CVE-2021-23383 – handlebars

Package

Manager: npm
Name: handlebars
Vulnerable Version: >=0 <4.7.7

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.06338 pctl0.90661

Details

Prototype Pollution in handlebars The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.

Metadata

Created: 2022-02-10T23:51:42Z
Modified: 2023-11-29T20:30:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-765h-qjxv-5f44/GHSA-765h-qjxv-5f44.json
CWE IDs: ["CWE-1321"]
Alternative ID: GHSA-765h-qjxv-5f44
Finding: F390
Auto approve: 1