Handlebarsjs

Handlebars

4 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2021-23383

Exploit
  • EPSS 5.85%
  • Published 04.05.2021 09:15:07
  • Last modified 21.11.2024 05:51:36

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.

9.8

CVE-2021-23369

Exploit
  • EPSS 4.04%
  • Published 12.04.2021 14:15:14
  • Last modified 21.11.2024 05:51:35

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.

7.8

CVE-2019-20922

  • EPSS 0.13%
  • Published 30.09.2020 18:15:18
  • Last modified 21.11.2024 04:39:41

Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources.

8.1

CVE-2019-20920

Exploit
  • EPSS 0.34%
  • Published 30.09.2020 18:15:17
  • Last modified 21.11.2024 04:39:41

Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrar...