GHSA-q42p-pg8m-cqh6

Published

Last updated

https://github.com/advisories/GHSA-q42p-pg8m-cqh6

Severity

Unknown

Summary

Prototype Pollution in handlebars

Description

Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.

Recommendation

For handlebars 4.1.x upgrade to 4.1.2 or later. For handlebars 4.0.x upgrade to 4.0.14 or later.

References

https://github.com/advisories/GHSA-q42p-pg8m-cqh6
https://github.com/handlebars-lang/handlebars.js/issues/1495
https://github.com/handlebars-lang/handlebars.js/commit/0d6d8c335ad81bad1b672fc56b6a44f6aa472dac
https://github.com/handlebars-lang/handlebars.js/commit/7372d4e9dffc9d70c09671aa28b9392a1577fd86
https://github.com/handlebars-lang/handlebars.js/commit/85c8783b34fc6d36145d8b53885ad0b9e3c3f9c4
https://github.com/handlebars-lang/handlebars.js/commit/cd38583216dce3252831916323202749431c773e
https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692
https://www.npmjs.com/advisories/755

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

GHSA-q42p-pg8m-cqh6

Severity

Summary

Description

Recommendation

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company