VDB
GHSA-Q42P-PG8M-CQH6
GHSA-Q42P-PG8M-CQH6
PUBLISHED
CVSS 7.300000190734863 HIGH
Prototype Pollution in handlebars
Risk Scores
CVSS 3.1
7.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| npm | handlebars | 4.1.0, 0, 4.0.0 |
Timeline
- Jun 5, 2019 CVE Published
- Aug 4, 2021 CVE Updated
References
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692 web
- https://www.npmjs.com/advisories/755 web
- https://github.com/handlebars-lang/handlebars.js/commit/7372d4e9dffc9d70c09671aa28b9392a1577fd86 fix
- https://github.com/handlebars-lang/handlebars.js/commit/85c8783b34fc6d36145d8b53885ad0b9e3c3f9c4 fix
- https://github.com/handlebars-lang/handlebars.js/issues/1495 discussion
- https://github.com/handlebars-lang/handlebars.js/commit/0d6d8c335ad81bad1b672fc56b6a44f6aa472dac fix
- GitHub Advisory GHSA-q42p-pg8m-cqh6 vendor-advisory
- https://github.com/handlebars-lang/handlebars.js/commit/cd38583216dce3252831916323202749431c773e url