Impact area
Security
Severity
High
Affected element
ServiceNow
UI Script
Salesforce
Static Resource
Rule number #
SN-JSL-HANDLEBARS-BETWEEN-V4014-V412 (for ServiceNow)
SF-JSL-HANDLEBARS-BETWEEN-V4014-V412 (for Salesforce)
Impact #
Prototype Pollution refers to the ability to inject properties into existing JavaScript language and construct prototypes, such as objects. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.
Remediation
Update the Handlebars JS library to version 4.0.14, 4.1.2 or higher.
Time to fix
30 min
References #
This rule is linked to Common Weakness Enumeration CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’).
