Lucene search
K

4 matches found

Snyk
Snyk
added 2026/03/29 3:17 p.m.6 views

Prototype Pollution

Overview org.webjars.npm:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Prototype Pollution in the protoAccessControl function. An attacker can gain unauthorized access to prototype methods by referencing lookupSetter in templat...

6.3CVSS6.3AI score
Exploits0References2
Snyk
Snyk
added 2026/03/29 3:17 p.m.9 views

Prototype Pollution

Overview handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Prototype Pollution in the protoAccessControl function. An attacker can gain unauthorized access to prototype methods by referencing lookupSetter in templates through...

6.3CVSS6.5AI score
Exploits0References2
OSV
OSV
added 2026/03/29 3:17 p.m.3 views

GHSA-7RX3-28CR-V5WH Handlebars.js has a Prototype Method Access Control Gap via Missing __lookupSetter__ Blocklist Entry

Summary The prototype method blocklist in lib/handlebars/internal/proto-access.js blocks constructor, defineGetter, defineSetter, and lookupGetter, but omits the symmetric lookupSetter. This omission is only exploitable when the non-default runtime option allowProtoMethodsByDefault: true is...

4.8CVSS5.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/29 3:17 p.m.12 views

Handlebars.js has a Prototype Method Access Control Gap via Missing __lookupSetter__ Blocklist Entry

Summary The prototype method blocklist in lib/handlebars/internal/proto-access.js blocks constructor, defineGetter, defineSetter, and lookupGetter, but omits the symmetric lookupSetter. This omission is only exploitable when the non-default runtime option allowProtoMethodsByDefault: true is...

9.8CVSS5.9AI score0.04506EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder