Prototype Pollution in handlebars
Critical severity
GitHub Reviewed
Published
Dec 26, 2019
to the GitHub Advisory Database
•
Updated Mar 20, 2023
Description
Published by the National Vulnerability Database
Dec 20, 2019
Reviewed
Dec 26, 2019
Published to the GitHub Advisory Database
Dec 26, 2019
Last updated
Mar 20, 2023
Versions of
handlebarsprior to 3.0.8 or 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Objects'__proto__and__defineGetter__properties, which may allow an attacker to execute arbitrary code through crafted payloads.Recommendation
Upgrade to version 3.0.8, 4.3.0 or later.
References