Severity: high

Prototype Pollution

handlebars

Overview

Versions of handlebars prior to 3.0.8 or 4.5.3 are vulnerable to prototype pollution. It is possible to add or modify properties to the Object prototype through a malicious template. This may allow attackers to crash the application or execute Arbitrary Code in specific conditions.

Remediation

Upgrade to version 3.0.8, 4.5.3 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Nov 19th, 2019
  2. reported

    Reported by Vladyslav Babkin
    Nov 18th, 2019