Severity: high

Prototype Pollution



Versions of handlebars prior to 3.0.8 or 4.5.3 are vulnerable to prototype pollution. It is possible to add or modify properties to the Object prototype through a malicious template. This may allow attackers to crash the application or execute Arbitrary Code in specific conditions.


Upgrade to version 3.0.8, 4.5.3 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Nov 19th, 2019
  2. reported

    Reported by Vladyslav Babkin
    Nov 18th, 2019