OESA-2021-1196

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1196

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2021-1196.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2021-1196

Upstream

CVE-2021-23383

Published

2021-05-30T11:02:55Z

Modified

2025-09-03T06:17:18.025816Z

Summary

nodejs-handlebars security update

Details

Handlebars.js is an extension to the Mustache templating language created by Chris Wanstrath. Handlebars.js and Mustache are both logicless templating languages that keep the view and the code separated like we all know they should be.

Security Fix(es):

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.(CVE-2021-23383)

Database specific

{
    "severity": "Critical"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / nodejs-handlebars

Package

Name: nodejs-handlebars
Purl: pkg:rpm/openEuler/nodejs-handlebars&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0.13-2.oe1

Ecosystem specific

{
    "noarch": [
        "nodejs-handlebars-4.0.13-2.oe1.noarch.rpm"
    ],
    "src": [
        "nodejs-handlebars-4.0.13-2.oe1.src.rpm"
    ]
}