Handlebars Security Vulnerabilities and Issues — Handlebars CVE List

Lucene search

HandlebarsjsHandlebars

4 matches found

CVE•added 2021/04/12 2:15 p.m.•319 views

CVE-2021-23369

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.

9.8CVSS7.5AI score0.04324EPSS

CVE•added 2021/05/04 9:15 a.m.•166 views

CVE-2021-23383

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.

9.8CVSS7.2AI score0.05294EPSS

CVE•added 2020/09/30 6:15 p.m.•158 views

CVE-2019-20920

Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars template...

8.1CVSS8.1AI score0.00524EPSS

CVE•added 2020/09/30 6:15 p.m.•117 views

CVE-2019-20922

Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources.

7.8CVSS7.3AI score0.0025EPSS