handlebars@4.7.5 vulnerabilities
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
-
latest version
4.7.8
-
latest non vulnerable version
-
first published
13 years ago
-
latest version published
a year ago
-
licenses detected
- >=1.2.0
Direct Vulnerabilities
Known vulnerabilities in the handlebars package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source. POC
How to fix Prototype Pollution? Upgrade |
<4.7.7
|
handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source. POC
How to fix Remote Code Execution (RCE)? Upgrade |
<4.7.7
|