1 matches found
Remote Code Execution (RCE)
handlebars is vulnerable to remote code execution. Access to the constructor in templates is not prohibited, allowing an attacker to inject arbitrary templates into the Handlebars setup and execute arbitrary code...