Skip to content

Denial of Service in handlebars

Moderate severity GitHub Reviewed Published Sep 3, 2020 • Updated Oct 1, 2021

Package

npm handlebars (npm)

Affected versions

>= 4.0.0, < 4.4.5

Patched versions

4.4.5

Description

Affected versions of handlebars are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.

Recommendation

Upgrade to version 4.4.5 or later.

References

GHSA ID

GHSA-f52g-6jhx-586p