Lucene search
K

385 matches found

Snyk
Snyk
added 2026/03/27 6:22 p.m.6 views

Improper Encoding or Escaping of Output

Overview handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the CLI precompiler in lib/precompiler.js. An attacker can execute arbitrary JavaScript in the generated bundle by supplying...

8.4CVSS6.1AI score0.00291EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2026/03/27 6:22 p.m.8 views

4coders-commons (>=0.0.1 <=0.0.2), @11ty/eleventy (=0.3.3) +3644 more potentially affected by CVE-2026-33941 via handlebars (>=4.0.0 <=4.7.8)

handlebars NPM version =4.0.0, =0.0.1, =0.1.0, =0.1.0, =0.0.11, =0.0.52, =0.1.0, =0.0.72, =0.1.0, =1.1.1, =0.0.0-3b548b7bf6ff6554f724240da3a11be924237e6c, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: CVE-2026-33941 Source advisory: OSV:GHSA-XJPJ-3MR7-GCPF...

8.2CVSS7AI score0.00291EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/27 6:22 p.m.7 views

org.webjars.npm:directory-encoder (=0.9.2), org.webjars.npm:engine-handlebars (=0.8.2) +6 more potentially affected by CVE-2026-33941 via org.webjars.npm:handlebars (>=4.0.14 <=4.7.8)

org.webjars.npm:handlebars MAVEN version =4.0.14, =1.5.0, =2.0.0, =2.0.0, =2.1.0, =2.1.1 Source cves: CVE-2026-33941 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15807041...

8.2CVSS7.2AI score0.00291EPSS
Exploits1
Snyk
Snyk
added 2026/03/27 6:22 p.m.2 views

Improper Encoding or Escaping of Output

Overview org.webjars.npm:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the CLI precompiler in lib/precompiler.js. An attacker can execute arbitrary JavaScript in the generated...

8.4CVSS6AI score0.00291EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2026/03/27 6:22 p.m.9 views

4coders-commons (>=0.0.1 <=0.0.2), @11ty/eleventy (=0.3.3) +3644 more potentially affected by CVE-2026-33941 via handlebars (>=4.0.0 <=4.7.8)

handlebars NPM version =4.0.0, =0.0.1, =0.1.0, =0.1.0, =0.0.11, =0.0.52, =0.1.0, =0.0.72, =0.1.0, =1.1.1, =0.0.0-3b548b7bf6ff6554f724240da3a11be924237e6c, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: CVE-2026-33941 Source advisory: SNYK:JS-HANDLEBARS-15807040...

8.2CVSS7AI score0.00291EPSS
Exploits1
OSV
OSV
added 2026/03/27 6:22 p.m.5 views

GHSA-XJPJ-3MR7-GCPF Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

Summary The Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it emits, without any escaping or sanitization. An attacker who can influence template filenames or CLI...

8.2CVSS6AI score0.00291EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/27 6:21 p.m.13 views

Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial

Summary A crafted object placed in the template context can bypass all conditional guards in resolvePartial and cause invokePartial to return undefined. The Handlebars runtime then treats the unresolved partial as a source that needs to be compiled, passing the crafted object to env.compile...

8.1CVSS6AI score0.00703EPSS
Exploits1References5Affected Software1
vulnersOsv
vulnersOsv
added 2026/03/27 6:21 p.m.6 views

4coders-commons (>=0.0.1 <=0.0.2), @11ty/eleventy (=0.3.3) +3644 more potentially affected by CVE-2026-33940 via handlebars (>=4.0.0 <=4.7.8)

handlebars NPM version =4.0.0, =0.0.1, =0.1.0, =0.1.0, =0.0.11, =0.0.52, =0.1.0, =0.0.72, =0.1.0, =1.1.1, =0.0.0-3b548b7bf6ff6554f724240da3a11be924237e6c, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: CVE-2026-33940 Source advisory: OSV:GHSA-XHPV-HC6G-R9C6...

8.1CVSS6.3AI score0.00703EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/27 6:21 p.m.9 views

org.webjars.npm:directory-encoder (=0.9.2), org.webjars.npm:engine-handlebars (=0.8.2) +6 more potentially affected by CVE-2026-33940 via org.webjars.npm:handlebars (>=4.0.14 <=4.7.8)

org.webjars.npm:handlebars MAVEN version =4.0.14, =1.5.0, =2.0.0, =2.0.0, =2.1.0, =2.1.1 Source cves: CVE-2026-33940 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15803087...

8.1CVSS6.1AI score0.00703EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/27 6:21 p.m.7 views

4coders-commons (>=0.0.1 <=0.0.2), @11ty/eleventy (=0.3.3) +3644 more potentially affected by CVE-2026-33940 via handlebars (>=4.0.0 <=4.7.8)

handlebars NPM version =4.0.0, =0.0.1, =0.1.0, =0.1.0, =0.0.11, =0.0.52, =0.1.0, =0.0.72, =0.1.0, =1.1.1, =0.0.0-3b548b7bf6ff6554f724240da3a11be924237e6c, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: CVE-2026-33940 Source advisory: SNYK:JS-HANDLEBARS-15803086...

8.1CVSS6.3AI score0.00703EPSS
Exploits1
Snyk
Snyk
added 2026/03/27 6:21 p.m.4 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview org.webjars.npm:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the resolvePartial and invokePartial functions. An attacker can execute arbitrary code on th...

9.2CVSS6.2AI score0.00703EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/27 6:21 p.m.10 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the resolvePartial and invokePartial functions. An attacker can execute arbitrary code on the server by...

9.2CVSS6.2AI score0.00703EPSS
Exploits1References3
OSV
OSV
added 2026/03/27 6:21 p.m.4 views

GHSA-XHPV-HC6G-R9C6 Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial

Summary A crafted object placed in the template context can bypass all conditional guards in resolvePartial and cause invokePartial to return undefined. The Handlebars runtime then treats the unresolved partial as a source that needs to be compiled, passing the crafted object to env.compile...

8.1CVSS6AI score0.00703EPSS
Exploits1References5
Snyk
Snyk
added 2026/03/27 6:21 p.m.5 views

Improper Check for Unusual or Exceptional Conditions

Overview handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions through the registerDecorator path in lib/handlebars/compiler/javascript-compiler.js. An attacker can crash the Node.js...

8.7CVSS5.9AI score0.00616EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/27 6:21 p.m.16 views

Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation

Summary When a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. The runtime then immediately invokes the result as a function, causing an unhandled TypeError: ... is not ...

7.5CVSS6AI score0.00616EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/03/27 6:21 p.m.4 views

Improper Check for Unusual or Exceptional Conditions

Overview org.webjars.npm:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions through the registerDecorator path in lib/handlebars/compiler/javascript-compiler.js. An attacker can...

8.7CVSS5.7AI score0.00616EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/03/27 6:21 p.m.7 views

4coders-commons (>=0.0.1 <=0.0.2), @11ty/eleventy (=0.3.3) +3644 more potentially affected by CVE-2026-33939 via handlebars (>=4.0.0 <=4.7.8)

handlebars NPM version =4.0.0, =0.0.1, =0.1.0, =0.1.0, =0.0.11, =0.0.52, =0.1.0, =0.0.72, =0.1.0, =1.1.1, =0.0.0-3b548b7bf6ff6554f724240da3a11be924237e6c, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: CVE-2026-33939 Source advisory: SNYK:JS-HANDLEBARS-15807042...

7.5CVSS7AI score0.00616EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/27 6:21 p.m.5 views

4coders-commons (>=0.0.1 <=0.0.2), @11ty/eleventy (=0.3.3) +3644 more potentially affected by CVE-2026-33939 via handlebars (>=4.0.0 <=4.7.8)

handlebars NPM version =4.0.0, =0.0.1, =0.1.0, =0.1.0, =0.0.11, =0.0.52, =0.1.0, =0.0.72, =0.1.0, =1.1.1, =0.0.0-3b548b7bf6ff6554f724240da3a11be924237e6c, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: CVE-2026-33939 Source advisory: OSV:GHSA-9CX6-37PM-9JFF...

7.5CVSS7AI score0.00616EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/27 6:21 p.m.7 views

org.webjars.npm:directory-encoder (=0.9.2), org.webjars.npm:engine-handlebars (=0.8.2) +6 more potentially affected by CVE-2026-33939 via org.webjars.npm:handlebars (>=4.0.14 <=4.7.8)

org.webjars.npm:handlebars MAVEN version =4.0.14, =1.5.0, =2.0.0, =2.0.0, =2.1.0, =2.1.1 Source cves: CVE-2026-33939 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15807043...

7.5CVSS7.2AI score0.00616EPSS
Exploits1
OSV
OSV
added 2026/03/27 6:21 p.m.2 views

GHSA-9CX6-37PM-9JFF Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation

Summary When a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. The runtime then immediately invokes the result as a function, causing an unhandled TypeError: ... is not ...

7.5CVSS6AI score0.00616EPSS
Exploits1References5
Rows per page
Query Builder