VDB

GHSA-7rx3-28cr-v5wh

GHSA-7rx3-28cr-v5wh PUBLISHED CVSS 4.800000190734863 MEDIUM

Handlebars.js has a Prototype Method Access Control Gap via Missing __lookupSetter__ Blocklist Entry

Risk Scores

CVSS 3.1
4.800000190734863
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products

VendorProductVersions
Cloudflareaccess
AWSconfig
npmhandlebars4.6.0, 4.6.0, 4.6.0

Timeline

  • Mar 3, 2026 Security Advisory
  • Mar 29, 2026 CVE Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›