handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.
For handlebars 4.1.x upgrade to 4.1.2 or later. For handlebars 4.0.x upgrade to 4.0.14 or later.
publishedAdvisory PublishedFeb 14th, 2019
reportedReported by Mahmoud Gamal, Matías LangDec 28th, 2018