Severity: critical

    Remote code execution when compiling templates

    handlebars

    Overview

    handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.

    Remediation

    Upgrade to version 4.7.7 or later

    Resources

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      May 6th, 2021
    2. reported

      Reported by Anonymous
      May 6th, 2021