handlebars.js is 2.0.0 Security Vulnerabilities CVE-2019-19919, CVE-2021-23369, CVE-2019-20920, and CVE-2015-8861.
search cancel

handlebars.js is 2.0.0 Security Vulnerabilities CVE-2019-19919, CVE-2021-23369, CVE-2019-20920, and CVE-2015-8861.

book

Article ID: 278051

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

We have discovered that the following libraries have serious vulnerabilities registered against them. 

Handlebars.js is 2.0.0. It is subject to the following CVEs: CVE-2019-19919CVE-2021-23369CVE-2019-20920, and CVE-2015-8861.

When will newer versions of the jar files be available and incorporated into the release?

Resolution

The version of handlebars.js is set to upgraded in version 15 due out in 2025.

You can still remove them If you are NOT using the nimsm tasks then they can remove this folder(nimsmintegration\api-docs\lib). We suggest taking a backup to some other location and then remove.

Tasks are highlighted in the below screenshot.

Powered by Wolken Software