Prototype Pollution in handlebars
Published: May 04, 2021
SECURITY IDENTIFIERS
- CVE: CVE-2021-23383 (NVD)
- GHSA: GHSA-765h-qjxv-5f44
GEM
SEVERITY
CVSS v3.x: 9.8 (Critical)
PATCHED VERSIONS
>= 4.7.7
DESCRIPTION
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source. This vulnerability has been assigned the CVE identifier CVE-2021-23383.