handlebars is an extension to the Mustache templating language.
Affected versions of this package are vulnerable to Prototype Pollution. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.
handlebars to version 4.0.13 or higher.
Do your applications use this vulnerable package?
- Mahmoud Gamal, Matias Lang
- Snyk ID
- 28 Dec, 2018
- 14 Feb, 2019