-
Type: Bug
-
Status: Resolved
-
Priority: Major
-
Resolution: Won't Do
-
Affects Version/s: 2021, 2023.15
-
Component/s: Distribution / Installers
-
Tags:
-
Backlog priority:900
-
Upgrade notes:
-
Sprint:nxplatform #119
-
Story Points:5
Client reported the following CVE with handlebars: https://nvd.nist.gov/vuln/detail/CVE-2021-23383
It seems we use handlebars-1.0.0.js in the nuxeo-rest-api-server module. Found at this location on a Nuxeo instance: nxserver/web/root.war/modules/org.nuxeo.ecm.platform.restapi.server/skin/resources/lib