Remote code execution when compiling templateshandlebars
handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
Upgrade to version 4.7.7 or later
Have content suggestions? Visit npmjs.com/support.
publishedAdvisory PublishedMay 6th, 2021
reportedReported by AnonymousMay 6th, 2021