Severity: high

Prototype Pollution

handlebars

Overview

Versions of handlebars prior to 3.0.8 or 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Objects' __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.

Remediation

Upgrade to version 3.0.8, 4.3.0 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Sep 24th, 2019
  2. reported

    Reported by itszn
    Sep 16th, 2019