Lucene search
K

4 matches found

Snyk
Snyk
added 2026/03/29 3:16 p.m.11 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the lookup function. An attacker can access properties that should be restricted by bypassing prototype-access controls...

6.3CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/03/27 6:21 p.m.11 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the resolvePartial and invokePartial functions. An attacker can execute arbitrary code on the server by...

9.2CVSS6.2AI score0.00703EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/27 6:19 p.m.5 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the compile function. An attacker can execute arbitrary code by supplying a crafted Abstract Syntax Tree AST...

9.8CVSS6.2AI score0.0178EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.5 views

PT-2026-28569

Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description Handlebars allows Remote Code Execution RCE through a crafted Abstract Syntax Tree AST object. The Handlebars.compile function accepts either a template string or a pre-parsed AST. When an AS...

9.8CVSS6.3AI score0.0178EPSS
Exploits2References280
Rows per page
Query Builder