Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's proto and defineGetter properties, which may allow an attacker to execute arbitrary code through crafted payloads.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*"
],
"source": "CPE_RANGE",
"vendor_product": "tenable:tenable.sc",
"extracted_events": [
{
"fixed": "5.19.0"
}
]
},
{
"extracted_events": [
{
"introduced": "1.0.6-NA"
},
{
"last_affected": "1.0.6-NA"
}
],
"source": "CPE_STRING",
"vendor_product": "handlebars.js_project:handlebars.js",
"cpes": [
"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.6:-:*:*:*:node.js:*:*"
]
}
]
}{
"source": "CPE_STRING",
"cpe": [
"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.6:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.7:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.8:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.9:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.10:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.11:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:1.0.12:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:1.1.0:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:1.1.1:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:1.1.2:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:1.2.0:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:1.2.1:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:1.3.0:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:2.0.0:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.0:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.1:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.2:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.3:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.4:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.5:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.6:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:3.0.7:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.0:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.1:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.2:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.3:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.4:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.5:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.6:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.7:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.8:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.9:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.10:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.11:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.12:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.13:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:4.0.14:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:4.1.0:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:4.1.1:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:4.1.2:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:4.2.0:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:4.2.1:-:*:*:*:node.js:*:*",
"cpe:2.3:a:handlebars.js_project:handlebars.js:4.2.2:-:*:*:*:node.js:*:*"
],
"extracted_events": [
{
"introduced": "1.0.6-NA"
},
{
"last_affected": "1.0.6-NA"
},
{
"introduced": "1.0.7-NA"
},
{
"last_affected": "1.0.7-NA"
},
{
"introduced": "1.0.8-NA"
},
{
"last_affected": "1.0.8-NA"
},
{
"introduced": "1.0.9-NA"
},
{
"last_affected": "1.0.9-NA"
},
{
"introduced": "1.0.10-NA"
},
{
"last_affected": "1.0.10-NA"
},
{
"introduced": "1.0.11-NA"
},
{
"last_affected": "1.0.11-NA"
},
{
"introduced": "1.0.12-NA"
},
{
"last_affected": "1.0.12-NA"
},
{
"introduced": "1.1.0-NA"
},
{
"last_affected": "1.1.0-NA"
},
{
"introduced": "1.1.1-NA"
},
{
"last_affected": "1.1.1-NA"
},
{
"introduced": "1.1.2-NA"
},
{
"last_affected": "1.1.2-NA"
},
{
"introduced": "1.2.0-NA"
},
{
"last_affected": "1.2.0-NA"
},
{
"introduced": "1.2.1-NA"
},
{
"last_affected": "1.2.1-NA"
},
{
"introduced": "1.3.0-NA"
},
{
"last_affected": "1.3.0-NA"
},
{
"introduced": "2.0.0-NA"
},
{
"last_affected": "2.0.0-NA"
},
{
"introduced": "3.0.0-NA"
},
{
"last_affected": "3.0.0-NA"
},
{
"introduced": "3.0.1-NA"
},
{
"last_affected": "3.0.1-NA"
},
{
"introduced": "3.0.2-NA"
},
{
"last_affected": "3.0.2-NA"
},
{
"introduced": "3.0.3-NA"
},
{
"last_affected": "3.0.3-NA"
},
{
"introduced": "3.0.4-NA"
},
{
"last_affected": "3.0.4-NA"
},
{
"introduced": "3.0.5-NA"
},
{
"last_affected": "3.0.5-NA"
},
{
"introduced": "3.0.6-NA"
},
{
"last_affected": "3.0.6-NA"
},
{
"introduced": "3.0.7-NA"
},
{
"last_affected": "3.0.7-NA"
},
{
"introduced": "4.0.0-NA"
},
{
"last_affected": "4.0.0-NA"
},
{
"introduced": "4.0.1-NA"
},
{
"last_affected": "4.0.1-NA"
},
{
"introduced": "4.0.2-NA"
},
{
"last_affected": "4.0.2-NA"
},
{
"introduced": "4.0.3-NA"
},
{
"last_affected": "4.0.3-NA"
},
{
"introduced": "4.0.4-NA"
},
{
"last_affected": "4.0.4-NA"
},
{
"introduced": "4.0.5-NA"
},
{
"last_affected": "4.0.5-NA"
},
{
"introduced": "4.0.6-NA"
},
{
"last_affected": "4.0.6-NA"
},
{
"introduced": "4.0.7-NA"
},
{
"last_affected": "4.0.7-NA"
},
{
"introduced": "4.0.8-NA"
},
{
"last_affected": "4.0.8-NA"
},
{
"introduced": "4.0.9-NA"
},
{
"last_affected": "4.0.9-NA"
},
{
"introduced": "4.0.10-NA"
},
{
"last_affected": "4.0.10-NA"
},
{
"introduced": "4.0.11-NA"
},
{
"last_affected": "4.0.11-NA"
},
{
"introduced": "4.0.12-NA"
},
{
"last_affected": "4.0.12-NA"
},
{
"introduced": "4.0.13-NA"
},
{
"last_affected": "4.0.13-NA"
},
{
"introduced": "4.0.14-NA"
},
{
"last_affected": "4.0.14-NA"
},
{
"introduced": "4.1.0-NA"
},
{
"last_affected": "4.1.0-NA"
},
{
"introduced": "4.1.1-NA"
},
{
"last_affected": "4.1.1-NA"
},
{
"introduced": "4.1.2-NA"
},
{
"last_affected": "4.1.2-NA"
},
{
"introduced": "4.2.0-NA"
},
{
"last_affected": "4.2.0-NA"
},
{
"introduced": "4.2.1-NA"
},
{
"last_affected": "4.2.1-NA"
},
{
"introduced": "4.2.2-NA"
},
{
"last_affected": "4.2.2-NA"
}
]
}