Prototype Pollution

2018-12-28T20:34:57
ID NODEJS:755
Type nodejs
Reporter Mahmoud Gamal, Matías Lang
Modified 2019-09-16T15:12:18

Description

Overview

Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.

Recommendation

For handlebars 4.1.x upgrade to 4.1.2 or later. For handlebars 4.0.x upgrade to 4.0.14 or later.