Severity: high

    Prototype Pollution

    handlebars

    Overview

    Versions of handlebars prior to 3.0.8 or 4.5.3 are vulnerable to prototype pollution. It is possible to add or modify properties to the Object prototype through a malicious template. This may allow attackers to crash the application or execute Arbitrary Code in specific conditions.

    Remediation

    Upgrade to version 3.0.8, 4.5.3 or later.

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      Nov 19th, 2019
    2. reported

      Reported by Vladyslav Babkin
      Nov 18th, 2019