CVE-2021-23383 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-23383 PUBLISHED

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.

EPSS 3.18% · 86.9th percentile

Risk Scores

EPSS Score

3.18%

86.9th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:25.10	node-handlebars	0, 3:4.7.7+~4.1.0-1
Ubuntu:20.04:LTS	node-handlebars	0, *, 3:4.5.3-1
Ubuntu:24.04:LTS	node-handlebars	3:4.7.7+~4.1.0-1, 0
Ubuntu:22.04:LTS	node-handlebars	0, 3:4.7.6+~4.1.0-2, 3:4.7.7+~4.1.0-1
Ubuntu:18.04:LTS	node-handlebars	0, *

Timeline

Oct 23, 2018 PoC Published
May 4, 2021 EPSS Score
May 4, 2021 CVE Published
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Jul 27, 2023 EPSS Score
Dec 9, 2023 EPSS Score
Sep 16, 2024 CVE Updated
Mar 17, 2025 EPSS Score
Mar 19, 2025 EPSS Score
Mar 27, 2025 EPSS Score

References

https://ubuntu.com/security/CVE-2021-23383 third-party-advisory
https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427 third-party-advisory
https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029 third-party-advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1279032 third-party-advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1279031 third-party-advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2021-23383 third-party-advisory

Open in Interactive Console →