Versions of handlebars
prior to 3.0.8 or 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Objects' __proto__
and __defineGetter__
properties, which may allow an attacker to execute arbitrary code through crafted payloads.
Upgrade to version 3.0.8, 4.3.0 or later.
{ "nvd_published_at": "2019-12-20T23:15:00Z", "cwe_ids": [ "CWE-1321", "CWE-74" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2019-12-26T17:55:40Z" }