Known exploits in JQuery Version 4.7.6 deployed with Custom Policy Starterpack

Hey,

I just wanted to Inform you that currently in the custom Policy Starterpack the TrustFrameworkBase.xml File comes with Handlebars Runtime version 4.7.6.

This Version has currently two critical exploits:

[CVE-2021-23369](https://nvd.nist.gov/vuln/detail/CVE-2021-23369) CVSS 3.x: 5.6 Medium (Snyk), 9.8 Critical (NVD)
[CVE-2021-23383](https://nvd.nist.gov/vuln/detail/CVE-2021-23383) CVSS 3.x: 5.6 Medium (Snyk), 9.8 Critical (NVD)

A fast fix for this Issue would be to update the Handlebars versions corresponding to: https://learn.microsoft.com/en-us/azure/active-directory-b2c/page-layout#jquery-and-handlebars-versions. The exploit should be closed with update 4.7.7.

Regards, Andreas




Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Known exploits in JQuery Version 4.7.6 deployed with Custom Policy Starterpack #162

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Known exploits in JQuery Version 4.7.6 deployed with Custom Policy Starterpack #162

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions