Handlebarsjs: >> Handlebars >> 3.0.2 Security Vulnerabilities
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.
CVSS Score
5.6
EPSS Score
0.067
Published
2021-05-04
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
CVSS Score
5.6
EPSS Score
0.075
Published
2021-04-12
Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).
CVSS Score
8.1
EPSS Score
0.005
Published
2020-09-30