bootstrap-wysihtml5-rails 0.3.3.6

1 security vulnerability found in version 0.3.3.6

Prototype Pollution in handlebars

critical severity CVE-2019-19919
critical severity CVE-2019-19919
Unaffected versions: < 0.3.3.5

The bootstrap-wysihtml5-rails gem includes the vendored JavaScript library 'handlebars.js'. Versions 0.3.3.7-0.3.3.8 include handlebars 3.0.2, and versions 0.3.3.5-0.3.3.6 include handlebars 1.3.0.

Versions Affected: 0.3.3.5-0.3.3.8 Not affected: < 0.3.3.5 Fixed Versions: None

Versions of handlebars prior to 3.0.8 or 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Objects' proto and defineGetter properties, which may allow an attacker to execute arbitrary code through crafted payloads.

No officially reported memory leakage issues detected.


This gem version does not have any officially reported memory leaked issues.

No license issues detected.


This gem version has a license in the gemspec.

This gem version is available.


This gem version has not been yanked and is still available for usage.