handlebars prior to 3.0.8 or 4.5.3 are vulnerable to prototype pollution. It is possible to add or modify properties to the Object prototype through a malicious template. This may allow attackers to crash the application or execute Arbitrary Code in specific conditions.
Upgrade to version 3.0.8, 4.5.3 or later.
publishedAdvisory PublishedNov 19th, 2019
reportedReported by Vladyslav BabkinNov 18th, 2019