2 matches found
CVE-2026-55760
Handlebars.java provides logic-less and semantic Mustache templates with Java. Prior to 4.5.2, applications that pass user-controlled input to Handlebars.compile using FileTemplateLoader or ClassPathTemplateLoader are vulnerable to path traversal, allowing arbitrary file read through template nam...
handlebars.java FileTemplateLoader Path Traversal
Impact Any application that passes user-controlled input to Handlebars.compile using a FileTemplateLoader or ClassPathTemplateLoader is vulnerable to arbitrary file read. This is a realistic attack surface for web applications that use template names from URL path parameters, request parameters, ...