Prototype Pollution in handlebars
Critical severity
GitHub Reviewed
Published
Dec 26, 2019
to the GitHub Advisory Database
•
Updated Jan 29, 2023
Description
Last updated
Jan 29, 2023
Published to the GitHub Advisory Database
Dec 26, 2019
Reviewed
Dec 26, 2019
Published by the National Vulnerability Database
Dec 20, 2019
Versions of
handlebars
prior to 3.0.8 or 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Objects'__proto__
and__defineGetter__
properties, which may allow an attacker to execute arbitrary code through crafted payloads.Recommendation
Upgrade to version 3.0.8, 4.3.0 or later.
References