked issues

clones

Smart Checklist

Activity

DetailsAssigneeUnassignedUnassignedReporterRoma NovikovRoma Novikov(Deactivated)PriorityHighComponentsLabelsCVENeeds QAYesNeeds DocNoFix versions1.17.4Story Points1SprintNone+2Affects versions1.17.3

Details

Assignee

Reporter

Priority

Components

Labels

Needs QA

Needs Doc

Fix versions

Story Points

Sprint

Affects versions

Smart ChecklistOpen Smart Checklist

Smart Checklist

Details
Assignee
Unassigned
Reporter
Roma Novikov(Deactivated)
Priority
High
Components
Labels
CVE
Needs QA
Yes
Needs Doc
No
Fix versions
1.17.4
Story Points
1
Sprint
None
Affects versions
1.17.3

Smart Checklist